I've been reluctant to come back to Stackoverflow to ask this question. It's definitely been asked many times over, but every answer hasn't been able to fix the problem. I've attempted the Header() fix: https://stackoverflow.com/a/18820079/3831297 to no avail and now I have been trying to instead just validate and submit from the same page.
When I was using the Header redirect nothing would happen, no redirect to the next page while also not giving any errors for a reason. Which leaves me with the method below.. A mess of code that I've spent 60+ hours on trying to get to work from answers found on here as well as other websites.
What I've been trying to do with this version is validate with:
if(empty()) {
display error
}else{
variable = true
if(variable = true){
post to database
}
I apologize for the repeated question as well as for my complete lack of knowledge. I am learning as I go with these hands-on projects.
<?php
if (mysqli_connect_errno()) {
echo "Connection to the database failed! Submitting a story will not work! Try again in a few minutes!" . mysqli_connect_error();
}else{
echo "<br>";
echo "<h4>" . "Database connected successfully... It is safe to submit a story!" . "</h4>";
}
$TitleErr = $StoryErr = $AuthorErr = $DateErr = "";
$Title = $Story = $Author = $Date = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["Title"])) {
$TitleErr = "Title is required!";
}else{
$valid1 == true;
}
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["Story"])) {
$StoryErr = "Story is required!";
}else{
$valid2 == true;
}
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["Author"])) {
$AuthorErr = "Author is required!";
}else{
$valid3 == true;
}
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if(empty($_POST["Date"])) {
$DateErr = "Date is required!";
}else{
$valid4 == true;
}
}
if ($valid1 = $valid2 = $valid3 = $valid4 = true) {
$Title = mysqli_real_escape_string($con, $_POST['Title']);
$Date = mysqli_real_escape_string($con, $_POST['Date']);
$Author = mysqli_real_escape_string($con, $_POST['Author']);
$Story = mysqli_real_escape_string($con, $_POST['Story']);
$sql="INSERT INTO Moderate (Title, Story, Author, Date)
VALUES ('$Title', '$Story', '$Author', '$Date')";
if (!mysqli_query($con,$sql)) {
die('Error: ' . mysqli_error($con));
}else{
echo "<br>";
echo "Story submitted for moderation!";
}
}
mysqli_close($con);
//Insert into database
//$sql="INSERT INTO Moderate (Title, Story, Author, Date)
//VALUES ('$Title', '$Story', '$Author', '$Date')";
?>
<h2>Submit News</h2>
<?php// echo htmlspecialchars($_SERVER["PHP_SELF"]);?>
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="post">
<span class="error">* <?php echo $TitleErr;?></span>
Title: <input type="text" name="Title">
<span class="error">* <?php echo $AuthorErr;?></span>
Author: <input type="text" name="Author">
<span class="error">* <?php echo $DateErr;?></span>
Date: <input type="date" name="Date">
<input type="submit"><br>
<span class="error">* <?php echo $StoryErr;?></span>
Story: <br><textarea type="textarea" rows="40" cols="100" name="Story" method="post"></textarea>
</form>
</div>
<?php
//// escape variables for security
//$Title = mysqli_real_escape_string($con, $_POST['Title']);
//$Story = mysqli_real_escape_string($con, $_POST['Story']);
//$Author = mysqli_real_escape_string($con, $_POST['Author']);
//$Date = mysqli_real_escape_string($con, $_POST['Date']);
//Insert into database
?>
I'm going to hazard an answer. Main thing I see is you are using == as assignment and = as comparison. This is backwards.
$valid4 == true; should be $valid4 = true;
if ($valid1 = $valid2 = $valid3 = $valid4 = true) should be if ($valid1 == $valid2 == $valid3 == $valid4 == true) or not really, since it actually has to be:
if ($valid1==true && $valid2==true && $valid3==true && $valid4==true)
With assignment you can stack up the operator, but with boolean comparison, combine the compares with and (&&).
Just some advise, don't make pages submit to themselves. Make a separate page to handle the form from the one that displays the form. That way if you ever want to upgrade to using Ajax, its much easier. Also after doing a db update like this you always need to redirect to another page to prevent double submit (unless using ajax). The page doing the db update should not print anything out but just do the db update and redirect, unless there's a validation error.
