I have built a database called jobs, and I am trying to insert data into it via an html form, that calls a php file. After submitting the form I see the following error in the console.
ERROR: Could not able to execute INSERT INTO jobs (id, title, pay, description, location, max_people, people_going, tasks, start_time, end_time, start, end)
VALUES (Default, 'testTitle', '4.00', 'testd', 'testl', '4', '1', 'testt', '13:00:00', '14:00:00', '2016-05-31 13:00:00', '2016-05-31 14:00:00').
I can manually input data through phpMyadmin, this only happens if I try to update the database via the form. I am relatively new to working with databases, so I am sure it is something very simple. I would appreciate any help that can be given.
The database is laid out as follows and nothing can be Null:
id type:int,auto increment
title type:varchar
pay type:decimal(15,2)
description type:text
location type:text
max_people type:int
people_going type:int
tasks:text
start_time type:time
end_time type:time
start type:datetime
end type:datetime
insert.php
<?php
/* Attempt MySQL server connection. Assuming you are running MySQL
server with default setting (user 'root' with no password) */
$host= "localhost";
$user= "";
$pass= "";
$link = mysql_connect($host, $user, $pass);
// Check connection
if($link === false){
die("ERROR: Could not connect. " . mysqli_connect_error());
}
// Escape user inputs for security
$job_title = $_POST['j_title'];
$job_pay = $_POST['j_pay'];
$job_start_time = $_POST['j_start'];
$job_end_time = $_POST['j_end'];
$original_job_date = $_POST['j_date'];
$job_summary = $_POST['j_description'];
$job_location = $_POST['j_location'];
$job_people = $_POST['j_people'];
$job_tasks = $_POST['j_tasks'];
$j_going=1;
$job_date=date('Y-m-d',strtotime("$original_job_date"));
$event_start= date('Y-m-d H:i:s', strtotime("$job_date $job_start_time"));
$event_end= date('Y-m-d H:i:s', strtotime("$job_date $job_end_time"));
// attempt insert query execution
$sql = "INSERT INTO jobs (id, title, pay, description, location, max_people, people_going, tasks, start_time, end_time, start, end) VALUES (DEFAULT, '$job_title', '$job_pay', '$job_summary', '$job_location', '$job_people', '$j_going', '$job_tasks', '$job_start_time', '$job_end_time', '$event_start', '$event_end')";
if(mysqli_query($link, $sql)){
echo "Records added successfully.";
} else{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
}
// close connection
mysqli_close($link);
?>
Form code from job_creation.html
<div class="container container-wide z-index">
<h2>Job Creation</h2>
<form class='rd-mailform row' id="job_form" method="post" action="insert.php">
<!-- RD Mailform Type -->
<input type="hidden" name="form-type" value="contact"/>
<!-- END RD Mailform Type -->
<div class="col-xs-12 col-sm-6">
<div class="form-group">
<label class="form-label" data-add-placeholder for="j_title">Job Title</label>
<input id="j_title"
type="text"
name="j_title"
/>
</div>
<div class="form-group">
<label class="form-label" data-add-placeholder for="j_pay">Job Pay</label>
<input id="j_pay"
type="number"
min="0"
step="0.01"
data-number-to-fixed="2"
data-number-stepfactor="100"
name="j_pay"
/>
</div>
<div class="form-group">
<label class="form-label" data-add-placeholder for="j_start">Job Start Time</label>
<input id="j_start"
class="time"
type="text"
name="j_start"
/>
</div>
<div class="form-group">
<label class="form-label" data-add-placeholder for="j_end">Job End Time</label>
<input id="j_end"
class="time"
type="text"
name="j_end"
/>
</div>
<div class="form-group">
<label class="form-label" data-add-placeholder for="j_date">Job Date</label>
<input id="j_date"
class="datepicker"
type="text"
name="j_date"
/>
</div>
<div class="form-group">
<label class="form-label" data-add-placeholder for="j_location">Job Location</label>
<input id="j_location"
type="text"
name="j_location"
/>
</div>
<div class="form-group">
<label class="form-label" data-add-placeholder for="j_people">Number of People</label>
<input id="j_people"
type="number"
name="j_people"
/>
</div>
</div>
<div class="col-xs-12 col-sm-6">
<div class="form-group textarea">
<label class="form-label" data-add-placeholder for="j_description">Job Description</label>
<textarea id="j_description"
name="j_description"
></textarea>
</div>
<div class="form-group textarea">
<label class="form-label" data-add-placeholder for="j_tasks">What Needs to be Done</label>
<textarea id="j_tasks"
name="j_tasks"
></textarea>
</div>
</div>
<div class="form-group btn-wr text-center">
<input type="submit" class="btn btn-sm btn-success" value="Create Job" >
<div class="mfInfo"></div>
</div>
</form>
</div>
Solved
Solution: There were actually multiple problems with the code. After removing the quotes around the integers and decimals, as well as switching all of my statements to use mysqli; I was given the error that it could not connect to a database. This was fixed by adding mysqli_connect to the code, as well as a few variables.
