products cannot be inserted into the database, there is no error occurs PHP

Question

I'm following a tutorial on youtube, trying out the e-commerce website. http://www.youtube.com/watch?v=8dL0ntjl0fI

right now , I'm doing a page called admin page, whereby, it will insert the products into the database when the button is clicked on. The forms work pretty well/there is no error occurs, but the products doesn't seems to be inserted into the database.

May I know what is wrong with the code? Can someone help m out? thank you!(:

this is the PHP code for inventorylist.php

<?php require_once('Connections/MyDatabase.php'); ?>
<?php
session_start();
if(!isset($_SESSION["manager"])){
    header("location: admin_login.php");
    exit();
}
//check that manager session is in database
$managerID = preg_replace('#[^0-9]#i','',$_SESSION["id"]);
    $manager = preg_replace('#[^A_Za-z0-9]#i','',$_SESSION["manager"]);
    $password = preg_replace('#[^A_Za-z0-9]#i','',$_SESSION["password"]);


    $sql = mysql_query("SELECT * FROM admin WHERE id = '$managerID' AND username='$manager' AND password = '$password' LIMIT 1");

//make sure person exist in database
$existCount = mysql_num_rows($sql);
if($existCount == 0) {
    echo " Your login session data is not on record in the database";
exit();
}
?>


<?php
if(isset($_POST['description'])){
    $product_name = mysql_real_escape_string($_POST['product_name']);
    $product_price = mysql_real_escape_string($_POST['product_price']);
    $category = mysql_real_escape_string($_POST['category']);
    $subcategory = mysql_real_escape_string($_POST['subcategory']);
    $product_description = mysql_real_escape_string($_POST['product_description']);
    $product_package = mysql_real_escape_string($_POST['product_package']);


$sql = mysql_query("SELECT id FROM supermarket WHERE description='$product_description' LIMIT 1");
$productMatch = mysql_num_rows($sql);
if($productMatch > 0) {
    echo "Sorry you tried to place a duplicate 'Product Description' into the system, <a href='invertorylist.php'>click here</a>";
    exit();
}

//Add this prouct into the database now
$sql = mysql_query("INSERT INTO supermarket (category,subcategory,name,description,packaging,price)
                    VALUES ('$category','$subcategory','$product_name','$product_description','$product_package','$product_price'") or die (mysql_error());

$pid = mysql_insert_id();
//place image in the folder
$newname = "$pid.jpg";
move_uploaded_file($_FILES['fileField']['tmp_name'],"images/$newname");
}



?>
<?php
$product_list = "";
$sql = mysql_query("SELECT * FROM supermarket");
$productCount = mysql_num_rows($sql);//count output amount
if($productCount > 0){
    while($row = mysql_fetch_array($sql)){
        $id = $row["id"];
        $product_description = $row["description"];
        $product_list = "$id - $product_description<br/>";
    }
}
else{
    $product_list = "You have no products listed in your store yet";
}
?>

this is the html code for inventorylist.php

<body background="background.jpg">
<table width="1024" border="0" align="center" cellpadding="5" cellspacing="0" bgcolor="#EBF4FA">
  <tr>
    <td><img src="logo.png" width="450" height="86" hspace="50"> 
    </td>
    <td>
    <blockquote><h4>&nbsp;</h4> </blockquote>
   <blockquote>&nbsp;</blockquote></td>
  </tr>
</table>
<br>
<table width="1024" border="0" align="center" cellpadding="5" cellspacing="0" bgcolor="#EBF4FA">
 <tr>
 <td><img src="back.png" alt="back"  height="30" border="0" usemap="#Map3" ></td>
 <td><h2>Inventory List</h2></td>
 <tr>
 <td></td>
 <td align="right"> <a href="#inventoryForm">+ Add New Inventory Items</a></td>
 </tr>
 <tr>
 <td width="153">&nbsp;</td>
 <td width="851"><?php echo $product_list?> </td>
 </tr>
 <tr>
 <td></td>
 <td>
 <a name="inventoryForm" id="inventoryForm"></a>
 <h3><center>&darr; Add New Inventory Form &darr;</center></h3>
 <form action="inventorylist.php" enctype="multipart/form-data" name="myForm" method="post">
   <table width="600" border="1" align="center" cellpadding="5" cellspacing="0" bgcolor="#EBF4FA">

