0

im currently displaying all the information from the table product in a tabular format, i have a button ADD which when click should add only the id, name and price from the table product to the table product_add in the same database. but my problem is that when i click on the button ADD, nothing is entered in the product_add table.

  <?php

   include'connect.php';

   $image =$_GET['image'];
   $id =$_GET['id'];
   $name =$_GET['name'];
   $price=$_GET['price'];

   $sql="SELECT * FROM product";
   $result = mysql_query($sql);
   if($result>0)
   {

?>

<form method="post" id="form" name="form">
   <table border='1'>

<?php

   while ($row = mysql_fetch_array($result))
   {
      extract($row);

?>                   

      <tr>
         <td><?php echo $row['id']?></td>
         <td><img src=<?php echo $row['image'] ?> /></td>
         <td><?php echo $row['name']?></td>
         <td><?php  echo $row['price']?></td>
         <td><input type='button' value='ADD' id="insert" name="insert"/></td>
      </tr>

<?php

   }

?>

   </table>
</form>

<?php

   }

   if(isset($_REQUEST['insert']))
   {
      $insert = "INSERT INTO product_add(id, name, price) 
                  VALUES  ('$row[id]','$row['name']','$row['price']')";
      $insertQuery=mysql_query($insert);
   }
?>

</body>
</html>

I have updated the codes as shown below but the last row from the table product is being added to the table product_add. I want to add only a specific row when i click on the button submit. 

    <?php
    include'connect.php';

   $image = isset($_GET['image']) ? $_GET['image'] : "";
   $id = isset($_GET['id']) ? $_GET['id'] : "";
   $name = isset($_GET['name']) ? $_GET['name'] : "";
   $price= isset($_GET['price']) ? $_GET['price'] : "";


   $sql="SELECT * FROM product";
   $result = mysql_query($sql);
    if($result>0){
     ?>
    <form method="POST" id="form" name="form">
<table border='1'>
<tr>
<th>Id</th>
<th>Image</th>
<th>Name</th>
<th>Price MUR</th>
</tr>
    <?php

 while ($row = mysql_fetch_array($result)){
    extract($row);

  ?>                     

    <tr>
    <td><input name="id" value="<?php echo htmlspecialchars($row['id']); ?>">
            </td>
    <td><img src=<?php echo $row['image'] ?>  width='120' height='100'/></td>
    <td><input name="name" value="<?php echo htmlspecialchars($row['name']); 
             ?>"></td>
    <td><input name="price" value="<?php echo htmlspecialchars($row['price']);
               ?>"></td>
    <td>
      <input id="submit" type="submit" name="submit" value='Add to cart' />
    </td>
    </tr>
             <?php
         }
               ?>   
       </table>
          </form>
            <?php
           }

            if (isset($_REQUEST['submit']))
             {
            $insert = "INSERT INTO product_add(id, name, price) VALUES ('$id', 
             '$name','$price')";
             $insertQuery=mysql_query($insert);
               }
                ?>
user3603670
  • 23
  • 1
  • 2
  • 7
  • 1
    Since you're using all GET, change your method to `action="get"` instead of POST. Add error reporting to the top of your file(s) `error_reporting(E_ALL); ini_set('display_errors', 1);` – Funk Forty Niner May 20 '14 at 15:08
  • 1
    Also note that some older browsers (IE especially), ` – Funk Forty Niner May 20 '14 at 15:13
  • It might be a DB error. Try print mysql_error() in the if statement where you insert into product_add. Are you sure the program is entering that if statement? Print out the value of $_REQUEST['insert']. – Miriam P. Raphael May 20 '14 at 15:13
  • You're requesting get values but your form method is post – CoderDojo May 20 '14 at 15:18
  • Also, you're missing quotes around the image 'src' tag. – Miriam P. Raphael May 20 '14 at 19:49
  • And there is no space between the include and the first quote in include'connect.php'; – Miriam P. Raphael May 20 '14 at 19:50
  • [Your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Jay Blanchard Mar 11 '16 at 13:18
  • Please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard Mar 11 '16 at 13:18
  • [ID's Must Be Unique](http://stackoverflow.com/questions/5611963/can-multiple-different-html-elements-have-the-same-id-if-theyre-different-eleme), specifically because it will cause problems in [JavaScript](https://developer.mozilla.org/en-US/docs/Web/HTML/Global_attributes/id) and CSS when you try to interact with those elements. – Jay Blanchard Mar 11 '16 at 13:22
  • @user3603670 Do I answer your question in a simple way? If not, what can I add to solve this problem? –  Mar 11 '16 at 13:33
  • Guys, no one is getting the accepted answer. This question was asked 1 year ago and the user isn't responding to any questions... –  Mar 11 '16 at 14:20
  • 1
    The user was last seen in 2014, the question is nearly 2 years old @ProgrammingTree – Jay Blanchard Mar 11 '16 at 14:22

3 Answers3

1

Apart from the method (if your form uses POST, you should use $_POST in php), you do not have any form fields.

