i am trying to insert details to the db. it runs a success message but doesnt insert any data to the db. tried different ways but still no data is inserted to the db.
i have updated my code to show the whole process.
code:
<?php
$con = mysqli_connect("localhost","root","","the_official_one");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
if(isset($_POST['submit'])){
$prod_name = strtoupper($_POST['prod_name']);
$prod_brand = $_POST['prod_brand'];
$prod_cat = $_POST['prod_model'];
$prod_price = $_POST['prod_price'];
$prod_desc = $_POST['prod_desc'];
$prod_qty = $_POST['prod_qty'];
$d = date("Y-m-d");
mysqli_query($con,"INSERT into products(product_cat, product_brand, product_title, product_price, product_desc, product_qty, product_image, date)
VALUES ('" . $prod_cat . "','" . $prod_brand . "','" . $prod_name . "','" .$prod_price . "','" . $prod_desc . "','" . $prod_qty . "', '" . $prod_name . "', '" . $d . "')");
$uniq_id = mysqli_insert_id($con);
echo $uniq_id." ";
foreach($_FILES['product_image']['tmp_name'] as $key => $tmp_name){
$name = $_FILES['product_image']['name'][$key];
$tmpname = $_FILES['product_image']['tmp_name'][$key];
$type = $_FILES['product_image']['type'][$key];
$size = $_FILES['product_image']['size'][$key];
mkdir("product_images/$prod_name/");
$dir = "product_images/$prod_name/";
$move = move_uploaded_file($tmpname, $dir.$name);
$path = "$prod_name/".$_FILES['product_image']['name'][$key];
$img = $_FILES['product_image']['name'][$key];
if($move) {
$sql = mysqli_query($con,"INSERT into product_images(prod_id, image) VALUES ('".$uniq_id."', '".$img."')");
$query = mysqli_query($con,"update products set product_image_1='$path' where product_title='$prod_name'");
if($query) {
header('location: add_prods.php?message=success');
} else {
header('location: add_prods.php?message=failed');
}
} else {
echo '<hr>Picture upload failed<br /><hr />';
}
}
}
?>
the code with error is:
mysqli_query($con,"INSERT into products(product_cat, product_brand, product_title, product_price, product_desc, product_qty, product_image, date)
VALUES ('" . $prod_cat . "','" . $prod_brand . "','" . $prod_name . "','" .$prod_price . "','" . $prod_desc . "','" . $prod_qty . "', '" . $prod_name . "', '" . $d . "')");
mysqli_autocommit($con,TRUE);
mysqli_query($con,"INSERT into products(product_cat, product_brand, product_title, product_price, product_desc, product_qty, product_image, date)
VALUES ('" . $prod_cat . "','" . $prod_brand . "','" . $prod_name . "','" .$prod_price . "','" . $prod_desc . "','" . $prod_qty . "', '" . $prod_name . "', '" . $d . "')");
OR
mysqli_commit($con);
Either way you should think about closing the connection when you are done.
mysqli_close($con);
if neither of those work, try outputting the content of
mysqli_query($con,"INSERT into products(product_cat, product_brand, product_title, product_price, product_desc, product_qty, product_image, date)
VALUES ('" . $prod_cat . "','" . $prod_brand . "','" . $prod_name . "','" .$prod_price . "','" . $prod_desc . "','" . $prod_qty . "', '" . $prod_name . "', '" . $d . "')"
to see what is going wrong.
Either way Escape the variables if you havent before building that query to prevent SQL Injection.
Related
It couldn't store the data to mysql. What to do? All variable and file name are correct.