 <tr>
 <td width="175">Category:</td>
 <td width="405">
 <label>
 <select name="category" id="category">
 <option value=""></option>
 <option value="SnacksAndTibits">SnacksAndTibits</option>
 <option value="Beverages">Beverages</option>
 <option value="Toiletries">Toiletries</option>
 </select>
 </label>



  </tr>
 <tr>
 <td>Subcategory:</td>
 <td>
  <label>
 <select name="subcategory" id="subcategory">
 <option value=""></option>
 <option value="Chocolates">Chocolates</option>
 <option value="Lozenges">Lozenges</option>
 <option value="PotatoSnacks">Potato Snacks</option>
 <option value="Carbonated">Carbonated</option>
 <option value="Juice">Juice</option>
 <option value="EnergyDrink">Energy Drink</option>
 <option value="FacialCare">Facial Care</option>
 <option value="BodyWashSoap">Body Wash/Soap</option>
 <option value="Toothbursh">Toothbursh</option>

 </select>
 </label>


  </tr>
 <tr>
 <td>Product Name:</td>
 <td><input type="text" name="product_name" id="product_name" size="64" required="require" ></td>
 </tr>
 <tr>
 <td height="101">Product Description:</td>
 <td><textarea name="product_description" id="product_description" cols="64" rows="5"></textarea></td>
 </tr>
 <tr>
 <td>Product Package:</td>
 <td><input type="text" name="product_package" id="product_package" size="64" required="require" ></td>
 </tr>
 <tr>
 <td>Product Price:</td>
 <td>$
   <input type="text" name="product_price" id="product_price" size="12" required="require" ></td>
 </tr>
 <tr>
 <td>Product Image:</td>
 <td><label>   <input type="file" name="fileField" id="fileField">
 </label>
</tr>
 <tr>
 <td>&nbsp;</td>
 <td><input type="submit" name="button" id="button" value="Add Items"></td>
 </tr>

 </table>
 </form>
 </td>
 <tr>
</table>

Answer 1

You are missing a parenthesis at the end of the insert statement, right after '$product_price':

"INSERT INTO supermarket (category,subcategory,name,description,packaging,price)
VALUES ('$category','$subcategory','$product_name','$product_description','$product_package','$product_price')"

Also there's a <br> in the middle of the sentence, but it may be a copy-paste error.

You should better work on prevent sql injection (check this thread How can I prevent SQL injection in PHP?) and replace the old mysql_ functions with mysqli_ or PDO.

Answer 2

Don't give <br> in insert query your query should look like this : (you are also missing parenthsis)

$sql = mysql_query("INSERT INTO supermarket (category,subcategory,name,description,packaging,price) VALUES ('$category','$subcategory','$product_name','$product_description','$product_package','$product_price')") or die (mysql_error());

Answer 3

$sql = mysql_query("INSERT INTO supermarket (category,subcategory,name,description,packaging,price)
                    VALUES ('$category','$subcategory','$product_name','$product_description','$product_package','$product_price')"

As MillaresRoo said.

It is also suggested that you concatenate the variables into the statement with an escapeing method addslashes() or mysql_real_escape_string() especially if these variables will be user entered. This prevents sql injection:

$sql = mysql_query("INSERT INTO supermarket (category,subcategory,name,description,packaging,price)
VALUES('".addslashes($category)."','" . addslashes($subcategory) . "','" . addslashes($product_name) . "','" . addslashes($product_description) . "','" . addslashes($product_package) . "','" . addslashes($product_price) . "')"