PHP form is not sending data into MySQL

Question

I am new in php. I have been trying to enter data into MySQL through PHP form but unfortunately it is not working. I have used post method. Kindly help me

<html>
    <body>
    <form action=zain.php method="post">
        category <input type="text" name="product_category"><br />
        <br />
        Name: <input type="text" name="product_name"><br /><br />
        <input type="submit" id = "go" name="submit" value="Go">
    </form>
    </body>
    <?php
    $user = 'root';
    $password = 'zz224466';
    $db = 'Zain';

    // Create connection
    $conn = mysqli_connect('localhost', $user, $password, $db);

    // Check connection
    if (!$conn) {
        die("Connection failed: " . mysqli_connect_error());
    }
    echo "connected";

    mysqli_select_db($conn, "zain");


        $sql = "INSERT INTO product WHERE product_id=1 (product_category , product_name) VALUES('$_POST[product_category]','$_POST[product_category]')";

        mysqli_query($conn, $sql);
        mysqli_close($conn);


    ?>
    </html>

Consult these following links http://php.net/manual/en/mysqli.error.php and http://php.net/manual/en/function.error-reporting.php and apply that to your code. — Funk Forty Niner, Jan 22 '16 at 13:40
Wrong syntax of insert query `INSERT INTO product WHERE product_id=1 ` What is `where` doing here — Saty, Jan 22 '16 at 13:42
INSERT does not have a WHERE clause http://dev.mysql.com/doc/refman/5.7/en/insert.html - INSERT ... SELECT does http://dev.mysql.com/doc/refman/5.7/en/insert-select.html or INSERT ... ON DUPLICATE KEY UPDATE http://dev.mysql.com/doc/refman/5.7/en/insert-on-duplicate.html — Funk Forty Niner, Jan 22 '16 at 13:42
Oh, nice *Stealth edit*. So tell us, is this going to be an incremental experiment?? — Funk Forty Niner, Jan 22 '16 at 13:43
You use `'$_POST[product_category]','$_POST[product_category]'` product category two time in your insert query. Where is your `product_name`?? — Saty, Jan 22 '16 at 13:46
@Saty *Yep!* - I told them that [here...](http://stackoverflow.com/questions/34948062/php-form-is-not-sending-data-into-mysql#comment57627453_34948062) already ;-) — Funk Forty Niner, Jan 22 '16 at 13:47
@Saty Nonetheless, that would have/should have entered the same value for both. They're not telling us the whole story. — Funk Forty Niner, Jan 22 '16 at 13:49
As @Fred-ii- said, your code contains vulnerabilities from hackings like SQL injections — Alfred Woo, Jan 22 '16 at 13:49
Plus what happen when you come first time in your page?? It insert blank entry . No condition to check either form is submit or not!! — Saty, Jan 22 '16 at 13:52
None of you have fixed my problem but I don't know why are you downvoting my question — Zain Farooq, Jan 22 '16 at 13:59
Because, all your comments about ***"Not working"***, tells us nothing. I told you what to do already: **Check for errors** [20 minutes ago](http://stackoverflow.com/questions/34948062/php-form-is-not-sending-data-into-mysql#comment57627415_34948062). Oh, I guess I forgot to ask, or someone else did that: *"any error are you getting? – Pathik Vejani 15 mins ago"* — Funk Forty Niner, Jan 22 '16 at 14:00
Plus, you're using this whole code inside the same page and probably/most likely getting ***empty data*** inserted into db but haven't told us that. Am I right on this? @ZainFarooq soon as your page is loaded, it enters empty data. Am pretty sure I'm right about this and probably entering characters that MySQL is complaining about also. — Funk Forty Niner, Jan 22 '16 at 14:06
I think your last comment has some piece of solution for me @Fred-ii — Zain Farooq, Jan 22 '16 at 14:09
@ZainFarooq Honestly, you haven't given us much to go on. A good question gets a good score, and we've been playing the guessing-game for the most part here. Guess this is a lesson that you should do proper error-checking and report what is given from that to those trying to help you. We have not at all wasted your time, more like you're wasting our like this. Don't complain when people are helping you - for *free*. — Qirel, Jan 22 '16 at 14:14
@ZainFarooq actually Zain, you should have improved on your question to tell us what was happening while you were executing this code. Nobody knew, only you did. And I was the one who figured out what was happening where you are. You're behind your computer, we're not ;-) You have my answer below also. amongst a few. You can now continue with your project. — Funk Forty Niner, Jan 22 '16 at 14:14

score 2 · Answer 1 · edited May 23 '17 at 11:59

2

There's a couple of things to address with this code. Firstly, as already in the comments, you previously had a WHERE clause. Insert queries doesn't use this, as you are inserting in a new row - not updating one.

Furthermore, you are using $_POST[product_category] inside your SQL-statement. Note that the superglobal $_POST is an array, and as such, you need to properly index whatever you're trying to retrieve from that array, so it would instead be $_POST['product_category'] (note the single-quotes).

In addition, your code is vulnerable to SQL-injection, and since you are already using mysqli_, you should apply prepared statements to your code.

