PHP code not working (Not inserting data into database)

Question

I am trying to process a form which will insert data into database, but it is inserting anything in database. I am trying this since couple of days...but got no solution....it is also not showing any error also..please guide....asap...

<?php
 if(isset($_POST['submit'])){
  $generic_drug_name = $_POST['generic_drug_name'];
  $brand_drug_name = $_POST['brand_drug_name'];
  $manufacturer_name = $_POST['manufacturer_name'];
  $type = $_POST['type'];
  $price = $_POST['price'];
 }else{
  $generic_drug_name = '';
  $brand_drug_name = '';
  $manufacturer_name = '';
  $type = '';
  $price = '';
}
$errors = ''; 
$errors['generic_drug_nameErr'] = '';
$errors['brand_drug_nameErr'] = '';
$errors['manufacturer_nameErr'] = '';
$errors['typeErr'] = '';
$errors['priceErr'] = '';

?>
<body>
<header>
<?php echo navigation(); ?>
</header>
<section>       
<div id="envelope">

<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="post">

<?php       

    if ($_SERVER["REQUEST_METHOD"] == "POST") {
        if (empty($_POST["generic_drug_name"])) {
           $errors['generic_drug_nameErr'] = "Name is required";

        }else{
           $generic_drug_name = test_input($_POST["generic_drug_name"]);
             // check if name only contains letters and whitespace
             if (!preg_match("/^[a-zA-Z ]*$/",$generic_drug_name)) {
               $errors['generic_drug_nameErr'] = "Only letters and white space allowed";
             }
           }
        if (empty($_POST["brand_drug_name"])) {
           $errors['brand_drug_nameErr'] = "Name is required";

        }else{
           $brand_drug_name = test_input($_POST["brand_drug_name"]);
             // check if name only contains letters and whitespace
             if (!preg_match("/^[a-zA-Z ]*$/",$brand_drug_name)) {
               $errors['brand_drug_nameErr'] = "Only letters and white space allowed";
             }
           }
        if (empty($_POST["manufacturer_name"])) {
           $errors['manufacturer_nameErr'] = "Name is required";

        }else{
           $manufacturer_name = test_input($_POST["manufacturer_name"]);
             // check if name only contains letters and whitespace
             if (!preg_match("/^[a-zA-Z ]*$/",$manufacturer_name)) {
               $errors['manufacturer_nameErr'] = "Only letters and white space allowed";
             }
           }
        if (empty($_POST["type"])) {
             $errors['typeErr'] = "Type is required";
           } else {
             $type = test_input($_POST["type"]);
             // check if e-mail address is well-formed
             if (!preg_match("/^[a-zA-Z ]*$/",$type)) {
               $errors['typeErr'] = "Only letters and white space allowed";
             }
           }
        if (empty($_POST["price"])) {
             $errors['priceErr'] = "";
           } else {
             $price = test_input($_POST["price"]);
             // check if e-mail address is well-formed
             if (!preg_match("/^[0-9\_]{1,4}/",$price)) {
               $errors['priceErr'] = "Invalid price format";
             }
           }                        
    }
?>
<center><h1>Add a new brand drug</h1></center><br>
<label>Generic Drug Name</label><span class="error">* </span><span class="text"><?php echo $errors['generic_drug_nameErr'];?></span>
<input type="text" name="generic_drug_name" placeholder="Enter Generic drug Names" value="<?php echo htmlspecialchars($generic_drug_name); ?>" width="100px;"/>
<label>Brand Drug Name</label><span class="error">* </span><span class="text"><?php echo $errors['brand_drug_nameErr'];?></span>
<input type="text" name="brand_drug_name" placeholder="Amlokind" autofocus="autofocus" value="<?php echo htmlspecialchars($brand_drug_name); ?>" width="100px;">
<label>Manufacturer</label><span class="error">* </span><span class="text"><?php echo $errors['manufacturer_nameErr'];?></span>
<input type="text" name="manufacturer_name" placeholder="Glaxo Smithkline Pharmaceuticals Pvt. Ltd." autofocus="autofocus" value="<?php echo htmlspecialchars($manufacturer_name); ?>">
<label>Type</label><span class="error">* </span><span class="text"><?php echo $errors['typeErr'];?></span>
<input type="text" name="type" placeholder="Tablet" autofocus="autofocus" value="<?php echo htmlspecialchars($type); ?>">       
<label>Price</label><span class="error">* </span><span class="text"><?php echo $errors['priceErr'];?></span>
<input type="text" name="price" placeholder="10.45" autofocus="autofocus" value="<?php echo htmlspecialchars($price); ?>" >
<input type="submit" name = "submit" value="Add" id="submit"/>

