Code won't insert into database

Question

I have the following code that should collect the filled values from a former page and insert them in a MySQLi database. This does not work and I only get a blank page as a result, without any messages. I can't figure out what I'm doing wrong.

<?php
ini_set('display_errors',1);
error_reporting(E_ALL);

if(mysqli_connect_errno())
{
    echo mysqli_connect_error();
}

$company_name = $_POST['company_name'];
$description = $_POST['description'];
$welcome_text = $_POST['welcome_text'];
$thanks_message = $_POST['thanks_message'];
$image = addslashes (file_get_contents($_FILES['image']['tmp_name']));
$logo = getimagesize($_FILES['image']['tmp_name']);

$image_type = $logo['mime'];

$q = "INSERT INTO project VALUES('','$company_name','$description','$image','$image_type','$welcome_text','$thanks_message')";

$r = mysqli_query($mysqli,$q);
if($r)
{
    echo "<h1>Projektet är skapat!</h1><br>
      Tryck på knappen nedan för att ta dig till Dashboard.<br><br>
      <a href='dashboardadmin.php'><button id='projectbutton'>Dashboard</button></a>";
}
else
{
    echo mysqli_errno($mysqli) . ": " . mysqli_error($mysqli) . "\n";
}
?>

You need to at very least "sanitize" your inputs; parameterized queries would be even better. — Uueerdo, Feb 19 '16 at 21:18
[Your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). — Jay Blanchard, Feb 19 '16 at 21:23

Ekin · Accepted Answer · 2016-02-19T22:43:28.873

3

Correct syntax of INSERT is:

INSERT INTO table_name (column1,column2,column3,...) VALUES (value1,value2,value3,...);

Please try entering column names before your values first. Also check your $_POST values, whether $_FILES['image'] is available and confirm your mysqli connection.

Edits:

Is the first value (empty one) your primary key? If so, can you omit that bit in your code and try again? (Assuming pid is integer and auto incrementing value.)

INSERT INTO project (project_name, description, image, image_type, welcome_text, thanks_message) VALUES('$company_name','$description','$image','$image_type','$welcome_text',‌'$thanks_message')

Somehow I don't think this would be Azure specific issue as per your comment.

Can you see any errors in logs etc? Also try echoing the query before you run it and check if you run it directly on your phpmyadmin etc to see if it'd work.

Please also try using echo mysqli_errno($mysqli) . ": " . mysqli_error($mysqli) . "\n"; at if($r){..} else { //here } to see if you get an error.

Latest Update:

$q = "INSERT INTO project (project_name, description, image, image_type, welcome_text, thanks_message) VALUES('".$company_name."','".$description."','".$image."','".$image_type."','".$welcome_text."','".$thanks_message."')";

edited Feb 19 '16 at 22:43

answered Feb 19 '16 at 21:15

Ekin

1,957
2
31
45

2

Field list is optional (at least in MySQL); but I am a strong proponent for them as well. – Uueerdo Feb 19 '16 at 21:16
@Ekin I have now put the column names but it doesn't work. I have a good connection and I have tested without image codes at all but it still doens't work. I am working on a Microsoft Azure server and it doesn't work, but the same codes works locally, which is strange. – Max Feb 19 '16 at 21:30
@Max are is the first value (empty one) your primary key? If so, can you omit that bit in your code and try again? Somehow I don't think this would be Azure specific issue. Can you see any errors in logs etc? Also try echoing the query before you run it and check if you run it directly on your phpmyadmin etc to see if it'd work – Ekin Feb 19 '16 at 21:33
@Ekin Yes the first one is a primary key with auto increment. My new query looks like this now: $q = "INSERT INTO project (pid, project_name, description, image, image_type, welcome_text, thanks_message) VALUES('','$company_name','$description','$image','$image_type','$welcome_text','$thanks_message')"; – Max Feb 19 '16 at 21:36
@Max Have you tried omiting your primary key and it's value in your query? ^ above without pid and '' in values... assuming pid is integer and auto incrementing value. – Ekin Feb 19 '16 at 21:40
@Ekin I tried that now but it didn't work. I also tried to remove the query and only have an echo that will print the filled project name to see if the code collects it, and it does print it out. So the filled values get retrieved but cant be executed and sent through the query. – Max Feb 19 '16 at 21:49
Can you put the **echo mysqli_errno($mysqli) . ": " . mysqli_error($mysqli) . "\n";** in the *} else {* of *if($r){..}* to see if you get an error? Do you have logging open in your management portal? – Ekin Feb 19 '16 at 21:53
@Ekin I have updated the code in my question, can you please look at it and see if I have done what you told me in your last comment? – Max Feb 19 '16 at 22:04
@Max yes, the else part would now echo the error if *if($r)* is false. Also the former one, your string would echo if *if($r)* is true ie. mysqli_query doesn't fail. – Ekin Feb 19 '16 at 22:05
@Ekin I now get this error message: 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near...... – Max Feb 19 '16 at 22:25
the near... bit would point to a part of sql. Can you see which part? I'm guessing it's either one of the posted values is treated as a bad value for a column or you clearly have a symbol or character that's breaking sql code – Ekin Feb 19 '16 at 22:38
1

@Ekin I have fixed it. Thanks for the help! – Max Feb 19 '16 at 22:45

score 2 · Answer 2 · answered Feb 19 '16 at 21:40

2

Try this, because your primary key value is auto incremented.

$q = "INSERT INTO project VALUES('$company_name','$description','$image','$image_type','$welcome_text','$thanks_message')";

answered Feb 19 '16 at 21:40

Prosen Ghosh

635
7
16

Grosh I tried that now but it didn't work. I also tried to remove the query and only have an echo that will print the filled project name to see if the code collects it, and it does print it out. So the filled values get retrieved but cant be executed and sent through the query. – Max Feb 19 '16 at 21:49
where in your code you Open a connection to the MySQL server? – Prosen Ghosh Feb 19 '16 at 22:03
I have included the file that opens a connection to the server. There is no probem with that. – Max Feb 19 '16 at 22:18
I have fixed it. Thanks for the help! – Max Feb 19 '16 at 22:45

Code won't insert into database

2 Answers2