Try this one
$sql = "INSERT INTO jobs (`title`, `pay`, `description`, `location`, `max_people`, `people_going`, `tasks, `start_time, `end_time`, `start`, `end`) VALUES ('$job_title', '$job_pay', '$job_summary', '$job_location', '$job_people', '$j_going', '$job_tasks', '$job_start_time', '$job_end_time', '$event_start', '$event_end')";
start and end is reserved words from MySQL
Related
how do I foreach through html input form and insert multiple rows or one based on a selected date field? in other words when a user enters "name" "description" and "shift" and then selects either one date or more then one. PHP will then enter the same information for either one new row or multiples based on how many dates were selected.
<?php
if(isset($_REQUEST['submit']))
{
/* Attempt MySQL server connection. Assuming you are running MySQL
server with default setting (user 'root' with no password) */
$link = mysqli_connect("localhost", "xxxx", "xxxx", "xxxx");
// Check connection
if($link === false){
die("| ERROR: Could not connect. " . mysqli_connect_error());
}
$name = mysqli_real_escape_string($link, $_REQUEST['name']);
$desc = mysqli_real_escape_string($link, $_REQUEST['description']);
$shift = mysqli_real_escape_string($link, $_REQUEST['shift']);
$date = mysqli_real_escape_string($link, $_REQUEST['daterange']);
$sql = "insert into db (name,description,shift,evdate) values ('$name', ' $desc','$shift','$date')";
$sql2 = "insert into db (name,description,shift,evdate) values ('$name', ' '$desc','$shift','$insert')";
if ($date=0) {
$result = mysqli_query($link, $sql);
}else{
$daterange = explode(',',$date);
foreach($daterange as $insert) {
$result = mysqli_query($link, $sql2);
}
}
if(mysqli_query($link, $sql)){
echo "";
} else{
echo "| ERROR: Could not able to execute $sql. " . mysqli_error($link);
}
if ($link->multi_query($sql) === TRUE) {
echo "It Worked..... Maybe!!!!!!";
} else {
echo "Error: " . $sql . "<br>" . $link->error;
}
}
$link->close();
?>
<form action="test_insert.php" method="post">
<div class="col col-lg-2 col-lg-offset-0">
<div class="form-group col-lg-offset-0 col-lg-12">
<label for="Name">Employee Name:</label>
<input type="text" name="name" placeholder="First & Last Name" id="name" required>
<p class="help-block col-lg-12">First and Last Name Please.</p>
</div>
</div>
<div class="col col-lg-offset-0 col-lg-2">
<div class="form-group col-lg-12">
<label for="description">Description:</label>
<input type="text" name="description" id="description" placeholder="description..." required>
<p class="help-block">For Example: "Vacation Full Day" or "PTO 2 Hours." </p>
</div>
</div>
<div class="col col-lg-offset-0 col-lg-3">
<label for="shift">Shift:</label><br>
<input type="radio" name="shift" value="First Shift" id="shift" checked> First Shift |
<input type="radio" name="shift" value="Second Shift" id="shift"> Second Shift |
<input type="radio" name="shift" value="Third Shift" id="shift"> Third Shift
<p class="help-block">Select Correct Shift Worked.</p>
</div>
<div class="col col-lg-offset-0 col-lg-3">
<div class="form-group col-lg-10">
<label for="date2">Date/Dates:</label>
<input type="text" id="datepicker1" name="daterange" placeholder="Select Your Date" />
</div>
<div class="form-group col-lg-10">
<label for="date2">Date/Dates:</label>
<input type="text" id="datepicker2" name="daterange" placeholder="Select Your Date" />
</div>
<div class="form-group col-lg-10">
<label for="date2">Date/Dates:</label>
<input type="text" id="datepicker3" name="daterange" placeholder="Select Your Date" />
</div>
<div class="form-group col-lg-10">
<label for="date2">Date/Dates:</label>
<input type="text" id="datepicker4" name="daterange" placeholder="Select Your Date" />
</div>
<div class="form-group col-lg-10">
<label for="date2">Date/Dates:</label>
<input type="text" id="datepicker5" name="daterange" placeholder="Select Your Date" />
</div>
<div class="form-group col-lg-6">
<input type="submit" name="submit" class= "btn btn-primary">
</div>
</div>
</div>
</form>
Think the best way is to use AJAX,
Then with the response as a string you make a table or foreach in php as a string and then use the .html adapter to output the newly made data.
