-2

I have built a database called jobs, and I am trying to insert data into it via an html form, that calls a php file. After submitting the form I see the following error in the console.

ERROR: Could not able to execute INSERT INTO jobs (id, title, pay, description, location, max_people, people_going, tasks, start_time, end_time, start, end) VALUES (Default, 'testTitle', '4.00', 'testd', 'testl', '4', '1', 'testt', '13:00:00', '14:00:00', '2016-05-31 13:00:00', '2016-05-31 14:00:00').

I can manually input data through phpMyadmin, this only happens if I try to update the database via the form. I am relatively new to working with databases, so I am sure it is something very simple. I would appreciate any help that can be given.

The database is laid out as follows and nothing can be Null:

  • id type:int,auto increment
  • title type:varchar
  • pay type:decimal(15,2)
  • description type:text
  • location type:text
  • max_people type:int
  • people_going type:int
  • tasks:text
  • start_time type:time
  • end_time type:time
  • start type:datetime
  • end type:datetime

insert.php

<?php
/* Attempt MySQL server connection. Assuming you are running MySQL
server with default setting (user 'root' with no password) */
$host= "localhost";
$user= "";
$pass= "";
$link = mysql_connect($host, $user, $pass);

// Check connection
if($link === false){
    die("ERROR: Could not connect. " . mysqli_connect_error());
}

// Escape user inputs for security
$job_title = $_POST['j_title'];
$job_pay = $_POST['j_pay'];
$job_start_time = $_POST['j_start'];
$job_end_time = $_POST['j_end'];
$original_job_date = $_POST['j_date'];
$job_summary = $_POST['j_description'];
$job_location = $_POST['j_location'];
$job_people = $_POST['j_people'];
$job_tasks = $_POST['j_tasks'];
$j_going=1;
$job_date=date('Y-m-d',strtotime("$original_job_date"));
$event_start= date('Y-m-d H:i:s', strtotime("$job_date $job_start_time"));
$event_end= date('Y-m-d H:i:s', strtotime("$job_date $job_end_time"));

// attempt insert query execution
$sql = "INSERT INTO jobs (id, title, pay, description, location, max_people, people_going, tasks, start_time, end_time, start, end) VALUES (DEFAULT, '$job_title', '$job_pay', '$job_summary', '$job_location', '$job_people', '$j_going', '$job_tasks', '$job_start_time', '$job_end_time', '$event_start', '$event_end')";
if(mysqli_query($link, $sql)){
    echo "Records added successfully.";
} else{
    echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
}

// close connection
mysqli_close($link);
?>

Form code from job_creation.html

<div class="container container-wide z-index">
            <h2>Job Creation</h2>

            <form class='rd-mailform row' id="job_form" method="post" action="insert.php">
                <!-- RD Mailform Type -->
                <input type="hidden" name="form-type" value="contact"/>
                <!-- END RD Mailform Type -->

                <div class="col-xs-12 col-sm-6">
                    <div class="form-group">
                        <label class="form-label" data-add-placeholder for="j_title">Job Title</label>
                        <input id="j_title"
                               type="text"
                               name="j_title"
                               />

                    </div>

                    <div class="form-group">
                        <label class="form-label" data-add-placeholder for="j_pay">Job Pay</label>
                        <input id="j_pay"
                               type="number" 

                               min="0" 
                               step="0.01" 
                               data-number-to-fixed="2" 
                               data-number-stepfactor="100"
                               name="j_pay"
                               />

                    </div>

                    <div class="form-group">
                        <label class="form-label" data-add-placeholder for="j_start">Job Start Time</label>
                        <input id="j_start"
                               class="time"
                               type="text"
                               name="j_start"
                              />

                    </div>
                    <div class="form-group">
                        <label class="form-label" data-add-placeholder for="j_end">Job End Time</label>
                        <input id="j_end"
                               class="time"
                               type="text"
                               name="j_end"
                               />

                    </div>
                    <div class="form-group">
                        <label class="form-label" data-add-placeholder for="j_date">Job Date</label>
                        <input id="j_date"
                              class="datepicker"
                               type="text"
                               name="j_date"
                               />

                    </div>
                    <div class="form-group">
                        <label class="form-label" data-add-placeholder for="j_location">Job Location</label>
                        <input id="j_location"
                               type="text"
                               name="j_location"
                               />

                    </div>
                    <div class="form-group">
                        <label class="form-label" data-add-placeholder for="j_people">Number of People</label>
                        <input id="j_people"
                               type="number"
                               name="j_people"
                               />

                    </div>
                </div>

                <div class="col-xs-12 col-sm-6">
                    <div class="form-group textarea">
                        <label class="form-label" data-add-placeholder for="j_description">Job Description</label>
                         <textarea id="j_description"
                                   name="j_description"
                                  ></textarea>



                    </div>
                    <div class="form-group textarea">
                        <label class="form-label" data-add-placeholder for="j_tasks">What Needs to be Done</label>
                         <textarea id="j_tasks"
                                   name="j_tasks"
                                  ></textarea>
                    </div>
                </div>

                <div class="form-group btn-wr text-center">
                    <input type="submit" class="btn btn-sm btn-success" value="Create Job" >

                    <div class="mfInfo"></div>

                </div>
            </form>
        </div>

Solved

Solution: There were actually multiple problems with the code. After removing the quotes around the integers and decimals, as well as switching all of my statements to use mysqli; I was given the error that it could not connect to a database. This was fixed by adding mysqli_connect to the code, as well as a few variables.

Cœur
  • 37,241
  • 25
  • 195
  • 267
Dbender1994
  • 1
  • 2
  • 3
    [Little Bobby](http://bobby-tables.com/) says [your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard May 27 '16 at 14:26
  • You're quoting decimals and integers on the insert, that will fail. – Jay Blanchard May 27 '16 at 14:32
  • possible duplicate of http://stackoverflow.com/questions/11321491/when-to-use-single-quotes-double-quotes-and-backticks – Jay Blanchard May 27 '16 at 14:34
  • 4
    You are mixing `mysql_` with `mysqli_`.... – Alex May 27 '16 at 14:39
  • possible duplicate of http://stackoverflow.com/questions/17498216/can-i-mix-mysql-apis-in-php – Jay Blanchard May 27 '16 at 14:40
  • OK - two possible duplicates which indicates you need to correct your code and test again. – Jay Blanchard May 27 '16 at 14:40
  • Thank you Jay, I have looked over the two posts you linked two but I am still unsure what you mean by quoting decimals and integers. – Dbender1994 May 27 '16 at 14:47
  • 2
    You should not use default as the initial value for the auto increment column. Simply omit the auto increment column from the insert statement completely. – Shadow May 27 '16 at 14:49
  • You should remove quotes in the INSERT statement that surround decimal and integer values. – Jay Blanchard May 27 '16 at 14:56

1 Answers1

-4

Try this one

$sql = "INSERT INTO jobs (`title`, `pay`, `description`, `location`, `max_people`, `people_going`, `tasks, `start_time, `end_time`, `start`, `end`) VALUES ('$job_title', '$job_pay', '$job_summary', '$job_location', '$job_people', '$j_going', '$job_tasks', '$job_start_time', '$job_end_time', '$event_start', '$event_end')";

start and end is reserved words from MySQL

Merab Chikvaidze
  • 1
  • 2
  • 2
    **BEGIN and END are keywords but not reserved, so their use as identifiers does not require quoting.** from https://dev.mysql.com/doc/refman/5.5/en/keywords.html – Chin Leung May 27 '16 at 14:27