Change your PHP to this:
if (isset($_POST['Title'],$_POST['Date'], $_POST['Author'], $_POST['Story'] )){
$con = mysqli_connect("localhost", "my_user", "my_password", "db");
/* check connection */
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
$title = $_POST['Title'];
$date = $_POST['Date'];
$author = $_POST['Author'];
$story = $_POST['Story'];
$query = "INSERT INTO Moderate (Title, Story, Author, Date)
VALUES (?, ?, ?, ?)"
/* create a prepared statement */
if ($stmt = mysqli_prepare($con, $query)) {
/* bind parameters for markers */
mysqli_stmt_bind_param($stmt, "ssss", $city);
/* execute query */
mysqli_stmt_execute($stmt);
/* close statement */
mysqli_stmt_close($stmt);
}
/* close connection */
mysqli_close($con);
}
Related
I started to learn PHP and I need your help because I'm trying to write on my MySQL database. The script seems fine (for me :D) and it doesn't give me errors. But when I submit the query the data doesn't appear inside my MySQL database. Could you help me, please?
This is my HTML/PHP code:
<?php
session_start();
$_SESSION['message'] = '';
//connection variables
$host = '127.0.0.1';
$user = 'root';
$password = 'MyPassword';
$database= 'test';
$port= '3306';
//create mysql connection
$mysqli = new mysqli($host, $user, $password,$database,$port);
if ($mysqli->connect_errno) {
printf("Connection failed: %s\n", $mysqli->connect_error);
die();
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$name = $mysqli->real_escape_string($_POST['name']);
$email = $mysqli->real_escape_string($_POST['email']);
if ($mysqli->query("INSERT INTO 'contatti' ('name', 'email') VALUES ('$name','$email')") == true) {
$_SESSION['message'] = "registration succesfull! Added $name to the database";
} else {
$_SESSION['message'] = "User can't be added to the database";
}
}
?>
<!DOCTYPE html>
<html>
<center>
<h1>Inputs</h1>
<form class="form" action="welcome.php" method="post" autocomplete="off">
<div class="alert alert-error"><?= $_SESSION['message'] ?></div>
<input type="text" name="name" placeholder="Insert your name" /> <br>
<input type="email" name="email" placeholder="Insert your email"/><br>
<input type="submit" name="submit" placeholder="Submit"/>
</form>
</center>
</html>
This is the database:
[Table structure]
[]1
[Database info]
Please use preapared statements and bind parameters instead: http://php.net/manual/en/mysqli-stmt.bind-param.php
You can also debug your mysql server response with error_list:
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$stmt = $mysqli->prepare("INSERT INTO `contatti` (`name`, `email`) VALUES (?,?)");
$stmt->bind_param('ss', $name, $email);
if ($stmt->execute()) {
/* ... */
}
else {
$errors = $stmt->error_list;
/* ... */
}
}
You should use prepared statements for MYSQL and PHP, if possible, at least to protect yourself from SQL injection (SO Ref).
That said, when you read this line :
if ($mysqli->query("INSERT INTO 'contatti' ('name', 'email') VALUES ($name,$email)") == true)
You are concatening strings into your SQL query without quotes, and the query string look like (with $name = 'test', $email = 'test#test' :
INSERT INTO 'contatti' ('name', 'email') VALUES (test,test#test) : incorrect syntax
You must escape strings on SQL :
if ($mysqli->query("INSERT INTO 'contatti' ('name', 'email') VALUES ('$name', '$email' )") == true)
The resulting query should look like : INSERT INTO 'contatti' ('name', 'email') VALUES ('test','test#test')
Edit : please note that the table (contatti) and the fields name (name, email) are supposed to be surrounded by backticks, not single quotes (I cannot escape backticks in a quote), and variables $name and $email by single quotes
You have a syntax error in your query, try to change the INSERT query inside the if condition here:
if ($mysqli->query("INSERT INTO 'contatti' ('name', 'email') VALUES ('$name','$email')") == true) {
$_SESSION['message'] = "registration succesfull! Added $name to the database";
} else {
$_SESSION['message'] = "User can't be added to the database";
}
To be like this:
if ($mysqli->query("INSERT INTO contatti (name, email)
VALUES('$name', '$email')") == true) {
$_SESSION['message'] = "registration succesfull! Added $name to the database";
} else {
$_SESSION['message'] = "User can't be added to the database";
}
I have a form where the user can update a student by entering the username of the student. But if the user only wants to update the firstname and leaves the lastname blank, this will remove the last name from the mysql database.