function submitForm(form){
var url = form.attr("action");
var formData = {};
$(form).find("input[name]").each(function (index, node) {
formData[node.name] = node.value;
});
$.post(url, formData).done(function (data) {
$('#showresults').html(result);
});
}
A value is being stored in the database but it is not the one i am expecting. I tried many methods before but this one kind of seems to work but the file name is not being stored and when I try to download the file directly from the database, it downloads a .bin file format which looks something like table_Name-column_Name.bin. The file name being stored is BLOB - ## B.
My Form
<form class="form-horizontal" method="post" action="productsValidate.php" name="myForm" enctype="multipart/form-data">
<fieldset>
<legend>Add Product</legend>
<div class="form-group">
<label for="Product_Name" class="col-lg-2 control-label">Product Name</label>
<div class="col-lg-10">
<input type="text" class="form-control" id="Product_Name" placeholder="Name" required="required" name="Product_Name">
</div>
</div>
<div class="form-group">
<label for="Size" class="col-lg-2 control-label">Size</label>
<div class="col-lg-10">
<input type="text" class="form-control" id="Size" placeholder="Size" required="required" name="Size">
</div>
</div>
<div class="form-group">
<label for="Color" class="col-lg-2 control-label">Color</label>
<div class="col-lg-10">
<input type="text" class="form-control" id="Color" placeholder="Size" required="required" name="Color">
</div>
</div>
<div class="form-group">
<label for="price" class="col-lg-2 control-label">Price</label>
<div class="col-lg-10">
<input type="number" class="form-control" id="price" placeholder="price" required="required" name="price">
</div>
</div>
<div class="form-group">
<label for="image" class="col-lg-2 control-label">Select Image</label>
<div class="col-lg-10">
<input type="file" name="image" id="image">
</div>
</div>
<div class="form-group">
<label for="categoryId" class="col-lg-2 control-label">Category Id</label>
<div class="col-lg-10">
<?php
//your connection to the db and query would go here
include "../include/settings.php";
$conn = new mysqli($host, $user, $pwd, $sql_db);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT distinct Category_Id FROM products";
$result = mysqli_query($conn, $sql);
?>
<select id="categoryId" name="categoryId">
<option value = ""></option>
<?php
while($row = mysqli_fetch_array($result)) {
echo '<option value='.$row['Category_Id'].'>'.$row['Category_Id'].'</option>';
}
?>
</select>
</div>
</div>
<div class="form-group">
<label for="description" class="col-lg-2 control-label">Description</label>
<div class="col-lg-10">
<textarea type="text" class="form-control" id="description" placeholder="Description" required="required" name="description" pattern="[\sA-Za-z]+"></textarea>
</div>
</div>
<div class="form-group">
<div class="col-lg-6 col-lg-offset-2">
<button type="submit" class="btn btn-primary">Add Product</button>
</div>
</div>
</fieldset>
</form>
My Form validation
<?php
$name = $_POST["Product_Name"];
$size = $_POST["Size"];
$color = $_POST["Color"];
$price = $_POST["price"];
$image = addslashes($_FILES['image']['tmp_name']);
$image = file_get_contents($image);
$image = base64_encode($image);
$image=basename( $_FILES["image"]["tmp_name"],".jpg");
$category = $_POST['categoryId'];
$description = $_POST['description'];
insertProduct($name, $size, $color, $price, $image, $category, $description);
function insertProduct($name, $size, $color, $price, $image, $category, $description){
require_once ("../include/settings.php"); // Load MySQL log in credentials
$conn = #mysqli_connect ($host,$user,$pwd,$sql_db); // Log in and use database
if ($conn) { // check is database is avialable for use
$query = "INSERT INTO products
(Product_Id, Product_Name, Size, Color, Price, Picture, Category_Id, Description)
VALUES ('', '$name', '$size', '$color', '$price', '$image', '$category', '$description')";
$result = mysqli_query ($conn, $query);
if ($result) { // check if query was successfully executed
echo 'Successfully Added';
} else {
echo 'Product could not be added';
}
mysqli_close ($conn); // Close the database connect
} else {
echo "<p>Unable to connect to our database for adding the product.</p>";
}
}
?>
I guess you're trying to store the actual encoded image in the database, not a pointer to it. It looks to me like your eleven-byte BLOB has the pointer in it instead.