<?php
require 'connection.php';
$conn = Connect();
$id =$conn->real_escape_string ($_POST['id']);
$name = $conn->real_escape_string ($_POST['name']);
$phone = $conn->real_escape_string ($_POST['phone']);
$address = $conn->real_escape_string ($_POST['address']);
$city = $conn->real_escape_string ($_POST['city']);
$zip = $conn->real_escape_string ($_POST['zip']);
$state = $conn->real_escape_string ($_POST['state']);
$item = $conn->real_escape_string ($_POST['item']);
$status = $conn->real_escape_string ($_POST['status']);
$enquiry_date = $conn->real_escape_string ($_POST['enquiry_date']);
$enquiry_user = $conn->real_escape_string ($_POST['enquiry_user']);
$query = "INSERT into enquiry
(id, name, phone, address, city, zip, state, item, status, enquiry_date, enquiry_user)
VALUES('" . $id . "','" . $name . "','" . $phone . "','" . $address . "','" . $city . "','" . $zip . "','" . $state . "','" . $item . "','" . $status . "','" . $enquiry_date . "')";
$success = $conn->query($query);
if (!$success) {
die("Couldn't enter data: ".$conn->error);
}
echo "Thank You For Contacting Us <br>";
$conn->close();
?>
As #Jeff said:
$query = "INSERT into enquiry
(id, name, phone, address, city,
zip, state, item, status, enquiry_date, enquiry_user)
VALUES('" . $id . "','" . $name . "','" . $phone . "','" . $address . "','"
. $city . "','" . $zip . "','" . $state . "','" . $item . "','"
$status . "','" . $enquiry_date . "','" . $enquiry_user . "')";
You were missing . "','" . $enquiry_user
I'm trying to show an error while entering duplicates using php and mysql, but i'm not getting how to complete, please give an solution........
this is my code:
mysql_query(
"INSERT INTO productcost (product, productCategory, model, purchasePrice, mrp, customerPrice, marginCustomer, dealerPrice, marginDealer)
VALUES ('" . $_POST["product"] . "','" . $_POST["productCategory"] . "','" . $_POST["model"] . "','" . $_POST["purchasePrice"] . "','" . $_POST["mrp"] . "','" . $_POST["customerPrice"] . "','" . $_POST["marginCustomer"] . "','" . $_POST["dealerPrice"] . "', '" . $_POST["marginDealer"] . "')");
$current_id = mysql_insert_id();
if(!empty($current_id)) {
$message = "New Product Added Successfully";
}
}
You have to create unique key in productcost table , using unique fields like (product, productCategory, model). Now execute insert query, if there is a recode in the table return error . now you can handle error and give message.
try{
mysql_query("INSERT INTO productcost (product_key_id,product, productCategory,model,purchasePrice, mrp, customerPrice, marginCustomer, dealerPrice, marginDealer)
VALUES
('" . $_POST["created_product_id"] . "','" . $_POST["product"] . "','".$_POST["productCategory"] . "','" . $_POST["model"] . "','".$_POST["purchasePrice"] . "','" . $_POST["mrp"] . "','".$_POST["customerPrice"] . "','" . $_POST["marginCustomer"] . "','".$_POST["dealerPrice"] . "', '" . $_POST["marginDealer"] . "')");
return TRUE;
}
catch(Exception $e){
return FALSE;
}
or you can check is there a recode in table before insert
select count(*) as cc from doc_upload where product_key_id = $_POST["created_product_id"];
To show an error message while entering duplicates:
// First check there are same data available or not using a query by counting the row
$sqlCheck = "SELECT COUNT(`id`) WHERE product = '" . $_POST["product"] . "' AND productCategory = '" . $_POST["productCategory"] . "' AND model = '" . $_POST["model"] . "'"; // You have to add mroe thing in where clause
$CheckQuery = mysql_query($sqlCheck);
