Php mySQL insertion

Question

I am having some difficulties with this code. I want to calculate values and insert them into a mysql database. When I go and hit the calculate button, the values calculate, but the data does not store in the database, although on a few random occasions of testing the code it decides to store. Any ideas what is wrong?

    $post_rings = $_POST['rings'];
    $post_wave = $_POST['wave'];
    $post_emitter = $_POST['emitter'];
    $post_gls =$_POST['gls'];
    $post_tiles = $_POST['tiles'];
    $post_fov = $_POST['fov'];
    if($post_rings=='' or $post_wave=='' or $post_emitter=='' or $post_gls=='' or $post_tiles=='' or $post_fov=='')
    {

echo "<script> alert('One of the fiels is empty')</script>";
exit();
}

else
{
$insert_query = "insert into posts (post_rings,post_wave,post_emitter,post_gls,post_tiles,post_fov) 
values ('$post_rings','$post_wave','$post_emitter','$post_gls', '$post_tiles','$post_fov')";

if(mysql_query($insert_query))
{

        echo "<center><h1>Values Entered Successfully</h1></center>";
    }

    }

}
?>
<html>
    <head>
        <title>Field of View Calculator</title>
    </head>
<body>
<form method="post" action="Test_Calculator.php" enctype="multipart/form-data">
    <table width="500" align="center" border="10">
    <tr>
        <td align="center" bgcolor="khaki" colspan="6"><h1>Field of View</h1></td>
    </tr>
    <tr>
        <td align="center" colspan="1">Input</td>
        <td align="center" colspan="1">Intermediate Variables</td>
        <td align="center" colspan="1">Output</td>

    </tr>
    <tr>
        <td>Number of Rings <input type="text" name="rings" value = "<?php echo $rings; ?>" size="30"></td>
        <td>Grating Lobe Separation <input type="text" name="gls" value = "<?php echo $gls; ?>" size="30"></td>
        <td>Field of View <input type="text" name="fov" value = "<?php echo $fov; ?>" size="30"></td>

    </tr>
    <tr>
        <td>Wavelength <input type="text" name="wave" value = "<?php echo $wave; ?>" size="30"></td>
        <td>Number of Tiles <input type="text" name="tiles" value = "<?php echo $tiles; ?>" size="30"></td>
    </tr>
    <tr>
        <td>Emitter Space<input id="email1" type="text" name="emitter" value = "<?php echo $emitter; ?>" size="30">
        <INPUT type="button" value="View Results" onClick="window.open('displayemitter.php','Results',' width=500,height=500')"> </td>
    </tr>

    <tr>
        <td align="center" colspan="6"><input type="submit" name="calculate" value="Calculate"></td>
    </tr>

</form>
</body>
</html>

`if (mysql_query($insert_query)) { echo '...'; } else { echo mysql_error(); }` ? At a guess, it's probably because you're not escaping the string variables that you're concatenating directly into the SQL, but then you *really* shouldn't be doing that (use a parameterised statement instead: see http://bobby-tables.com). — eggyal, Jul 08 '14 at 17:28
You're vulnerable to [SQL injection attacks](http://bobby-tables.com) and have absolutely NO error handling in your code. So yeah, it's going to fail and not tell you about it. Learning about injection attacks will probably also teach how to fix this code, so closing it with the standard dupe answer. — Marc B, Jul 08 '14 at 17:30

Php mySQL insertion

0 Answers0