Your code contains this sequence of lines.
$image = addslashes($_FILES['image']['tmp_name']);
$image = file_get_contents($image);
$image = base64_encode($image);
$image=basename( $_FILES["image"]["tmp_name"],".jpg");
The third line puts an encoded, not binary, version of the image into a text string. That's close to what you want, but you probably should not base64-encode it if you're putting in a BLOB.
The fourth line discards the image itself and overwrites it with an image name. I think that's wrong.
If you're going to use BLOB data this way, you also need to use mysqli's facilities to prepare your SQL statements, and then bind your parameters. The bind_param() function gives you a way to declare a parameter to be a blob. That's better than trying to trick php's string processing into accepting it.
All that being said, most people use a file system or content server rather than BLOBs to store and serve images to web clients. BLOB programming is a pain in the neck. Also, using a DBMS to store and retrieve images quickly becomes a performance bottleneck in an application that scales up.
I'm doing a e-commerce admin panel and I need a quick script for inserting data into MySQL. Here's what i've done and it does nothing.
<form action="#" id="form_sample_1" class="form-horizontal" method="post">
<div class="control-group">
<label class="control-label">Package Name<span class="required">*</span></label>
<div class="controls">
<input type="text" name="pkg_name" data-required="1" class="span6 " value=""/>
</div>
</div>
<div class="control-group">
<label class="control-label">Package Price <span class="required">*</span><small>(In Dollars)</small></label>
<div class="controls">
<input name="pkg_price" type="number" class="span6 " value=""/>
</div>
</div>
<div class="control-group">
<label class="control-label">Package Contains</label>
<div class="controls">
<input name="pkg_contains" type="text" class="span6 " value=""/>
</div>
</div>
<div class="control-group">
<label class="control-label">Your Password</label>
<div class="controls">
<input name="sifre" type="password" class="span6 " value=""/>
</div>
</div>
<div class="form-actions">
<button type="button"name="btn" class="btn btn-primary">Send request to server.</button>
</div>
</form>
<!-- END FORM-->
</div> <!--widget box light-grey end-->
<!-- Mass PHP starts here! -->
<?php
echo mysql_error();
include("include/baglan.php");
// set posts here.
$_POST['pkg_name'] = $pkg_name;
$_POST['pkg_price'] = $pkg_price;
$_POST['pkg_contains'] = $pkg_contains;
$sifre = mysql_real_escape_string(md5($_POST['sifre']));
if($_POST['btn'] and $_POST["sifre"] = $sifre){
mysql_query("INSERT INTO packages (pkg_name, pkg_price,pkg_contains) VALUES $pkg_name $pkg_price $pkg_contains");
echo "Success.";
}
else {
echo mysql_error();}
It returns nothing! I've re-written all code but nothing! please help me. The databae variables are;
id, auto incerment
pkg_name text
pkg_price int
pkg_contains mediumtext
Assign variable name should be the left side.
// set posts here.
$pkg_name=$_POST['pkg_name'];
$pkg_price=$_POST['pkg_price'];
$pkg_contains=$_POST['pkg_contains'];
Values() is function, put all vars in bracket and split them with ','.
mysql_query("INSERT INTO packages (pkg_name, pkg_price,pkg_contains) VALUES($pkg_name,$pkg_price,$pkg_contains)");
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 6 years ago.
I am trying to make a simple appeal form that the data gets posted to a SQL database. But when i submit, either nothing happens, or blank data gets submitted.
Heres my form:
<form class="form-horizontal" role="form" action="insert.php" method="post">
<div class="form-group">
<label for="user" class="col-sm-2 control-label">
Username:
</label>
<div class="col-sm-10">
<input type="text" class="form-control" name="user" id="user" placeholder="DiscordTag#0000" />
</div>
</div>
<div class="form-group">
<label for="date" class="col-sm-2 control-label">
Date of ban:
</label>
<div class="col-sm-10">
<input type="date" class="form-control" name="date" id="date" placeholder="mm/dd/yy" />
</div>
</div>
<div class="form-group">
<label for="admin" class="col-sm-2 control-label">
Who banned you?