// if there is no duplicate data
//
if ($CheckQuery > 0) {
# code...
mysql_query(
"INSERT INTO productcost (product, productCategory, model, purchasePrice, mrp, customerPrice, marginCustomer, dealerPrice, marginDealer)
VALUES ('" . $_POST["product"] . "','" . $_POST["productCategory"] . "','" . $_POST["model"] . "','" . $_POST["purchasePrice"] . "','" . $_POST["mrp"] . "','" . $_POST["customerPrice"] . "','" . $_POST["marginCustomer"] . "','" . $_POST["dealerPrice"] . "', '" . $_POST["marginDealer"] . "')");
$current_id = mysql_insert_id();
if(!empty($current_id)) {
$message = "New Product Added Successfully";
}
} else {
$message = "Data is Duplicated";
}
Note : I'm Giving you an Example . this is how you have to check
duplicate data
while(($data = fgetcsv($handle,0,",")) !== FALSE){
$num = count($data);
$sql = "INSERT INTO `calendar` (`service_id`, `sunday`, `monday`, `tuesday`, `wednesday`, `thursday`, `friday`, `saturday`, `start_date`, `end_date`) VALUES ('" . $data[0] . "','" . $data[1] . "','" . $data[2] . "','" . $data[3] . "','" . $data[4] . "','" . $data[5] . "','" . $data[6] . "','" . $data[7] . "','" . $data[8] . "','" . $data[9] . "');";
$collect .= $sql;
$count = count(explode(";",$collect));
if($count > 500){
$mysql->multi_query($collect);
$collect = '';
$count = 0;
}
$row++;
}
i'm parsing a csv and collecting queries and if it's more then 500 submitting to sql server
but the multi_query run only once why?
I've got a syntax error in the following code, but I can't find it:
$tableSelect = $_POST["tableSelect"];
$companyName = $_POST["companyName"];
$telephone = $_POST["telephone"];
$fax = $_POST["fax"];
$email = $_POST["email"];
$address = $_POST["address"];
$postcode = $_POST["postcode"];
$category = $_POST["category"];
$contact = $_POST["contact"];
$contactTel = $_POST["contactTel"];
$contactEmail = $_POST["contactEmail"];
$sql = "INSERT INTO '" . $tableSelect . "' ('" . $companyName . "', '" . $telephone . "', '"
. $fax . "', '" . $email . "', '" . $address . "','" . $postcode . "', '" . $category . "',
'" . $contact . "', '" . $contactTel . "', '" . $contactEmail . "')";
mysqli_query($con,$sql);
if (!mysqli_query($con,$sql)) {
die('Error: ' . mysqli_error($con));
}
Cheers!
EDIT: I have modified the code to this:
$sql = "INSERT INTO `" . $tableSelect . "` (name, telephone, fax, email, address, postcode, category,
contact, contactTel, contactEmail) VALUES (`" . $companyName . "`, `" . $telephone . "`, `"
. $fax . "`, `" . $email . "`, `" . $address . "`,`" . $postcode . "`, `" . $category . "`,
`" . $contact . "`, `" . $contactTel . "`, `" . $contactEmail . "`)";
and now have the error "Error: Unknown column [companyName] in 'field list'", where [companyName] is the value submitted through the form. But surely I've defined the column as "name"?
Edit 2: Thanks, I'm now aware of the injection issue. I'd like to get it working, then I'll change it to using prepared statements.
You need either a values statement or a select statement:
"INSERT INTO '" . $tableSelect . "' VALUES ('" . $companyName . "', '" . $telephone . "', '"
. $fax . "', '" . $email . "', '" . $address . "','" . $postcode . "', '" . $category . "',
'" . $contact . "', '" . $contactTel . "', '" . $contactEmail . "')";
However, I would also recommend that you include the column names in the insert statement:
"INSERT INTO '" . $tableSelect ."(companyname, telephone, fax, email, address, postcode, category, contact, contactTel, contactEmail) ".
"' VALUES ('" . $companyName . "', '" . $telephone . "', '"
. $fax . "', '" . $email . "', '" . $address . "','" . $postcode . "', '" . $category . "',
'" . $contact . "', '" . $contactTel . "', '" . $contactEmail . "')";
I'm not sure if those are the correct names.
Ignoring injection issues...
$sql = "
INSERT INTO $tableSelect
(name
,telephone
,fax
,email
,address
,postcode
,category
,contact
,contactTel
,contactEmail
) VALUES
('$companyName'
,'$telephone'
,'$fax'
,'$email'
,'$address'
,'$postcode'
,'$category'
,'$contact'
,'$contactTel'
,'$contactEmail'
);
";
Incidentally, in my (limited) experience, the practice of calling the variable (e.g. '$companyName') and the column (e.g. name) two (slightly) different things can get very confusing.
