66

I am using the following script to process a form to add info to my website. The problem I am having is when I submit the form nothing gets submitted to the database, and there are no errors. How can I add error reporting to my query?

<?php
if (isset($_POST['itemdescription'])) {$itemdescription = $_POST['itemdescription'];}else {$itemdescription = '';}
if (isset($_POST['itemnumber'])) {$itemnumber = $_POST['itemnumber'];}else {$itemnumber = '';}
if (isset($_POST['sellerid'])) {$sellerid = $_POST['sellerid'];}else {$sellerid = '';}
if (isset($_POST['purchasedate'])) {$purchasedatepre = $_POST['purchasedate'];$date = DateTime::createFromFormat("D F d, Y", $purchasedatepre);$purchasedate = date('Y-m-d',strtotime($purchasedatepre));}else {$purchasedatepre = ''; $purchasedate = '';}
if (isset($_POST['otherinfo'])) {$otherinfo = $_POST['otherinfo'];}else {$otherinfo = '';}
if (isset($_POST['numberofitems'])) {$numberofitems = $_POST['numberofitems'];}else {$numberofitems = '';}
if (isset($_POST['numberofitemsused'])) {$numberofitemsused = $_POST['numberofitemsused'];}else {$numberofitemsused = '';}
if (isset($_POST['isitdelivered'])) {$isitdelivered = $_POST['isitdelivered'];}else {$isitdelivered = '';}
if (isset($_POST['price'])) {$price = $_POST['price'];}else {$price = '';}

$itemdescription = str_replace("'", "", "$itemdescription");
$itemnumber = str_replace("'", "", "$itemnumber");
$sellerid = str_replace("'", "", "$sellerid");
$otherinfo = str_replace("'", "", "$otherinfo");

include("connectmysqli.php"); 

mysqli_query($db,"INSERT INTO stockdetails (`itemdescription`,`itemnumber`,`sellerid`,`purchasedate`,`otherinfo`,`numberofitems`,`isitdelivered`,`price`) VALUES ('$itemdescription','$itemnumber','$sellerid','$purchasedate','$otherinfo','$numberofitems','$numberofitemsused','$isitdelivered','$price')");

// header('Location: stockmanager.php?&key='.$key);
?>
Your Common Sense
  • 156,878
  • 40
  • 214
  • 345
Iain Simpson
  • 8,011
  • 13
  • 47
  • 66

2 Answers2

95

Just simply add or die(mysqli_error($db)); at the end of your query, this will print the mysqli error.

 mysqli_query($db,"INSERT INTO stockdetails (`itemdescription`,`itemnumber`,`sellerid`,`purchasedate`,`otherinfo`,`numberofitems`,`isitdelivered`,`price`) VALUES ('$itemdescription','$itemnumber','$sellerid','$purchasedate','$otherinfo','$numberofitems','$numberofitemsused','$isitdelivered','$price')") or die(mysqli_error($db));

As a side note I'd say you are at risk of mysql injection, check here How can I prevent SQL injection in PHP?. You should really use prepared statements to avoid any risk.

Community
  • 1
  • 1
Fabio
  • 23,183
  • 12
  • 55
  • 64
  • 7
    Please prefer "trigger_error()" instead of "die()" trigger_error("Query Failed! SQL: $sql - Error: ". mysqli_error($db), E_USER_ERROR); – mogosselin May 19 '14 at 21:46
  • 2
    Or even better, throw and Exception and possibly handle it. Both are preferable to the silly and prevalent `or die`. – ficuscr Sep 28 '20 at 03:09
  • 1
    [Make `mysqli` throw exceptions by default](https://stackoverflow.com/a/22662582/3979906) – Jacob Apr 22 '22 at 15:55
45
mysqli_error()

As in:

$sql = "Your SQL statement here";
$result = mysqli_query($conn, $sql) or trigger_error("Query Failed! SQL: $sql - Error: ".mysqli_error($conn), E_USER_ERROR);

Trigger error is better than die because you can use it for development AND production, it's the permanent solution.

Dharman
  • 30,962
  • 25
  • 85
  • 135
Jessica
  • 7,075
  • 28
  • 39
  • 2
    For those that may be wondering: trigger_error() is fine for both production and development because error reporting is usually turned off in production. trigger_error therefore won't be printed out. – John Reid Apr 23 '15 at 17:07
  • 2
    @KarlosFontana you should never have anything like '*or die: "Sorry the query $sql failed with this error: $error*"' in the first place. Please read about [PHP error reporting basics](https://phpdelusions.net/articles/error_reporting) – Your Common Sense Oct 13 '17 at 08:46
  • 1
    @JohnReid strictly speaking, *error reporting* should be set to max on for the production as well. it's *displaying errors* what ought to be switched off. People often mistake these two matters, that's why I took liberty to intervene. – Your Common Sense Oct 13 '17 at 15:32
  • [Make `mysqli` throw exceptions by default](https://stackoverflow.com/a/22662582/3979906) – Jacob Apr 22 '22 at 15:55