html form:
<form class="" action="updateStudent.php" method="post">
Username: <input type="text" name="username" value="">
Firstname: <input type="text" name="firstname" value="">
Lastname: <input type="text" name="lastname" value="">
<input type="submit" name="" value="Update">
</form>
php:
<?php
include('connection.php');
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$username = $_POST['username'];
$sql = "update employee set firstname = '$firstname',
lastname = '$lastname',
where username = '$username'";
if ($conn->query($sql) === TRUE) {
echo "Record updated successfully";
}
else{
echo "error: $sql. " . mysqli_error($conn);
}
mysqli_close($conn);
?>
how can I change my code so when the user only wants to change the first name and leave the last name, it wont end up empty in the database?
Add this line your form
<input type="text" name="lastname" value="<?php echo $lastname; ?>" />
$lastname is the last name from the resultset. The condition is that you should query the record before rendering the page.
Use COALESCE:
UPDATE `employee`
SET `firstname` = COALESCE($firstname, firstname),
`lastname` = COALESCE($lastname, lastname),
`username` = COALESCE($username, username)
WHERE `username`= '$username'
And leave the value="" out of the HTML form in the input tags.
Same thing i put in the comment,
U need to check if the person only changed it's first name
U could do this
include('connection.php');
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$username = $_POST['username'];
/**
* instead of checking if the input is an empty string, try to set a minimum
* length for the string lets put it on 5
*/
$minLength= 5;
$sql = '';
if(strlen($lastname) > $minLength && strlen($firstname) > $minLength){
//both have the required length
$sql = "update employee
set firstname = '$firstname',
lastname = '$lastname',
where username = '$username'";
} else if(strlen($firstname) > $minLength) {
//only first name with required length
$sql = "update employee
set firstname= '$firstname',
where username = '$username'";
} else if (strlen($lastname) > $minLength) {
//only lastname with required length
$sql = "update employee
set lastname= '$lastname',
where username = '$username'";
} else {
//none applied
$sql = false;
}
if($sql){
//it's "true" if it contains something
if ($conn->query($sql) === TRUE) {
echo "Record updated successfully";
} else {
echo "error: $sql. " . mysqli_error($conn);
}
mysqli_close($conn);
}
But i strongly recomment if u are updating information, in the update form by default those field get the current values when the form is loaded.
I assume you mean that if someone leaves the input form fields empty, you want to NOT update that column.
To do this, build a dynamic query.
<?php
include 'connection.php';
$username = $_POST['username'];
$sql = "UPDATE employee SET ";
//where username = '$username'";
$countColumns = 0; // track how many columns we are going to update
$columns = ['firstname', 'lastname']; // add more columns to this list if needed.
foreach($columns as $key ) {
if ( ! empty($_POST[$key] ) {
$value = $_POST[$key];
if ( $countColumns > 0 ) $sql .= ',';
$sql .= " `{$key}` = '{$value}'";
$countColumns++;
}
}
if ( $countColumns > 0 ) {
$sql .= " WHERE username = '{$username}'";
if ($conn->query($sql) === TRUE) {
echo "Record updated successfully";
}
else {
echo "error: $sql. " . mysqli_error($conn);
}
}
else {
// Nothing to update
}
mysqli_close($conn);
Use prepared statements with MySQLi, they are much safer and will help you prevent an SQL injection attack!
