0

I haven't done anything with PHP or MYSQL since last year and I was still only a beginner then, so please forgive the question. I'm sure I am missing something so simple and obvious but for the life of me can't figure it out, so I hope someone can point me in the right direction.

Here is my set up: I have a db_connect.php page where my Database connection details are

$dbc = new mysqli('localhost', 'root', '', 'db_name');

//run connect_errno to enure it connects to the db. If not then kill the rest of the script and show error message
if($dbc->connect_errno) {
    die('Failed to connect to the MYSQL Database');
}

I have a add_stocktake.php page with the following form:

<div class ="wrapper">
 <?php if (isset($_GET["status"]) AND $_GET["status"] == "success") { ?>
         <p> Your Successfully added a new stock take. </p>
 <?php } else { ?> 



            <form method="post" action="add_stocktake.php">
                <table>
                    <tr>
                        <th>
                            <label for="manufacturer">Manufacturer</label>
                        </th>
                        <td>
                            <input type="text" name="manufacturer" id="manufacturer">
                        </td>
                        <th>
                            <label for="model">Model</label>
                        </th>
                        <td>
                            <input type="text" name="model" id="model">
                        </td>
                        <th>
                            <label for="product_name">Product Name</label>
                        </th>
                        <td>
                            <input type="text" name="product_name" id="product_name">
                        </td>
                        <th>
                            <label for="quantity">Quantity</label>
                        </th>
                        <td>
                            <input type="text" name="quantity" id="quantity">
                        </td>
                    </tr>
<tr>
                        <th>
                            <label for="stocktake_date">Date of Stock take</label>
                        </th>
                        <td>
                            <input type="date" name="stocktake_date" id="stocktake_date">
                        </td>
</table>
                <p>
                <input type="submit" value="Save">
            </form>
         <?php }?> 
</div>

and the following php:

<?php
require 'db_connect.php';

if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $manufacturer = trim($_POST["manufacturer"]);
    $model = trim($_POST["model"]);
    $product_name = trim($_POST["product_name"]);
    $quantity = trim($_POST["quantity"]);
    $stocktake_date = trim($_POST["stocktake_date"]);

    //VALIDATIONS

    if ($manufacturer == "" OR $model == "" OR $product_name == "" OR $quantity == "" OR $quantity == "" OR $stocktake_date == ""){
        $error_message = "You must fill in all the fields.";
    }

// if there's not a previous error message run a database query to add information to the database
    if (!isset ($error_message)) {
        $query =
        $sql = "INSERT INTO stocktake_tbl ('manufacturer','model','product_name','quantity','stocktake_date') VALUES ('".$manufacturer."','".$model."','".$product_name."','".$quantity."','".$stocktake_date."')";
          $query_run = mysqli_query($dbc, $sql);
            echo "This has been saved successfully";
    }

}
?>

Here is what has happens: When I load the page first time and click the save button with nothing entered the page is just refreshed (no error messages). When I fill in the information and click save the page refreshes and it says the "This has been saved successfully" message. When I go to PHPmyadmin there has been nothing added. I added some values while I was at myadmin and then did a query within my page to see if I could pick up the information and it just returned a blank screen so I know it must something I have or haven't done correctly in regards to connecting it up.

Any advice is greatly appreciated (will teach me for leaving it alone for so long!)

Thanks

RayRay
  • 27
  • 9
  • where's your insert query. Obvious check would be to print out the query onto the screen and run it in PHPMyAdmin to see if it works there. Likely an uncaught syntax issue – Marshall Tigerus May 11 '15 at 18:57
  • Wher eis your inserstion code. i just see connection code? – Alive to die - Anant May 11 '15 at 18:58
  • Sorry, was then updating the post with the PHP as you were commenting it's on there now – RayRay May 11 '15 at 18:58
  • None of the column names in the `INSERT` statement may be single quoted. See [When to use single quotes, double quotes, backticks](http://stackoverflow.com/questions/11321491/when-to-use-single-quotes-double-quotes-and-backticks) To see it report errors, you would need to check `if (!$query_run) echo mysqli_error($dbc);` – Michael Berkowski May 11 '15 at 19:00
  • See also [How can I prevent SQL injection in PHP](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) This code is currently vulnerable, and would benefit from using `prepare()/bind_param()/execute()` with MySQLi per the examples in the answers. – Michael Berkowski May 11 '15 at 19:01
  • Thank you Michael Berkowski for the reminder on the SQL Injections! Shall certainly move on to that once I have this sorted. And thank you for the link, I have removed the single quotes and this is still not updating in myadmin database – RayRay May 11 '15 at 19:08
  • I printed the query - turns out there was a slight mistyping of one of the column names, amended this and now works perfectly. Thank you Marshall Tigerus for the suggestion and thank you Michael Berkowski for your helpful links also – RayRay May 11 '15 at 19:13

0 Answers0