$sql = "INSERT INTO product (product_category , product_name) VALUES (?,?)";
if ($stmt = mysqli_prepare($conn, $sql)) {
    mysqli_stmt_bind_param($stmt, "ss", $_POST['product_category'], $_POST['product_name']);
    mysqli_stmt_execute($stmt);
    mysqli_stmt_close($stmt);
}
mysqli_close($conn);

Usage of error_reporting(E_ALL); and mysqli_error would've alerted you when something is wrong, so please apply this to your code - it makes troubleshooting a lot more easier when you know what exactly is wrong.

edited May 23 '17 at 11:59

Community

1
1

answered Jan 22 '16 at 13:55

Qirel

25,449
7
45
62

I have used this but not working – Zain Farooq Jan 22 '16 at 13:58
2

"*Not working*" is not very specific. I'm not really up for playing the famous guessing-game. If you apply error-reporting to your code, you'll be able to tell what's failing. Come back with an error-message, and we can work from that. – Qirel Jan 22 '16 at 14:01
...indeed. As I told them [here...](http://stackoverflow.com/questions/34948062/php-form-is-not-sending-data-into-mysql#comment57627415_34948062) already ;-) @Qirel – Funk Forty Niner Jan 22 '16 at 14:03
@Fred-ii- Indeed it has, but clearly it wasn't done... Otherwise we'd be have something specific to work from already ;) – Qirel Jan 22 '16 at 14:05

RiggsFolly · Answer 2 · 2016-01-22T14:15:00.497

In order to expand an array occurance while inside a double quoted string you need to do this

 $sql = "INSERT INTO product 
                (product_category , product_name) 
          VALUES('{$_POST['product_category']}','{$_POST['product_name']}')";

I also chnaged the name of the second field to $_POST['product_name'] although that is just what I assume it would be called.

If you insist on not using prepared statement I would also, as a minimum add this

 $c = mysqli_real_escape_string($conn, $_POST['product_category']);
 $p = mysqli_real_escape_string($conn, $_POST['product_name']);

 $sql = "INSERT INTO product 
                (product_category , product_name) 
          VALUES('$c','$p')";

A safer way of doing this, to avoid SQL Injection would be to do

$sql = "INSERT INTO product 
                (product_category , product_name) VALUES(?, ?)";

if ($stmt = mysqli_prepare($conn, $sql)) {

    /* bind parameters for markers */
    mysqli_bind_param($stmt, "ss", $_POST['product_category'], $_POST['product_name']);

    mysqli_execute($stmt);

    .. .. .. 

} else {

    echo mysqli_error($conn);
    exit;
}

I'm fairly sure that in all `mysqli_` functions, the first parameter is the connection in procedural style. Yours has it in second. Otherwise a terrific answer! — Qirel, Jan 22 '16 at 14:11
@Qirel Thanks for picking that up. Changed all to be Proceedural as thats what OP is using and added, hopefully, all the connection params. — RiggsFolly, Jan 22 '16 at 14:15

Funk Forty Niner · Accepted Answer · 2016-01-22T14:36:39.593

Besides other answers given, your entire code is inside the same page and you are most likely getting empty data inserted in db as soon as the page is loaded.

Therefore, you need to use a conditional statement (checking for empty data input) and pre-assigning variables first and using your submit button's name attribute.

I.e.:

if(isset($_POST['submit'])){

    if( !empty($_POST['var1']) && !empty($_POST['var2']) ){

    $var1 = $_POST['var1'];
    $var2 = $_POST['var2'];

    // execute your SQL
     }

}

From comments:

Plus, you're using this whole code inside the same page and probably/most likely getting empty data inserted into db but haven't told us that. Am I right on this? @ZainFarooq soon as your page is loaded, it enters empty data. Am pretty sure I'm right about this and probably entering characters that MySQL is complaining about also. – Fred -ii- 5 mins ago

I think your last comment has some piece of solution for me @Fred-ii – Zain Farooq 2 mins ago

@ZainFarooq Glad to hear I was of help. – Fred -ii- 2 mins ago

Another option would be to seperate your HTML form from your PHP/SQL and also using a conditional statement as outlined in my answer above.

Plus, you were using the same 2 POST arrays in your VALUES VALUES('$_POST[product_category]','$_POST[product_category]'), as I already outlined in comments. One of those should have been $_POST[product_name].

You may also be entering characters that MySQL could be complaining about, such as apostrophes, etc. I.e.: Joe's Bar & Grill. Therefore you would need to escape your data, something you should be doing anyway.

Checking for errors against your query would have told you about that, should it contain syntax errors.
http://php.net/manual/en/mysqli.error.php

Another thing that could also have an effect are the column types and lengths. The columns must be long enough to accommodate for the data being inserted. If you are entering a string length that is greater than your column's length, MySQL will fail silently.

Footnotes:

You don't need this mysqli_select_db($conn, "zain"); and can be safely removed, since you already declared all 4 parameters in:

$conn = mysqli_connect('localhost', $user, $password, $db);

Thanx God.. You have found error. But I have wasted my time and sucked my mind here.. — Zain Farooq, Jan 22 '16 at 14:44
@ZainFarooq We all like to help people here Zain. But when we don't know what is not going on, or what is happening, then one must try to guess sometimes lol. I would look at the positive side of this though, being a lesson learned. We all learn, even I do continue learning, we are not perfect, we're only human. Don't feel so bad, but please include important information in a question to let everyone know the results you get when executing code, if it's "empty data", an error, or both, it can be anything. Again, only you know what is going on over where you are, not us ;-) *Cheers* — Funk Forty Niner, Jan 22 '16 at 14:48
I have switched to web for a long time. I was just testing my code to start project. I have also used this code before but this time it was not working as I had also confusion. Therefore I posted whole code before you and I didn't know any additional information that i could share with you. Hope you got my point.. God bless you — Zain Farooq, Jan 22 '16 at 14:55
@ZainFarooq You have the option to mark the question as solved. You don't have to, but this will inform everyone that the question was solved. Otherwise, it will remain as being unanswered. *Cheers* — Funk Forty Niner, Jan 22 '16 at 15:07

PHP form is not sending data into MySQL

3 Answers3