To solve your problem you can simply check which values came in empty and set a proper query, like this:
<?php
$conn = new mysqli($servername, $username, $password, $dbname);
// check if all fields came in and if username is not empty
if(isset($_POST['username']) && !empty($_POST['username']) && isset($_POST['firstname']) && isset($_POST['lastname']))
{
// you can use strlen($_POST['firstname']) > 2 to check if it at least has 2 characters
if(!empty($_POST['firstname']) && empty($_POST['lastname']))
{
$sql = $conn->prepare("UPDATE employee SET firstname = ? WHERE username = ?";
$sql->bind_param("ss", $_POST['firstname'], $_POST['username']);
}
else if(empty($_POST['firstname']) && !empty($_POST['lastname']))
{
$sql = $conn->prepare("UPDATE employee SET lastname = ? WHERE username = ?";
$sql->bind_param("ss", $_POST['lastname'], $_POST['username']);
}
else if(!empty($_POST['firstname']) && !empty($_POST['lastname']))
{
$sql = $conn->prepare("UPDATE employee SET firstname = ?, lastname = ? WHERE username = ?";
$sql->bind_param("sss", $_POST['firstname'], $_POST['lastname'], $_POST['username']);
}
if ($sql->execute())
{
echo "Record updated successfully";
}
else
{
echo "error: " . mysqli_error($conn);
}
$sql->close();
}
$conn->close();
?>
This should work regardless of which they want to update, or if they want to update both. Though I'm not sure if you'd have to escape the single quote inside the strings within the IF statements or not.
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$username = $_POST['username'];
$flen = strlen($firstname);
$llen = strlen($lastname);
$c = $flen + $llen;
if ($flen>0) {
$fname = "firstname = '$firstname'" ;
}
if ($c=2) {
$com = "," ;
}
if ($llen>0) {
$lname = "lastname = '$lastname'" ;
}
$sql = "update employee set " . $fname . $com . $lname . "
where username = '$username' ";
if ($conn->query($sql) === TRUE) {
echo "Record updated successfully";
}
else{
echo "error: $sql. " . mysqli_error($conn);
}
mysqli_close($conn);
?>
I recently created a form where I needed to make sure that all fields were filled out, so I used the following code to ensure that all fields were filled out before continuing with my sql query. Probably not the cleanest, but it prevents empty fields. That way nothing will be left blank and it will update accordingly.
$firstName = $_POST['firstName'];
$lastName = $_POST['lastName'];
$flen = strlen($firstName);
$llen = strlen($lastName);
switch ($flen) {
case 0:
echo "Click Back button and please make sure to fill in all fields";
exit;
}
switch ($llen) {
case 0:
echo "Click Back button and please make sure to fill in all fields";
exit;
}
I have the following code. I try to use my Submit button to insert the code into the database, but every time I use it and refresh the browser, empty fields get inserted into the database.
<?php
$servername = "localhost";
$username = "root";
$password = "";
//create connection
$cn = new mysqli($servername, $username, $password, "milege");
//check connection
if ($cn->connect_error) {
echo "Connection failed!". $cn->connect_error;
}
// once the button is clicked
if (isset($_POST['submitForm'])) {
//the values in the boxes
$name = $_POST['fname'];
$email = $_POST['email'];
$password = $_POST['password'];
$confpass = $_POST['confpass'];
$interest = $_POST['interest'];
$info = $_POST['info'];
//echo "connection successfully";
//Insert into table
$sql = "INSERT INTO miltb(name, email, password, interest, info, productorder) VALUES('$name', '$email', '$password', '$interest', '$info', 'none' )";
}
if ($cn->query($sql) == true) {
?><script>alert ("INSERTED SUCCESSFULLY!");</script><?php
} else {
echo "error: " . $sql . "\n" . $cn->error;
}
$cn->close();
?>
How would I fix it?
The reason empty fields get inserted in the database it's because you are not checking for empty fields, you need to check those empty fields first then if empty fields exists do not insert.
Well man there's a lot that you need to learn, you need to learn about
1.SQL Injections
2.mysqli prepared or pdo prepared statements.
3.Password hashing
Filter ,sanitize and validate user inputs
Never trust an input from the user, you must always treat a user input as if it comes from a dangerous hacker.