</label>
<div class="col-sm-10">
<input type="text" class="form-control" name="admin" id="admin" />
</div>
</div>
<div class="form-group">
<label for="appeal" class="col-sm-2 control-label">
Appeal:
</label>
<div class="col-sm-10">
<textarea class="form-control" rows="4" name="appeal" id="appeal"></textarea>
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<button type="submit" class="btn btn-default">
Submit
</button>
</div>
</div>
</form>
And here is my insert.php
<html>
<?
error_reporting(E_ALL);
$db_host = 'redacted';
$db_username = 'redacted';
$db_password = 'redacted';
$db_name = 'redacted';
if( $_POST )
{
$conn = mysql_connect( $db_host, $db_username, $db_password);
if (!$conn)
{
die('Could not connect: ' . mysql_error());
} else {
mysql_select_db("redacted");
}
$user = $_POST['user'];
$date = $_POST['date'];
$admin = $_POST['admin'];
$appeal = $_POST['appeal'];
$sql = 'INSERT INTO appeals' . '(user, date, admin, appeal)'
.'VALUES ($user, $date, $admin, $appeal)';
$retval = mysql_query( $sql, $conn );
if(! $retval ) {
die('Could not enter data: ' . mysql_error());
}
echo "<h2>Your appeal has been submitted.</h2>";
mysql_close($conn);
}
?>
</html>
How can i make it submit all of the form data directly into my SQL table?
Use "INSERT INTO appeals (user, date, admin, appeal) VALUES ('".$user."', '".$date."', '".$admin."', '".$appeal."')";
And sanitize, because you are asking for an sql injection.
Hey I am trying to get this code running for the past few days now. I do not know what is the problem. Whenever I run the code I can see it running but an empty row gets inserted. Basically I ave tried to hard code the data and the data gets inserted. Here is the HTML form:
<form action="register.php" id="contactForm" type="post">
<div class="row">
<div class="form-group">
<div class="col-md-6">
<label>First name *</label>
<input type="text" class="form-control" name="fname" >
</div>
<div class="col-md-6">
<label>Last name *</label>
<input type="text" class="form-control" name="lname" >
</div>
</div>
</div>
<div class="row">
<div class="form-group">
<div class="col-md-6">
<label>Gender *</label><br>
<select name="gender">
<option> Male </option>
<option> Female </option>
</select>
</div>
<div class="col-md-6">
<label>Stream *</label><br>
<select name="stream">
<option> B-Tech </option>
<option> M-Tech </option>
</select>
</div>
</div>
</div>
<div class="row">
<div class="form-group">
<div class="col-md-6">
<label>Email *</label>
<input type="text" class="form-control" name="email" >
</div>
<div class="col-md-6">
<label>Mobile *</label>
<input type="text" class="form-control" name="mobile">
</div>
</div>
</div>
<div class="row">
<div class="form-group">
<div class="col-md-6">
<label>College *</label>
<input type="text" class="form-control" name="college" >
</div>
<div class="col-md-6">
<label>Job Kind *</label>
<input type="text" class="form-control" name="job" >
</div>
</div>
</div>
<div class="row">
<div class="col-md-12">
    
<input type="submit" value="Register" class="btn btn-primary btn-lg"
data-loading-text="Loading..." name="submit">
</div>
</div>
</form>
Here is the registration.php
<?php
$connection = mysql_connect("EDITED by billy, was an I.P and port number", "user", "password"); // Establishing Connection with Server
$db = mysql_select_db("Registrations_connect", $connection); // Selecting Database from Server
$first_name = $_POST["fname"];
$last_name = $_POST["lname"];
$sex = $_POST["gender"];
$field = $_POST["stream"];
$contact = $_POST["mobile"];
$eaddress = $_POST["email"];
$institute = $_POST["college"];
$naukri = $_POST["job"];
$query = mysql_query("insert into students(fname, lname, gender, stream, mobile, email, college, job)
values ('$name', '$last_name', '$sex', '$field','$contact', '$eaddress', '$intitute', '$naukri')");
echo "<br/><br/><span>Data Inserted successfully...!!</span>";
mysql_close($connection); // Closing Connection with Server
?>
After running; In the inspect element I checked the response:- It shows Data Inserted successfully but actually an empty row is getting inserted. Basically what i think I am not able to correctly grab the data properly from form. Can somebody please check what is the problem. It will be a great help.
The attribute is method, not type. This typo is causing your form to process a GET rather than a POST. So all your variable assignments are wrong.
$first_name = $_POST["fname"];
would be
$first_name = $_GET["fname"];
or you could use the $_REQUEST; or you can just correct the attribute,
<form action="register.php" id="contactForm" method="post">
Your code also is wide open to SQL injections and is using the deprecated mysql_ functions. You should update to mysqli or pdo and be using prepared statements with parameterized queries.
More on SQL injections:
http://php.net/manual/en/security.database.sql-injection.phpHow can I prevent SQL injection in PHP?https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet#Defense_Option_1:_Prepared_Statements_.28Parameterized_Queries.29