code does not print values in database

Question

I am trying to store values in database but could not find the reason for awhile. I have created form in html which redirect to php page by using method post.

I am just going to write php code because HTML is huge.

//include connection file
include 'connection.php';

//receive posts
$ime=$_POST['naziv'];
$adresa=$_POST['adresa'];
$drzava=$_POST['drzava'];
$grad=$_POST['grad'];
$web=$_POST['web'];
$email=$_POST['email1'];
$tel=$_POST['tel1'];
$fax=$_POST['fax'];
$kategorija1=$_POST['kategorija1'];
$kontakt_osoba=$_POST['kontaktosoba'];
$funkcija=$_POST['funkcija'];
$tel2=$_POST['tel2'];
$mobitel=$_POST['mobitel'];
$email2=$_POST['email2'];
$email3=$_POST['email3'];

$forma_rec=$_POST['forma'];
$forma=implode(", ", $forma_rec);

$kategorija2_rec=$_POST['kategorija2'];
$kategorija2=implode(", ", $kategorija2_rec);
$usluge_ostalo=$_POST['usluge_ostalo'];
$oprema_ostalo=$_POST['oprema_ostalo'];

//checkbox values in HTML
$oprema_rec=$_POST['oprema'];
$oprema=implode(", ", $oprema_rec);

//checkbox values in HTML
$usluge_rec=$_POST['usluge'];
$usluge=implode(", ", $usluge_rec);

//checkbox values in HTML
$proizvodi_rec=$_POST['proizvodi'];
$proizvodi=implode(", ", $proizvodi_rec);

// I have tried this query
$query="INSERT INTO clanovi(NAZIV, ADRESA, DRZAVA, GRAD, EMAIL, WEB, TEL1, FAX, KATEGORIJA, KONTAKT-OSOBA, FUNKCIJA,TEL2, 
MOBITEL, EMAIL2, EMAIL3, FORMA, KATEGORIJA2, OPREMA, OSTALA-OPREMA, USLUGE, OSTALE-USLUGE, PROIZVODI) 
VALUES ($ime,$adresa,$drzava,$grad,$email,$web,$tel,$fax,$kategorija1,$kontakt_osoba,$funkcija,$tel2,$mobitel,$email2,$email3,$forma,$kategorija2,$oprema,$oprema_ostalo,$usluge,$usluge_ostalo,$proizvodi)";

// This didnot work then I tried to divide into 7 queries 


  $query1="INSERT INTO clanovi (NAZIV, ADRESA, DRZAVA, GRAD, EMAIL, WEB, TEL1, FAX, KATEGORIJA, KONTAKT-OSOBA, FUNKCIJA,TEL2, 
MOBITEL, EMAIL2, EMAIL3, FORMA) VALUES ('$ime', '$adresa', '$drzava', '$grad', '$email', '$web', '$tel', '$fax', '$kategorija1', '$kontakt_osoba', '$funkcija', '$tel2', '$mobitel', '$email2', '$email3')";

$query2="INSERT INTO clanovi KATEGORIJA2 VALUES ('$kategorija2')";

$query3="INSERT INTO clanovi OPREMA VALUES ('$oprema')";

$query4="INSERT INTO clanovi OSTALA-OPREMA VALUES ('$oprema_ostalo')";

$query5="INSERT INTO clanovi USLUGE VALUES ('$usluge')";

$query6="INSERT INTO clanovi OSTALE-USLUGE VALUES ('$usluge_ostalo')";

$query7="INSERT INTO clanovi (PROIZVODI) VALUES ($proizvodi)";

mysql_query($query1);
mysql_query($query2);
mysql_query($query3);
mysql_query($query4);
mysql_query($query5);
mysql_query($query6);
mysql_query($query7);

when I do echo for each query I get results but have no clue why is not storing values in database. Any help would be appreciated Thanks

You're not showing any code that actually executes the queries. — Patrick Q, May 07 '14 at 20:54
Think => **QUOTES**! in your values. Plus, injection alert. Your present code is open to [**SQL injection**](http://stackoverflow.com/q/60174/). Use [**prepared statements**](http://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php), or [**PDO**](http://php.net/pdo). — Funk Forty Niner, May 07 '14 at 20:56

Chancho · Answer 1 · 2014-05-07T21:04:00.747

0

You are just storing the queries into variables. Your're not actually inserting them, or is there missing a pice of code ?

mysqli_query($query1);

edited May 07 '14 at 21:04

answered May 07 '14 at 20:55

Chancho

1,930
2
15
20

Nope, that's not it, well not completely. – Funk Forty Niner May 07 '14 at 20:58
@Fred-ii- So you do have some code to insert the data in your database but you left it out in your question ? – Chancho May 07 '14 at 21:00
I'm not the person asking the question; I'm an innocent bystander ;-) – Funk Forty Niner May 07 '14 at 21:02

score 0 · Answer 2 · answered May 07 '14 at 20:55

First, it looks like you don't have quotes around your strings. E.g.

VALUES ($ime

should be:

VALUES ('$ime'

Second, this is code is very vulnerable to sql injection attacks.

Third, as others pointed out already, you need to call the SQL if you aren't in code that you didn't post.

score 0 · Answer 3 · answered May 07 '14 at 20:55

0

$query1="INSERT INTO clanovi (NAZIV, ADRESA, DRZAVA, GRAD, EMAIL, WEB, TEL1, FAX, KATEGORIJA, KONTAKT-OSOBA, FUNKCIJA,TEL2, 
MOBITEL, EMAIL2, EMAIL3, FORMA) VALUES ($ime, $adresa, $drzava, $grad, $email, $web, $tel, $fax, $kategorija1, $kontakt_osoba, $funkcija, $tel2, $mobitel, $email2, $email3)";

Try this:

$query1="INSERT INTO clanovi (NAZIV, ADRESA, DRZAVA, GRAD, EMAIL, WEB, TEL1, FAX, KATEGORIJA, KONTAKT-OSOBA, FUNKCIJA,TEL2, 
MOBITEL, EMAIL2, EMAIL3, FORMA) VALUES ('$ime', '$adresa', '$drzava', '$grad', '$email', '$web', '$tel', '$fax', '$kategorija1', '$kontakt_osoba', '$funkcija', '$tel2', '$mobitel', '$email2', '$email3')";

answered May 07 '14 at 20:55

VikingBlooded

884
1
6
17

1

What about injection? – Funk Forty Niner May 07 '14 at 20:57
Oh that's a whole different can of worms that was addressed by others here already. – VikingBlooded May 07 '14 at 20:58
LOL! Hey.. that's my expression! *can of worms* haha (kidding) doesn't hurt to mention it though. – Funk Forty Niner May 07 '14 at 20:59

code does not print values in database

3 Answers3