Then you code with prepared statements should look like this :
<?php
//create connection
$cn = new mysqli($servername, $username, $password, "milege");
//check connection
if ($cn->connect_error) {
echo "Connection failed!" . $cn->connect_error;
}
$error = "";
// once the button is clicked
if (isset($_POST['submitForm'])) {
// check for empty fiels
if (empty($_POST['fname'])) {
echo "Enter your name";
$error++;
} else {
$name = userInput($_POST['fname']);
}
if (isset($_POST['email'])) {
echo "enter email";
$error++;
} else {
$email = userInput($_POST['email']);
// validate email
if (!preg_match("/([\w\-]+\#[\w\-]+\.[\w\-]+)/", $email)) {
echo "enter a valid email";
$error++;
}
}
if (empty($_POST['password'])) {
echo "enter password";
$error++;
} else {
$password = userInput($_POST['password']);
$hash = password_hash($password, PASSWORS_DEFAULT); //hash the password
}
if (!empty($_POST['confpass']) && $_POST['confpass'] !== $_POST['password']) { //password confirmation
echo "passwords does not match";
$error++;
}
if (empty($_POST['interest'])) {
echo "enter interests";
$error++;
} else {
$interest = userInput($_POST['interest']);
}
if (empty($_POST['info'])) {
echo "enter info";
$error++;
} else {
$info = userInput($_POST['info']);
}
if ($error > 0) { // if we have errors don't insert to db
echo "you have " . $error . " error(s) on your form plz fix them";
} else { // no errors lets insert
// prepare and bind
$sql = $cn->prepare("INSERT INTO miltb(name, email, password, interest, info) VALUES (?, ?, ?,?,?)");
$sql->bind_param("sssss", $name, $email, $hash, $interest, $info);
if ($sql->execute()) {
echo "INSERTED SUCCESSFULLY!";
} else {
echo "could not insert ";
}
}
$sql->close();
$cn->close();
}
function userInput($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
Hope this will help and you will learn a thing or two, I stand to be corrected where I'm wrong
Use something like this to be sure values are inserted:
$name = isset($_POST['fname']) ? strval($_POST['fname']) : null;
if (empty($name)){
echo "Name can't be empty!";
exit();
}
Note: beware of SQL Injection. Using php function strval() is the least possible secutiry, but atleast use that, if nothing more.
How can I use mysqli_real_escape_string in my script to prevent SQL injection. I was working on some code and asking some questions here and I was advised to use mysqli_real_escape_string instead of mysql_real_escape_string, the problem is my code does not make a connection until after the variables I want to secure. It was suggested that I should used prepared statements instead but after some searching http://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php I feel more confused. Right now the code if doing exactly what it is not supposed to do, it is inserting empty values/rows into my table, which from my reading is probably because of the use of mysqli_real_escaape_string
Any thoughts or help is appreciated, I am so frustrated and confused but still trying to learn. Here is the code:
<?php
//Form fields passed to variables
$manu = mysqli_real_escape_string($_POST['inputManu']);
$model = mysqli_real_escape_string($_POST['inputModel']);
$desc = mysqli_real_escape_string($_POST['inputDesc']);
//Connect to database using $conn
include ('connection.php');
//Insert record into table
$sql = "INSERT INTO gear (`id`,`manu`,`model`,`desc`)
VALUES (NULL,'$manu','$model','$desc')";
//Check for empty fields
if (isset($_POST['submit']))
{
foreach($_POST as $val)
{
if(trim($val) == '' || empty($val))
{
die('Error: ' . mysqli_error());
echo "Please complete all form fields!";
echo "<meta http-equiv='Refresh' content='3; URL=../add.php'>";
}
}
if (!mysqli_query($conn,$sql))
{
die('Error: ' . mysqli_error($conn));
}
else
{
//echo "1 record added";
echo "Success, You added the ".$manu." ".$model."";
echo "<meta http-equiv='Refresh' content='3; URL=../index.php'>";
}
}
else
{
echo "some error";
}
mysqli_close($conn);
?>
<?php
//Connect to database using $conn
include ('connection.php');
//Form fields passed to variables
$manu = mysqli_real_escape_string($conn, $_POST['inputManu']);
$model = mysqli_real_escape_string($conn, $_POST['inputModel']);
$desc = mysqli_real_escape_string($conn, $_POST['inputDesc']);
Hope Below code will help you.
