0

The page is basically a form for adding new products to the products table in the database. The form must include image upload as well. The function is supposed to echo the query before inserting any data to the database. However, every time I press on the submit button it doesn't show the query, and the form just resets itself. I tried different solutions, yet they don't work. I changed the form action to a new php page, and still not working. I also tried to use two different browsers, and tried display error codes. Is there something messing in the code?

 <!DOCTYPE>
        <?php
        include("../includes/db.php");

        ?>
        <html>
        <head>
        <title>Insert a Product</title>
        <script src="//tinymce.cachefly.net/4.3/tinymce.min.js"></script>
        <script>tinymce.init({selector:'textarea'});</script>
        </head>
        <body>

        <form name="submit" action="insert_product.php"method="POST"enctype="multipart/from-data">

    <table align="center" width="800">


    <tr align="center">
    <td colspan="8"><h4>Insert New Post Here</h4></td>
    </tr>


    <tr>
    <td align="right"><b>Product Title:</b></td>
    <td><input type="text" name="pro_name" /></td>
    </tr>



    <tr>
    <td align="right"><b>Product Price:</b></td>
    <td><input type="text" name="price"/></td>
    </tr>

    <tr>

    <td align="right"><b>Product Image:</b></td>
    <td><input type="FILE" name="product_image" id="product_image"/></td>
    </tr>

    <tr>
    <td align="right"><b>Product Color:</b></td>
    <td><input type="text" name="Color"/></td>
    </tr>

    <tr>
    <td align="right"><b>Product Location:</b></td>
    <td>
    <select name="location">
    <option>Select a Location</option>
    <?php

    $get_location = "select * from location";

    $run_location = mysqli_query($conn, $get_location);

    while ($row_location=mysqli_fetch_array($run_location)){
    $Loc_name = $row_location['Loc_name'];
    $location_id = $row_location['location_id'];
    echo "<option value='$location_id'>$Loc_name</option>";

    }
    ?>

    </select>
    </td>
    </tr>

    <tr>
    <td align="right"><b>Product Supplier:</b></td>
    <td><input type="text" name="pro_supplier"/></td>
    </tr>

    <tr>
    <td align="right"><b>Product Cost:</b></td>
    <td><input type="text" name="cost"/></td>
    </tr>

    <tr>
    <td align="right"><b>Product Keywords:</b></td>
    <td><input type="text" name="pro_keywords"/></td>
    </tr>
    <tr>
    <td align="right"><b>Product Description:</b></td>
    <td><textarea name="Pro_desc" cols="20" rows="10"/></textarea></td>
    </tr>




    <tr align="center">

    <td colspan="7"><input type="submit" name="submit" value="Insert Product Now"/></td>
    </tr>

    </form>


    </body>





    </html>

    <?php






    if (isset($_POST['submit']) && isset($_FILES['product_image'])){


    $pro_name = $_POST['pro_name'];
    $price = $_POST['price'];
    $Color = $_POST['Color'];
    $cost = $_POST['cost'];
    $pro_desc = $_POST['pro_desc'];
    $pro_keywords = $_POST['pro_keywords'];

    $product_image = $_FILES['product_image']['name'];
    $product_imgtmp = addslashes (file_get_contents($_FILES['product_image']['tmp_name']));



    echo $insert_product =
    "insert into products
    (pro_name, price, Color, cost, Pro_desc, pro_keywords, product_image)
    VALUES
    ('$pro_name','$price','$Color','$cost','$pro_desc','$pro_keywords','$product_image')";


    if ($conn->query($insert_product) === TRUE) {
    echo "New record created successfully";
    } else {
    echo "Error: " . $insert_product . "<br>" . $conn->error;
    }