For example:

<?php echo $row['id']?>

Should be something like:

<input type="hidden" name="id" value="<?php echo $row['id']; ?>">

and:

<?php echo $row['name']?>

should be:

<input name="name" value="<?php echo htmlspecialchars($row['name']); ?>">

etc.

You should also switch to PDO or mysqli and prepared statements as the code you have now is vulnerable to sql injection. And ID's in html need to be unique.

jeroen
  • 91,079
  • 21
  • 114
  • 132
  • I have change the input type to submit and add the following if (isset($_POST['insert'])) { $insert = "INSERT INTO product_add(id, name, price) VALUES ('$id', '$name','$price')"; $insertQuery=mysql_query($insert); } As as click in on the submit button, it reload my url and the following is added to ?insert=Add+to+cart the url and still nothing is added to the table product_add – user3603670 May 20 '14 at 15:56
  • @user3603670 It seems you changed the method of your form to GET. You should not do that. It also seems you have not added the form fields like I showed in my answer. – jeroen May 20 '14 at 16:00
  • ok i've change the form to post and used the format of the fields as you have shown but still when click on the submit button, it does not add to database – user3603670 May 20 '14 at 16:12
  • Why don't you add some print statements to your script. Print out the form variables at the top of your script and see if they're set. Then check to see the logic flow by adding more print statements. Lastly, add that 'mysql_error();' that I mentioned in my previous comment right after the mysql_query(). – Miriam P. Raphael May 20 '14 at 19:47
  • @user3603670 We cannot guess what the problem is with your code without seeing it. You should update your question and put the actual code below the original version. – jeroen May 20 '14 at 20:48
1

One point is, you have multiple 

<input type='button' ...>

with the same id="insert". ids must be unique within a web page.

The other thing is, you need a submit input to send the form 

<input type="submit" ...>

From Submit Button state (type=submit)

The input element represents a button that, when activated, submits the form.

With <input type='button' ...> nothing happens, because it has no default action, see Button state (type=button)

The input element represents a button with no default behavior.

If you want an <input type='button' ...> to submit the form, you must do so by using some Javascript code.

Olaf Dietsche
  • 72,253
  • 8
  • 102
  • 198
  • I have change the input type to submit and add the following if (isset($_POST['insert'])) { $insert = "INSERT INTO product_add(id, name, price) VALUES ('$id', '$name','$price')"; $insertQuery=mysql_query($insert); } As as click in on the submit button, it reload my url and the following is added to ?insert=Add+to+cart the url and still nothing is added to the table product_add – user3603670 May 20 '14 at 15:52
  • This is the first step, you have submitted the form. The next step is to add the needed input fields and read them when the form is sent to the server, but this would be another question. – Olaf Dietsche May 20 '14 at 16:00
0

One idea is to load content once the button is clicked.

js

$("#button").click(function() {
 $("#holder").load("insert.php"); 
});

insert.php

$db->query("INSERT INTO table VALUES('one','two','three')");
Jay Blanchard
  • 34,243
  • 16
  • 77
  • 119
  • 1
    [Your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) and you missed the duplicated ID's which cause the code to fail in way that you wouldn't expect. – Jay Blanchard Mar 11 '16 at 13:18
  • @JayBlanchard Which part is at risk for SQL Injection Attack. The SQL Query, Loading content, etc. Please don't say: "All of it." –  Mar 11 '16 at 13:20
  • The OP is using uncleansed variables in their `INSERT` statement, you are just reinforcing it is OK to do so. – Jay Blanchard Mar 11 '16 at 13:27
  • @JayBlanchard Please stop attacking me! Look at my code again, I am not inserting user generated variables. I have no variables to cleanse. I am inserting the string "one","two" and "three" into the table. The question is about inserting to the db on the click of a button, not about SQL Injection. That is why I left variables out of my answer. Would you please stop attacking me? –  Mar 11 '16 at 13:32
  • 2
    There is no attack going on, I am just trying to help you improve your answers. – Jay Blanchard Mar 11 '16 at 13:36
  • 1
    One other thing, you suggest an AJAX solution when the OP doesn't need jQuery/JavaScript or AJAX *at all*. ***Good answers*** try to take into account everything that is going on with the question and then address possible enhancements. – Jay Blanchard Mar 11 '16 at 14:03
  • @JayBlanchard What are the chances he's already using JavaScript or JQuery. Every solution doesn't need to be rocket science. –  Mar 11 '16 at 14:11
  • 2
    The chances, based on the facts we know now, are pretty low. You're right, everysolution does not need to be rocket science *but* it does need to take into account the problems the OP is showing us. In this case there are many problems with the OP's code which need to be cleared up to help them to get their code working *before* we can begin to suggest improvements. – Jay Blanchard Mar 11 '16 at 14:15
  • 1
    To answer *"Are you already using JS or Jquery? If so, my answer is the easiest."* If the OP *is* using JS or jQuery you're going to have to clear up the duplicate ID problem first, else your answer will fail in some unpredictable ways. Loading the insert.php returns nothing as the PHP echos nothing, so why even return? – Jay Blanchard Mar 11 '16 at 14:18