<?php
//Connect to database using $conn
/*in connection.php
$link = mysqli_connect("localhost", "root", "", "test");
*/
include ('connection.php');
//Check for empty fields
if (isset($_POST['submit']))
{
//Form fields passed to variables
$manu = mysqli_real_escape_string($link,$_POST['inputManu']);
$model = mysqli_real_escape_string($link,$_POST['inputModel']);
$desc = mysqli_real_escape_string($link,$_POST['inputDesc']);
if($manu!='' && $model!="" && $desc!="")
{
//Insert record into table
$sql = "INSERT INTO gear (`id`,`manu`,`model`,`desc`)
VALUES (NULL,'$manu','$model','$desc')";
$r=mysqli_query($link,$sql) ;
//echo "1 record added";
if($r)
{
echo "Success, You added the ".$manu." ".$model."";
// echo "<meta http-equiv='Refresh' content='3; URL=../index.php'>";
}
}
else
{
echo "Please complete all form fields!";
}
}
?>
First forgive me if the code is not in an organized manner, I have tried to insert code in a neat manner but by the time I fix it, the system times out, so I cant post and have to do it all over again..so this time I am not going to adjust the code.. just copy past it into forum
I created a from called product_insert.html.. and a php script called product_insert.php. They are both located in a sub folder called Final exam, in the htdoc folder of xampp.
After entering data into form, the next screen basically shows me the script of the product_insert.php. I cannot figure out why it does not make the connection. Also the database is called final_exam.
i have edited my code to the following and i am still getting errors
<html>
<head></head>
<body>
<?php
mysql_connect("localhost", "root", "Final exam")
or die(mysql_error());
//echo "We have successfully connect to our DB.<br/>";
mysql_select_db( "final_exam") or die(mysql_error());
//echo "Successfully opened DB.<br/>";
//pull values from the URL and put them each in a variable
$Description = addslashes($_GET["Description"]);
$Quantity = addslashes($_GET["Quantity"]);
$Price = addslashes($_GET["Price"]);
$Vend_id = addslashes($_GET["Vend_id"]);
if($Description && $Quantity && $Price && $Vend_id)
{
echo "test1";
}
else
{
echo "test2";
}
if(isset($Description) && !empty($Description)
&& isset($Quantity) && !empty($Quantity)
&& isset($Price) && !empty($Price)
&& isset($Vend_id) && !empty($Vend_id))
{
$SQLstring = "INSERT INTO student (id, first_name,last_name,address, e_mail,
gpa)
VALUES (NULL, '$first', '$last', '$address', '$email', 0.0)";
$QueryResult = #mysqli_query($DBConnect, $SQLstring)
Or die("Insert Broke!!!");
echo "insert complete";
}
else
{
echo "You are missing some values...Please press the back button and retry!";
}
//redirect back to our list page since the insert worked
header("location: db_connect.php");
?>{/PHP]
<!--Insert Complete: click here to go back to the
list!-->
</body>
</html>
i have edited my code to the following and i am still getting errors
<html>
<head></head>
<body>
<?php
$host = "localhost"; // change this as required
$username = "root"; // change this as required
$password = "password"; // change this as required
$db = "final_exam"; // your DB
$DBConnect=mysql_connect("localhost", "root", "password")
or die("Could Not Connect");
//echo "We have successfully connect to our DB.<br/>";
mysql_select_db( "final_exam")
or die(mysql_error());
//echo "Successfully opened DB.<br/>";
//pull values from the URL and put them each in a variable
$Description = addslashes($_GET["Description"]);
$Quantity = addslashes($_GET["Quantity"]);
$Price = addslashes($_GET["Price"]);
$Vend_id = addslashes($_GET["Vend_id"]);
if($Description && $Quantity && $Price && $Vend_id)
{
echo "test1";
}
else
{
echo "test2";
}
if(isset($Description) && !empty($Description)
&& isset($Quantity) && !empty($Quantity)
&& isset($Price) && !empty($Price)
&& isset($Vend_id) && !empty($Vend_id))
{
$SQLstring = "INSERT INTO student (id,
VALUES ('$Description', '$Quantity', '$Price', '$Vend_id')";
$QueryResult = #mysql_query($DBConnect, $SQLstring)
Or die("Insert Broke!!!");
echo "insert complete";
}
else
{
echo "You are missing some values...Please press the back
button and retry!";
}
//redirect back to our list page since the insert worked
header("location: product_list.php");
?>
<a a href="product_insert.html">Click here</a> to go back to the list!-->
</body>
</html>
mysql_connect('localhost', 'mysql_user', 'mysql_password');
You are missing either user or password in your connection string.Instead you use the db name.
Also you are mixing mysqli and mysql functions.