value is not storing in mysql database

Question

I started to learn php but stuck in somewhere. Below is my php code to show what i did. I made add to cart part with storing IP address and product id but still the value is not saving database. How to check what's wrong in code? I also checked it using echo mysqli_error($db) but not showing.

below is code :

<?php 

$db = mysqli_connect("localhost","root","","ecommerce");


function getIp() {
    $ip = $_SERVER['REMOTE_ADDR'];

    if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
        $ip = $_SERVER['HTTP_CLIENT_IP'];
    } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
        $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
    }

    return $ip;
}


function cart(){

    if (isset($_GET['add_cart'])) {

        global $db;

        $ip = getIp();
        $pro_id = $_GET['add_cart'];
        $check_pro = "select * from cart where ip_add='$ip' AND p_id='$pro_id'";

        $run_check = mysqli_query($db, $check_pro);

        if (mysqli_num_rows($run_check)>0) {
            echo "";
        } else {
            $insert_pro = "insert into cart (p_id,ip_add) values ('$pro_id','$ip')";

            $run_pro = mysqli_query($db , $insert_pro);
            echo "<script>window.open('index.php','_self')</script>";
        }
    }
}
?>

Even adding image of database table.

`p_id` is auto incremented so not use in insert query!!Because it is already in your table!! — Saty, Jul 14 '16 at 10:39
please print query in browser and paste that query in phpmyadmin...and see what error occured. — Kaushal shah, Jul 14 '16 at 10:40
Just use `$insert_pro = "insert into cart (ip_add) values ('$ip')"; ` You will get new p_id for that ip — Saty, Jul 14 '16 at 10:41
@SagarKodte Maybe the problem is in the if statement, you have a echo "" — Zac, Jul 14 '16 at 10:41
actually i am lerning through some tutorial there is working here is not working — Sagar Kodte, Jul 14 '16 at 10:42
Side note: if that tutorial really suggests embedding raw GET variables into SQL I suggest you find another reference. That practice make code harder to write and will get your site hacked. — Álvaro González, Jul 14 '16 at 10:45
What is the internet address you are trying to load? Can you put it there? @SagarKodte — Zac, Jul 14 '16 at 10:56
@SagarKodte my mistake, I didn't noticed that you've already added echo in function... Did you pass any integer number to `$_GET['add_cart']`? — Mindaugas M., Jul 14 '16 at 10:58
@SagarKodte You can google for "SQL Injection" and check our classic question [How can I prevent SQL-injection in PHP?](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) — Álvaro González, Jul 14 '16 at 10:59
Can you insert the full address you put? http://localhost/index.php?add_cart=18 .. Something like it? — Zac, Jul 14 '16 at 11:03

score 1 · Accepted Answer · edited May 23 '17 at 12:14

You need to check the status of almost all mysqli_ api calls, see the 2 checks I have added

function cart(){

    if (isset($_GET['add_cart'])) {

        global $db;

        $ip = getIp();
        $pro_id = $_GET['add_cart'];
        $check_pro = "select * from cart where ip_add='$ip' AND p_id='$pro_id'";

        $run_check = mysqli_query($db, $check_pro);

        // test query worked and report error if it failed
        if ($run_check === false) {
            echo mysqli_error($db);
            exit;
        }

        if (mysqli_num_rows($run_check)>0) {
            echo "";
        } else {
            $insert_pro = "insert into cart 
                                  (p_id,ip_add) 
                           values ('$pro_id','$ip')";

            $run_pro = mysqli_query($db , $insert_pro);

            // test query worked and report error if it failed
            if ($run_pro === false) {
                echo mysqli_error($db);
                exit;
            }

            echo "<script>window.open('index.php','_self')</script>";
        }
    }
}

This will likely show you your error.

It is likely you have already INSERTED a row with the key you are using

By the way: Your script is at risk of SQL Injection Attack Have a look at what happened to Little Bobby Tables Even if you are escaping inputs, its not safe! Use prepared statement and parameterized statements

Field 'qty' doesn't have a default value is showing. I saw qty field in tutroial there is no default value.but working. — Sagar Kodte, Jul 14 '16 at 10:50
i changed DEFAULT value of qty to null it works but it's proper to go ahead? — Sagar Kodte, Jul 14 '16 at 11:12
I would go for a default of Zero as it will make more sence later to have a 0 qty than a null qty — RiggsFolly, Jul 14 '16 at 11:18

value is not storing in mysql database

1 Answers1