    }



    ?>
Abdul
  • 17
  • 5
  • 3
    `action="insert_product.php"method="POST"enctype="multipart/from` Need spaces my friend Spaces – Hanky Panky Feb 26 '16 at 17:33
  • I did add spaces to my original code. Still not working. – Abdul Feb 26 '16 at 17:35
  • Well seen @HankyPanky! This small details are often hard to see. – Ed de Almeida Feb 26 '16 at 17:35
  • 2
    you're echoing the result of an assignment operation, so all you'll see is `true`. To see your query, assign the sql to `$insert_product` and then `echo $insert_product` – Rob G Feb 26 '16 at 17:38
  • 2
    also, look into prepared statements & bind placeholders, your code is vulnerable to SQL injection – Rob G Feb 26 '16 at 17:40
  • also to note, that because your insert is AFTER your query/display, any new insert will not be shown on the result page. You may want to move your check/insert code to above the display table so that if it inserts, you see the result with the inserted values. – Dave Feb 26 '16 at 17:45
  • 2
    It's a *damn typo* `from-data` which should read as `enctype="multipart/form-data` - form form form and not `from` and error reporting would have thrown you something about it. http://php.net/manual/en/function.error-reporting.php ***undefined index blah blah blah*** – Funk Forty Niner Feb 26 '16 at 17:52
  • 1
    having added `else { echo "it broke..."; }` for your `if (isset($_POST['submit']) && isset($_FILES['product_image'])){...}` would have shown you "it broke". – Funk Forty Niner Feb 26 '16 at 17:56
  • @RobGudgeon That wouldn't cause their code to fail. It's a typo, as I stated a few comments above. **IF** that's their "real" code. – Funk Forty Niner Feb 26 '16 at 17:58
  • 1
    Plus, you have a conflict here `
    `. Btw, did anyone go over their code **entirely** before posting/commenting?
     – Funk Forty Niner Feb 26 '16 at 18:00
  • good catch @Fred-ii-, I saw the db include failure error and didn't look beyond that. – Dave Feb 26 '16 at 18:07
  • @Dave It's those *tiny little details* that will put a damper on one's day lol – Funk Forty Niner Feb 26 '16 at 18:08
  • @Dave I'm finding even more syntax errors in their code, after using a *finer toothed comb*. – Funk Forty Niner Feb 26 '16 at 18:44
  • @Abdul I've made a few edits to my answer since I originally posted and you'll have to go over it and reload it. You're also not using some of the attributes from your form in your query, so that's unknown. check for errors as outlined in my answer. That's the best I can offer at this time. – Funk Forty Niner Feb 26 '16 at 18:45

2 Answers2

2

Edit: After going through the code again and with an even finer tooth comb, have noticed a few more errors. Consult my Edit: also below.

Firstly, have you a typo here, being from instead of form:

enctype="multipart/from-data"
                   ^^^^

which should have read as:

enctype="multipart/form-data"
                   ^^^^

Then your <form name="submit"> and submit button <input type="submit" name="submit" both bear the same name attribute of submit.

  • Remove name="submit" from <form>, that's a conflict.

Having added an else{ echo "Something went wrong..."; } to your conditional statement would have fallen into it from the get go.

Error reporting would have also helped you out here.

Now, whatever is inside db.php is unknown to us. Since you're using the MySQLi API to query with, the connection for it must be the same one, mysqli_ and not mysql_ or PDO, should that be the case.

  • Different MySQL APIs do not intermix.

"However, every time I press on the submit button it doesn't show the query"

Your conditional statement:

if (isset($_POST['submit']) 
 && isset($_FILES['product_image']))

is checking if both the submit is pressed AND-&& the file is set.

You may want to use an || (OR) here instead, if that file is ever "not set/empty".

For user provided input, use a conditional !empty(), it's better.

  • So, make sure that both conditions are met.

That could be changed to:

if ( isset($_POST['submit']) ){

    // do something in here

 if( !empty($_FILES['product_image']) ){

    // do something else in here
 }
 else{
    // you can do stuff here too for an empty file condition
    }

 }

HTML stickler:

<!DOCTYPE> isn't a proper doctype declaration, and should read as <!DOCTYPE html> as a minimum HTML5-supported method.

Otherwise, consult the following for all valid types:

Footnotes:

Your present code is open to an SQL injection. Use mysqli_* with prepared statements, or PDO with prepared statements.

Edit:

Upon looking further at your code:

<textarea name="Pro_desc" and $_POST['pro_desc']. Notice the uppercase P in the name attribute?

Those POST arrays are case-sensitive and again; error reporting would have thrown you something about it, being undefined index pro_desc.

It should read as:

  • $_POST['Pro_desc']

Pro tip: Use the same letter-case convention throughout your code. You can quickly get lost into using mixed case variables and they are case-sensitive. My preference has always been to use all lowercase letters for variables, arrays, etc.

  • Be careful with that.

Plus, if you're attempting to insert the uploaded file in your database as binary, you will need to escape that data with mysqli_real_escape_string() and setting your column as BLOB or LONGBLOB, depending on the size of the file.

Also make sure that there isn't an file upload constraint size restriction.

Rerences:

Add error reporting to the top of your file(s) which will help find errors.

<?php 
error_reporting(E_ALL);
ini_set('display_errors', 1);

// Then the rest of your code

Sidenote: Displaying errors should only be done in staging, and never production.

Community
  • 1
  • 1
Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
0

1st create spaces at the form code:

<form name="submit" action="insert_product.php" method="POST" enctype="multipart/from-data">

Then on your PHP code do not echo the operation i.e.

Change this

 echo $insert_product =
    "insert into products
    (pro_name, price, Color, cost, Pro_desc, pro_keywords, product_image)
    VALUES
    ('$pro_name','$price','$Color','$cost','$pro_desc','$pro_keywords','$product_image')";

to this

$insert_product =
        "insert into products
        (pro_name, price, Color, cost, Pro_desc, pro_keywords, product_image)
        VALUES
        ('$pro_name','$price','$Color','$cost','$pro_desc','$pro_keywords','$product_image')";
echo $insert_product;
Omari Victor Omosa
  • 2,814
  • 2
  • 24
  • 46