PHP Not Inserting Content in mySQL Database: Text, Images, Anything

Question

So here is my dilemna that I've been reviewing and trying to break through for the last few days. I've created a basic login/register PHP system, which works fine. I've implemented a blog system that displays posts. I've written an add post function which does not post to the database, and it doesn't throw back an error function either.

I don't really understand because my register system works and adds new users, but the 'add blog post' does nothing. I can add from the database and it displays fine, but nothing here.

<?php
    error_reporting(E_ALL & ~E_NOTICE);
    session_start();

    if (isset($_SESSION['id'])) {

        $userId = $_SESSION['id'];
        $username = $_SESSION['username'];
    } else {
        header('Location: login.php');
        die();
    }

    if ($_POST['submit']) { 
        $title = strip_tags($_POST['title']);
        $subtitle = strip_tags($_POST['subtitle']);
        $content = strip_tags($_POST['content']);

        mysqli_query($dbCon, $userREQ3);
        $userREQ3 = " INSERT INTO `logindb`.`blog` 
        (`title`, `subtitle`, `content`) VALUES ('$title','$subtitle','$content')";

    }
?>

<!DOCTYPE html>
 <html>

   <head>

   </head>

   <body>
     Welcome, <?php echo $username; ?>, You are logged in. Your user id is <?php echo $userId; ?>.

    <a href="index.php">Index</a>
    <form action="logout.php">
        <input type="submit" value="Log me out!">
    </form>

    <form method="post" action="admin.php">
        Title: <input type="text" name="title"/><br>
        Subtitle: <input type="text" name="subtitle"/><br>
        <br>
        <br>
        Content: <textarea name="content"></textarea>
        <input type="submit" value="Write Post"/>
    </form>

   </body>
</html>

write this line after your insert query `mysqli_query($dbCon, $userREQ3);`also not able to see your database connection code — Saty, Jun 27 '15 at 12:46

score 3 · Accepted Answer · edited May 23 '17 at 12:30

Your code is failing for two reasons.

Your conditional statement is looking for a named element called "submit"
You're trying to execute before the statement. Place your query (mysqli_query())"below" the values and do mysqli_query($dbCon, $userREQ3) or die(mysqli_error($dbCon));

Sidenote: Change if ($_POST['submit']) { to if (isset($_POST['submit'])) { it's better.

and <input type="submit" value="Write Post"/>
to <input type="submit" name="submit" value="Write Post"/>

SQL injection:

Your present code is open to SQL injection. Use mysqli with prepared statements, or PDO with prepared statements.

Also, you have variables in the body of your code, which may throw undefined variable x on initial page load.

Use a ternary operator for this
http://php.net/manual/en/language.operators.comparison.php
Use this for all your inputs/variables

As stated (in comments below): Make sure that you have connected to your database and using a mysqli method and not another API.

https://secure.php.net/mysqlinfo.api.choosing

Different MySQL APIs do not intermix with each other. Use the same MySQL API from connection to query.

Add error reporting to the top of your file(s) which will help find errors.

<?php 
error_reporting(E_ALL);
ini_set('display_errors', 1);

// rest of your code

Sidenote: Error reporting should only be done in staging, and never production.

Successful query or not:

To see if the query was indeed successful, or failed, check for errors and use affected_rows.

References:

PHP Not Inserting Content in mySQL Database: Text, Images, Anything

If you were trying to use images, then a valid enctype is required to be included in the form tags.

Depending on how/what you wanted to insert for the images, than that could be a factor.

If you're wanting to insert the image as a path is one thing, but using it "as an image", say a BLOB then that has limitations in size; use LONGBLOB and you must escape that data before going in the database.

Consult:

welcome +10 form my side. you beat me also on this. ha ha ha — Alive to die - Anant, Jun 27 '15 at 12:52
Also add one key point to your answer he is not added database connection or include any connection file — Saty, Jun 27 '15 at 12:53
@Saty Duly noted in my answer (edited), thank you for your comment. Every little bit helps, *cheers* — Funk Forty Niner, Jun 27 '15 at 12:56
Thank you so much! I really appreciate the help - I want to be good and you guys are incredible teachers. Thank you! — Skipper, Jun 27 '15 at 17:15

score 0 · Answer 2 · edited Jun 28 '15 at 17:00

0

Try to generate the query first, then execute it...

$userREQ3 = " INSERT INTO `logindb`.`blog` 
(`title`, `subtitle`, `content`) VALUES ('$title', '$subtitle','$content')";


mysqli_query($dbCon, $userREQ3);

edited Jun 28 '15 at 17:00

Matt

74,352
26
153
180

answered Jun 27 '15 at 12:46

user1844933

3,296
2
25
42

There is a closing brace `}` with no opening brace `{` make sure they make and the code is complete and also explain your code in detail – Ram Jun 27 '15 at 18:45

PHP Not Inserting Content in mySQL Database: Text, Images, Anything

2 Answers2

Linked