Not adding values to database

Question

I just created ajax function which sends data to php and php to database. Inserting to dotp_task_log table, works fine. But further, when I need to add data to dotp_tasks after adding to dotp_task_log, it isn't adding, and I cant find why... I get the Gerror, Here is my php file which adds data to database.

<?php
$currentUser = isset($_POST['currentUser']) ? $_POST['currentUser'] : '';
$currentTasken = isset($_POST['currentTasken']) ? $_POST['currentTasken'] : '';
$currentPercent = isset($_POST['currentPercent']) ? $_POST['currentPercent'] : '';
    $con = mysql_connect("localhost", "root", "") or die(mysql_error());
    if(!$con)
        die('Could not connectzzz: ' . mysql_error());
    mysql_select_db("foxi" , $con) or die ("could not load the database" . mysql_error());

    $check = mysql_query("SELECT * FROM dotp_task_log");
    $numrows = mysql_num_rows($check);
    if($numrows >= 1)
    {
        //$pass = md5($pass);

        $ins = mysql_query("INSERT INTO dotp_task_log (task_log_creator, task_log_Task) VALUES ('$currentUser' , '$currentTasken')" ) ;

        if($ins)
        {
                $check = mysql_query("SELECT * FROM dotp_tasks");
                $numrows = mysql_num_rows($check);
                if($numrows > 1)
                {
                    //$pass = md5($pass);

                    $inss = mysql_query("INSERT INTO dotp_tasks (task_percent_complete) VALUES ('$currentPercent') WHERE task_id='$currentTasken'" ) ;

                    if($inss)
                    {
                        die("Succesfully added Percent!");
                    }
                    else
                    {
                        die("GERROR");
                    }

                }
                else
                {
                    die("Log already exists!");
                }
        }
        else
        {
            die("ERROR");
        }

    }
    else
    {
        die("Log already exists!");
    }


?>

Error checking. [1](http://php.net/manual/en/function.error-reporting.php) - [2](http://php.net/manual/en/function.mysql-error.php) — Funk Forty Niner, Jun 24 '15 at 14:39
Have you tried printing out the full query to the screen? It might be obvious that a value is missing etc. Also try running the query manually in your mysql client and see what error it gives. — simonwo, Jun 24 '15 at 14:41
Oh, INSERT... doesn't have a `WHERE` clause. [Error checking](http://php.net/manual/en/function.mysql-error.php) would have signaled the syntax error. INSERT ON DUPLICATE KEY does. You may have wanted to use UPDATE instead. ;-) so there's the problem. — Funk Forty Niner, Jun 24 '15 at 14:42
I have posted one below. I was busy writing it up and gathering reference links. — Funk Forty Niner, Jun 24 '15 at 14:51
Please read this link to learn about the right way to do mysql statements that don't leave your web app open to SQL injection attacks: https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php — Andy Lester, Jun 24 '15 at 14:52
Do you know why i get ReferenceError: Patikrinta is not defined jsfiddle.net/uaae0xcy — TorresAlGrande, Jun 24 '15 at 14:57

score 5 · Accepted Answer · edited May 23 '17 at 11:58

As I stated in comments:

INSERT... doesn't have a WHERE clause. Error checking would have signaled the syntax error. INSERT ON DUPLICATE KEY does. You may have wanted to use UPDATE instead

$inss = mysql_query("UPDATE dotp_tasks 
                     SET task_percent_complete = '$currentPercent' 
                     WHERE task_id='$currentTasken'" );

References:

Plus, do use error checking when testing:

http://php.net/manual/en/function.mysql-error.php

instead of echoing custom messages.

Add or die(mysql_error()) to mysql_query().

Add error reporting to the top of your file(s) which will help find errors.

<?php 
error_reporting(E_ALL);
ini_set('display_errors', 1);

// rest of your code

Sidenote: Error reporting should only be done in staging, and never production.

Footnotes:

Make sure your HTML form does hold a POST method and that all inputs bear the name attributes and no typos. Using error reporting, will signal that.
Your present code is open to SQL injection. Use mysqli with prepared statements, or PDO with prepared statements, they're much safer.

Do you know why i get ReferenceError: Patikrinta is not defined jsfiddle.net/uaae0xcy — TorresAlGrande, Jun 24 '15 at 14:57
@TorresAlGrande reload my answer if you haven't seen the part about your HTML form/elements and error reporting. JS isn't my bag, sorry. — Funk Forty Niner, Jun 24 '15 at 14:57
Cant find where you write about this https://jsfiddle.net/uaae0xcy/ **ReferenceError: Patikrinta is not defined** — TorresAlGrande, Jun 24 '15 at 14:59
@TorresAlGrande Again, the problem may lie in your HTML form. JS isn't what I'm good at. — Funk Forty Niner, Jun 24 '15 at 15:02

score 2 · Answer 2 · edited Jun 24 '15 at 15:06

2

Fred -ii- nailed it in his comment - you're using improper syntax in that query.

It looks like you want an update query, for example:

update dotp_tasks 
set task_percent_complete = '$currentPercent' 
where task_id = '$currentTasken'

Additionally - it's always best to avoid creating queries by formatting strings manually - you'll want to look into prepared statements to improve this code further.

edited Jun 24 '15 at 15:06

Funk Forty Niner

74,450
15
68
141

answered Jun 24 '15 at 14:49

nthall

2,847
1
28
36

Do you know why i get `ReferenceError: Patikrinta is not defined` https://jsfiddle.net/uaae0xcy/ – TorresAlGrande Jun 24 '15 at 14:51

Not adding values to database

2 Answers2