-2

my code returns success, but it does not insert the record to the table "bekuldottkerdesek". What is causing the problem?

Even select command fails, when I start to echo some records from the table.

This is how the table looks: imgur

    <?php
$servername = "***";
$username = "***";
$password = "***";
$dbname = "***";

$conn = new mysqli($servername, $username, $password, $dbname);
date_default_timezone_set('Europe/Bucharest');
$current_date = date("Y-m-d H:i:s");
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

$check="SELECT * FROM bekuldottkerdesek WHERE kerdes = '$_POST[kerdes]'";
$res = mysqli_query($conn,$check);
if($res->num_rows){
   header("Location: /bekuld.php?hiba=1");
}
  else
  {
    $var1 = isset($_POST['at']) ? 1 : 0;
    $var2 = isset($_POST['bt']) ? 1 : 0;
    $var3 = isset($_POST['ct']) ? 1 : 0;
    $sql = "INSERT INTO bekuldottkerdesek (datum, kerdes, a, b, c, at, bt, ct)
    VALUES ('$current_date', '$_POST[kerdes]', '$_POST[a]', '$_POST[b]', '$_POST[c]', $at, $bt, $ct)";

    if ($conn->query($sql) === TRUE) {
        echo "New record created successfully";
    } else {
        echo "Error: " . $sql . "<br>" . $conn->error;
    }
    header("Location: /bekuld.php?hiba=2");
  }
$conn->close();
?>
Aniket Shinde
  • 40
  • 6
Ahmad
  • 3
  • 4

1 Answers1

0

change the insert statment to ,error passing data from $_POST

 $sql = "INSERT INTO bekuldottkerdesek (datum, kerdes, a, b, c, at, bt, ct)
    VALUES ('$current_date', '{$_POST['kerdes']}', '{$_POST['a']}', '{$_POST['b']}', '{$_POST['c']}', $at, $bt, $ct)";

and change this statment 

$check="SELECT * FROM bekuldottkerdesek WHERE kerdes = '$_POST[kerdes]'";

to 

$check="SELECT * FROM bekuldottkerdesek WHERE kerdes = '{$_POST['kerdes']}'";
Osama Jetawe
  • 2,697
  • 6
  • 24
  • 40
  • Please please please don't run queries that include non-validated / non-sanitised user input. Read this answer and make security a priority: http://stackoverflow.com/a/3126175/50151 – Tom Wright May 31 '15 at 12:29