0

Still working on a small website and im having issues with insert statements with php, previously in other forms ive successfully inserted data into my database but with some forms it accepts the issue and says the query is fine but when checking the database its not entered at all.

HTML form

<form>
    <form action="comment.php" method="post">
Your Client Number <input type="text" name="clientNo" /><br>
The Boat's Number <input type="text" name="boatNo" /><br>
The View Date <input type="text" name="viewDate" /><br>
Comments <br><textarea name="comment"></textarea><br>   
<input type="submit" value="submit comments" />
</form>

PHP Code

<?php
$client = $_POST['clientNo'];
$boat = $_POST['boatNo'];
$date = $_POST['viewDate'];
$comment = $_POST['comment'];

    $con = mysqli_connect("localhost","root","","boats4u")or die(mysqli_error());;
    $res = mysqli_query($con,"INSERT INTO 'boatviewing'(clientNo,boatNo,viewDate,comment)
    VALUES ('$client','$boat','$date','$comment')");


if($res)
{
    echo "success";
    header("Location:client.php");
}
else {
    echo "no".mysqli_error();
}

?>

Feel like im missing something, when i submit the form from the previous page it runs this and as you can see if its success then returns back to previous page which it does but still doesnt appear in the database

thanls

Jimjebus
  • 99
  • 6
  • 17

5 Answers5

1

You have to check if you have any commas or quotes in your input, you have to escape it because the query would return an error.

Agli Panci
  • 494
  • 1
  • 9
  • 21
1

look at the single quotes in the insert query before and after the table boatviewing, that is the issue.

shatheesh
  • 633
  • 6
  • 10
  • This does not provide an answer to the question. To critique or request clarification from an author, leave a comment below their post - you can always comment on your own posts, and once you have sufficient [reputation](http://stackoverflow.com/help/whats-reputation) you will be able to [comment on any post](http://stackoverflow.com/help/privileges/comment). – Fluffeh May 05 '14 at 12:50
  • @fluffeh , thank you very much. At the time of post i dont have enough privileges tats why i answered here. Thanks for it – shatheesh May 05 '14 at 13:05
1

Edit: (answer follows)

Special note: I noticed that you have not accepted any answers given to any of your questions, where a solution was indeed found.

The way that the StackOverflow system works is that, once an answer has been given to a problem, you then tick the white checkmark till it turns green.

Have a look at the following article on "How does accepting an answer work".

StackOverflow is built on a points/reputation system to encourage everyone for its continued success.

Read the "about" section:

Answer

Adding error reporting to your files would have signaled the mistake.

error_reporting(E_ALL);
ini_set('display_errors', 1);

mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);

You either don't use quotes around table names or use backticks if it's an MySQL reserved word; in this case it isn't so just remove the quotes around your table name.

$res = mysqli_query($con,"INSERT INTO boatviewing (clientNo,boatNo,viewDate,comment)

(if you really want to escape your table name)

$res = mysqli_query($con,"INSERT INTO `boatviewing` (clientNo,boatNo,viewDate,comment)

You also seem to have an extra <form> tag; remove it, plus remove the extra semi-colon at the end of die(mysqli_error());; it's not needed.

Another thing, remove the echo "success"; above your header("Location:client.php");, you are outputting before header and will throw an error.

Change

$con = mysqli_connect("localhost","root","","boats4u")or die(mysqli_error());;

to:

$con = mysqli_connect("localhost","root","","boats4u") 
or die("Error " . mysqli_error($con));

as per the method that the manual states:

Sidenote: Your present code is open to SQL injection. Use prepared statements, or PDO.

Here is a prepared statement method:

<?php

error_reporting(E_ALL);
ini_set('display_errors', 1);

mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);

    $mysqli = new mysqli("localhost","root","","boats4u");

    /* check connection */
    if (mysqli_connect_errno()) {
    printf("Connect failed: %s\n", mysqli_connect_error());
    exit();
    }
    
    
    /* Set the params */
    
    $client = $_POST['clientNo'];
    $boat = $_POST['boatNo'];
    $date = $_POST['viewDate'];
    $comment = $_POST['comment'];

    /* Create the prepared statement */
    if ($stmt = $mysqli->prepare("INSERT INTO boatviewing (clientNo,boatNo,viewDate,comment) VALUES (?, ?, ?, ?)")) {

    /* Bind the params */

    $stmt->bind_param('ssss', $client, $boat, $date, $comment);

    /* Execute the prepared statement */
    $stmt->execute();

    /* Echo results */
    echo "Inserted {$client}, {$boat}, {$date}, {$comment} into database.\n";

    /* Close the statement */
    $stmt->close();
    }
    else {
    /* Error */
    printf("Prepared Statement Error: %s\n", $mysqli->error);
    }

?>

If you don't want to use prepared statements (which you really should) and are in a learning state, at least use some protection using mysqli_real_escape_string()

$client = mysqli_real_escape_string($con,$_POST['clientNo']);
$boat = mysqli_real_escape_string($con,$_POST['boatNo']);
$date = mysqli_real_escape_string($con,$_POST['viewDate']);
$comment = mysqli_real_escape_string($con,$_POST['comment']);
Community
  • 1
  • 1
Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
0

Another thing, make sure your connection is ok, reading http://docs.php.net/manual/pl/mysqli.construct.php,

mysqli_connect("localhost","root","","boats4u")or die(mysqli_error());;

will return an object anyway, so

or die(mysqli_error());

won't execute because connect returns and object with ->connect_errno set

Bartłomiej Wach
  • 1,968
  • 1
  • 11
  • 17
0
$res = mysqli_query($con,"INSERT INTO `boatviewing`(`clientNo`,`boatNo`,`viewDate`,`comment`)
    VALUES ($client,$boat,$date,$comment)");

try this.

Ankit Aranya
  • 930
  • 1
  • 10
  • 17