</form>
</div>
<?php  
if(isset($_POST['submit'])){
 /*$generic_drug_name = $_POST['generic_drug_name'];
 $brand_drug_name = $_POST['brand_drug_name'];
 $manufacturer_name = $_POST['manufacturer_name'];
 $type = $_POST['type'];
 $price = $_POST['price'];*/
    if(empty($errors)){
        $safe_generic_drug_name = strtoupper($generic_drug_name);               
        $safe_brand_drug_name = strtoupper($brand_drug_name);
        $safe_manufacturer_name = ucwords($manufacturer_name);
        $safe_type = ucfirst($type);
        $safe_price = $price;

        $query = "INSERT INTO brand_generic.brand_drug (drug_id, brand_drug_name, manufacturer, type, price)   
                    SELECT id, '{$safe_brand_drug_name}','{$safe_manufacturer_name}', '{$safe_type}', {$safe_price}
                    FROM brand_generic.generic_drug 
                    WHERE generic_drug_name = '{$safe_generic_drug_name}';";
                //INSERT INTO brand_generic.brand_drug (drug_id, brand_drug_name, manufacturer, type, price) VALUES ((SELECT id FROM brand_generic.generic_drug WHERE generic_drug_name = 'AMLODIPINE'), 'ZODIPINE', 'Zorex Pharma Pvt  Ltd', 'Tablet', 10);
        if(!$query){ 
            die(mysqli_error());
        }
        $result = mysqli_query($connection, $query);
        var_dump($result);

        if($result){
        $_SESSION["message"] = "Successfully subject created";
            //redirect_to("manage_content.php");
        echo $_SESSION["message"];
        }else{
        $_SESSION["message"] = "Sorry, subject couldn't be created";
            //redirect_to("new_subject.php");
        echo $_SESSION["message"];
        }
    }
}

?>

This code is also not showing any error....so that's why I can't tell you what's wrong here......but it's not working...that's all I can say right now....Thank You...:) Hello everyone once again, thanks for your suggestion, but it didn't work for me....but when I put

if(!empty($errors)){

instead of

if(empty($errors)){

it works....it should not work, right?...because it will take any data and insert it into database..if not please guide me....Thank you to all...:)

first do `echo $query` and copy it, then paste it phpmyadmin's sql and run it.. then post the Error here!! — Shaunak Shukla, Aug 23 '14 at 12:18
your `insert` query is wrong.. it is not same like you commented below it! — Shaunak Shukla, Aug 23 '14 at 12:19
Hey Shaunak, thanks for trying to help me...but as you said above that my insert query is wrong..is not correct...my query is running fine.....help me if you have any other answer...thank you...:) — santa banta, Aug 23 '14 at 13:07
Hey arunrc, I didn't know that..because in a lots of my php file i am using two $_POST['submit']..but it is not showing any error...but still I formatted my code any use only one $_POST['submit']...but still no cure....still not working....thanks anyway...:) — santa banta, Aug 23 '14 at 13:22
You are _wonderfully_ open to SQL Injection. You need to be using [parameterized queries](http://stackoverflow.com/a/60496/812837). — Clockwork-Muse, Aug 24 '14 at 05:33
Thanks, Clockwork-Muse, but I have taken care of SQL injection. In code where you see test_input function, this function takes care of that......thank you once again....but still my problem is not cured..... — santa banta, Aug 24 '14 at 06:25

score 0 · Answer 1 · edited Aug 23 '14 at 12:19

0

You cant use set a session after starting printing to browser.

so move

if(isset($_POST['submit'])){

to the top of page, before the HTML.

edited Aug 23 '14 at 12:19

NoobEditor

15,563
19
81
112

answered Aug 23 '14 at 12:16

BenB

2,747
3
29
54

Hey friends, thanks for taking time out to look at my code but I tried as you said above. I moved if(isset($_POST['submit'])){ with all code inside it...but still it's not working....I am all out guys....thanks anyway....:) – santa banta Aug 23 '14 at 13:18

Elisha · Answer 2 · 2014-08-23T12:32:44.493

0

It shows a debug error message like follows.

Fatal error: Call to undefined function navigation() in /var/www/poc.php on line 25

It mean the function navigation() is used but not created any where in the script. And fatal error won't let the script to further proceed. So it is a blocking point

At least include following line at top of PHP block will avoid the error

<?php 
function navigation(){
return 1;
}
?>

Additionally if you want to see the error message on your server use following two lines on the top of the script.

<?php
error_reporting(E_ALL);
ini_set("display_errors", 1);
?>

edited Aug 23 '14 at 12:32

answered Aug 23 '14 at 12:21

Elisha

1,658
3
11
9

Hey Elisha, thanks. But I am calling function navigation() from functions.php file. So, it's working fine, that means it is not showing any error....I took your advice and add those two line on top of my page...but still not showing any error.....please help me.....thanks once again...:) – santa banta Aug 23 '14 at 13:03

PHP code not working (Not inserting data into database)

2 Answers2