Use backquotes: ` instead of straight quotes when quoting table names:
instead of:
'" . $companyName . "'
this:
`" . $companyName . "`
Use prepared statements instead of putting the variables into the query directly. And check, that the tables names are correct, cause now you are open to SQL injection.
How can I prevent SQL injection in PHP?
please check insert query syntax
you are missing values in your program:
Follow the below Syntax:
INSERT INTO table_name (column1, column2, column3,...)
VALUES (value1, value2, value3,...)
try query like this
$query="insert into abc (a,b,c) values ('a','b','c')
and first check your all variables using isset()
Please try below query:
$sql = "INSERT INTO $tableSelect ('" . $companyName."', '".$telephone."',
'".$fax."', '".$email."', '".$address."', '".$postcode."', '".$category."',
'".$contact."', '".$contactTel."', '".$contactEmail."')";
If still getting error, then you should use mysql_real_escape_string() function.
Data may contain special characters.
I'm using this example: www.jtable.org
I've downloaded the jTable PHP version. I then edited the script. The jTable simple version is working, but my edited version isn't.
I can create a list, but I can't add a row; this code is causing problems. However, PHP doesn't display any error messages.
else if($_GET["action"] == "create")
{
//Insert record into database
$result = mysql_query("INSERT INTO veriler(bolge, sehir, firma, adres, tel, web) VALUES('" . $_POST["bolge"] . "', '" . $_POST["sehir"] . "', '" . $_POST["firma"] . "', '" . $_POST["adres"] . "', '" . $_POST["tel"] . "', '" . $_POST["web"] . "'");
//Get last inserted record (to return to jTable)
$result = mysql_query("SELECT * FROM veriler WHERE id = LAST_INSERT_ID();");
$row = mysql_fetch_array($result);
//Return result to jTable
$jTableResult = array();
$jTableResult['Result'] = "OK";
$jTableResult['Record'] = $row;
print json_encode($jTableResult);
}
What is the problem?
In this line, there is a problem:
$result = mysql_query("INSERT INTO veriler(bolge, sehir, firma, adres, tel, web) VALUES('" . $_POST["bolge"] . "', '" . $_POST["sehir"] . "', '" . $_POST["firma"] . "', '" . $_POST["adres"] . "', '" . $_POST["tel"] . "', '" . $_POST["web"] . "'");
The format for the INSERT query is:
INSERT INTO table (column1, column2, etc) VALUES (value1, value2, etc);
You missed a closing parenthesis for the VALUES part.
To improve your code, you can do something like this:
$result = mysql_query("YOUR QUERY") or die('ERROR: '.mysql_error());
And please read on SQL Injection.
here is the problem you forget the )
$result = mysql_query("INSERT INTO veriler(bolge, sehir, firma, adres, tel, web)
VALUES('" . $_POST["bolge"] . "', '" . $_POST["sehir"] . "', '" . $_POST["firma"] . "', '" . $_POST["adres"] . "', '" . $_POST["tel"] . "', '" . $_POST["web"] . "'");
use
$result = mysql_query("INSERT INTO veriler(bolge, sehir, firma, adres, tel, web) VALUES
('{$_POST["bolge"]}', '{$_POST["sehir"] }' , '{$_POST["firma"]}' , '{$_POST["adres"] }', '{$_POST["tel"]}', '{$_POST["web"]}' )" ) ;
first of all you can reduce one query of last_inset_id()
else if($_GET["action"] == "create")
{
//Insert record into database
$result = mysql_query("INSERT INTO veriler(bolge, sehir, firma, adres, tel, web) VALUES('" . $_POST["bolge"] . "', '" . $_POST["sehir"] . "', '" . $_POST["firma"] . "', '" . $_POST["adres"] . "', '" . $_POST["tel"] . "', '" . $_POST["web"] . "'"));
//Get last inserted record (to return to jTable)
//check youe result query you are missing something here
$id=mysql_insert_id();
//this will automatically give you last id
//Return result to jTable
$jTableResult = array();
$jTableResult['Result'] = "OK";
$jTableResult['id'] = $id;
$jTableResult['Record'] = $row;
$jTableResult['aderes'] = $_POST['adres'];
//and so on
print json_encode($jTableResult);
}