Query not inserting data

Question

trying to submit data from a form but does not seem to be working. Can't spot any problems?

        //Include connect file to make a connection to test_cars database
        include("prototypeconnect.php");

        $proId              =       $_POST["id"];
        $proCode            =       $_POST["code"];
        $proDescr           =       $_POST["descr"];
        $proManu            =       $_POST["manu"];
        $proCPU             =       $_POST["cpu"];
        $proWPU             =       $_POST["wpu"];
        $proBarCode         =       $_POST["barcode"];
        $proIngredients     =       $_POST["ingredients"];
        $proAllergens       =       $_POST["allergenscon"];
        $proMayAllergens    =       $_POST["allergensmay"];

        //Insert users data in database
        $sql = "INSERT INTO prototype.Simplex_List (id, code, descr, manu, cpu, wpu, barcode, ingredients, allergenscon, allergensmay) 
        VALUES ('$proId' , '$proCode', '$proDescr' , '$proManu' , '$proCPU' , '$proWPU' , '$proBarCode' , '$proIngredients' , '$proAllergens' , '$proMayAllergens')";

        //Run the insert query
        mysql_query($sql)

Answer 1

First and foremost, please do not use mysql_*** functions and please use prepared statements with PDO http://php.net/manual/en/pdo.prepare.php or mysqli http://php.net/manual/en/mysqli.quickstart.prepared-statements.php instead. Prepared statements help protect you against sql injection attempts by disconnecting the user submitted data from the query to the database.

You may want to try using mysql_real_escape_string http://php.net/manual/en/function.mysql-real-escape-string.php to ensure no stray " or ' is breaking your query.

    $proId              =       mysql_real_escape_string($_POST["id"]);
    $proCode            =       mysql_real_escape_string($_POST["code"]);
    $proDescr           =       mysql_real_escape_string($_POST["descr"]);
    $proManu            =       mysql_real_escape_string($_POST["manu"]);
    $proCPU             =       mysql_real_escape_string($_POST["cpu"]);
    $proWPU             =       mysql_real_escape_string($_POST["wpu"]);
    $proBarCode         =       mysql_real_escape_string($_POST["barcode"]);
    $proIngredients     =       mysql_real_escape_string($_POST["ingredients"]);
    $proAllergens       =       mysql_real_escape_string($_POST["allergenscon"]);
    $proMayAllergens    =       mysql_real_escape_string($_POST["allergensmay"]);

Additionally ensure your form is being submitted by calling var_dump($_POST) to validate the data

You can also see if the query is erroring by using mysql_error http://php.net/manual/en/function.mysql-error.php

if (!mysql_query($sql)) {
   echo mysql_error();
}

Answer 2

advices about PDO, prepared statements were done.

1) Do you have a database and connection to it? Look at your prototypeconnect.php and find database name there. check that its name and password is similar that u have.

2) Do you have a table named prototype.Simplex_List in your database?

a) IF YOU HAVE: check if your mysql version >= 5.1.6 http://dev.mysql.com/doc/refman/5.1/en/identifiers.html

b) IF YOU HAVE BUT ITS NAME is Simplex_List:

b-1) if your database name IS NOT prototype:

replace your

$sql = "INSERT INTO prototype.Simplex_List

with

$sql = "INSERT INTO Simplex_List

b-2) if your database name IS prototype:

you should escape your $_POST data with mysql_real_escape_string as @fyrye said.

c) IF YOU HAVE NOT: you should create it

3) Check your table structure

does it have all theese fields id, code, descr, manu, cpu, wpu, barcode, ingredients, allergenscon, allergensmay?

if you have there PRIMARY or UNIQUE keys you should be sure you are not inserting duplicate data on them

but anyway replace your

$sql = "INSERT INTO

with

$sql = "INSERT IGNORE INTO

PS: its not possible to help you without any error messages from your side