0

so i am making a ticketsystem, but i have a hard time finding the problem?

i want to either submit form 1 or 2 to the database. but it is not working am i running this correctly or are there some errors?

<form name="nieuwTicket2" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="POST">
\
                    <input type="submit"value=">>" name="submit2" class='hidden2' />

                </form>

<form name="nieuwTicket1" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="POST">
\
                    <input type="submit"value=">>" name="submit1" class='hidden2' />

                </form>








<?php
session_start();
require_once 'headerUp.php'; //Include de header.
require_once '../functies.php'; //Include de functies.
require_once 'AJAX/zoekKlant.php'; //Include de functies.
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
$connectie = verbinddatabase();
$output = '';
$fstAccountNr= $_SESSION['gebruikersNaam'];
$aantalXterug=NULL;
$terugstuurLock=FALSE;
$lijnNr=1;
$datumAanmaak= mysqldatum();
$log=NULL;
$verlopen=FALSE;
$binnenkomstType="tel";
$lokatie="standaard";
$klantTevreden=NULL;
$vVLaptopMerk=NULL;
$vVlaptopType=NULL;
$besturingssysteem="standaard";
$factuurNr=NULL;
$typeCommentaar=NULL;
$aangewAccountNr=NULL;
//variablen forms
$klantAchternaam = $_POST["klantAchternaam"]; 
$klantNaam = $_POST["klantNaam"]; 
$klantTel = $_POST["klantTel"]; 
$klantAdres = $_POST["klantAdres"]; 
$klantPostc = $_POST["klantPostc"]; 
$klantStad = $_POST["klantStad"]; 
$klantEmail = $_POST["klantEmail"]; 
$probleem = $_POST["probleem"]; 
$trefwoorden = $_POST["trefwoorden"]; 
$klantid = $_POST["klantid"]; 
$prioriteit = $_POST["prioriteit"]; 
$NogBellen = $_POST["NogBellen"]; 
$categorieNaam = $_POST["categorieNaam"]; 
$streefdatum = $_POST["streefdatum"];
$nieuwComment = $_POST["nieuwComment"];


if (!$_POST['submit1'] === "") {
        $nieuweKlantQuery =mysqli($connectie, "insert into klant klantAchternaam = $klantAchternaam,
                klantNaam = $klantNaam, klantTel = $klantTel, klantAdres = $klantAdres, klantPostc = $klantPostc,
                klantStad = $klantStad, klantEmail = $klantEmail");   
        $ophaalKlantQuery =mysqli($connectie, "SELECT klantId, klantNaam FROM klant WHERE klantNaam='$klantNaam'");     
            $result=mysqli_fetch_array($ophaalKlantQuery);
            $teller = mysqli_num_rows($ophaalKlantQuery);
                if ($teller == 1 && $result['klantnaam'] === $klantNaam ){
                    $_SESSION["klantId"] = $result['klantId'];
                    $klantId= $_SESSION["klantId"];
                }

        $ticketQuery = mysqli($connectie, "INSERT INTO ticket (fstAccountNr = $fstAccountNr, inBehandeling = TRUE, 
            probleem = $probleem, trefwoorden = $trefwoorden, klantId = $klantId, prioriteit = $prioriteit,
            aantalXterug = NULL terugstuurLock = FALSE, lijnNr = $lijnNr, datumAanmaak = CURRENT_DATE,
            nogBellen = $nogBellen, categorieNaam = $categorieNaam, factuurNr = $factuurNr,
            log = $log, verlopen = $verlopen, streefdatum = $streefdatum,
            lokatie = $lokatie, klantTevreden = $klantTevreden, commentaarId=$commentaarId, oplossingId=$oplossingId ");
        $ophaalticketQuery =mysqli($connectie, "SELECT ticketId, klantId FROM ticket WHERE klantid='$klantId'");     
            $result0=mysqli_fetch_array($ophaalticketQuery);
            $teller0 = mysqli_num_rows($ophaalticketQuery);
                if ($teller0 == 1 && $result0['klantId'] === $klantId ){
                    $_SESSION["ticketId"] = $result0['ticketId'];
                    $ticketId= $_SESSION["ticketId"];
                }                

        $CommentaarQuery = mysqli($connectie, "insert into commentaar commOmscrijving = $nieuwComment, typeCommentaar=$typeCommentaar, datum =$datumAanmaak, accountNr=$fstAccountNr,
            ticketId= $ticketId");
        $ophaalCommentaarQuery =mysqli($connectie, "SELECT commentaarId, ticketId FROM commentaar WHERE ticketId='$tickerId'");
            $result1= mysqli_fetch_array($ophaalCommentaarQuery);
            $teller1= mysqli_num_rows($ophaalCommentaarQuery);
                if ($teller1 == 1 && $result1['ticketId'] === $ticketId){
                    $_SESSION["commentaarId"] =$result1['commentaarId'];
                    $commentaarID=$_SESSION['commentaarId'];
                }

        $oplossingQuery= mysqli($connectie, "INSERT INTO oplossingen definitief=$definitief, oplossOmschrijving=$oplossOmschrijving,
            datumFIX=$datumFIX, accountNr=$ftsAccountNr, ticketId=$ticketId");
        $ophaalOplossingQuery=mysli($connectie, "SELECT oplossingId, ticketId FROM oplossingen WHERE ticketId='$ticketId'");
            $result2= mysqli_fetch_array($ophaalOplossingQuery);
            $teller2= mysqli_num_rows($ophaalOplossingQuery);
                if ($teller2 == 1 && $result1['ticketId'] === $ticketId){
                    $_SESSION["oplossingId"] =$result2['oplossingId'];
                    $oplossingId=$_SESSION['oplossingId'];
                }            



    if(!$connectie->query($ticketQuery)){
        echo "Ticket query mislukt..." . $connectie->error();
    }

    if(!$connectie->query($nieuweKlantQuery)){
        echo "Nieuwe Klant query mislukt..." . $connectie->error();
    }
}

 if (!$_POST['submit2'] === "") {  
        $ticketQuery = mysqli($connectie, "INSERT INTO ticket (fstAccountNr = $fstAccountNr, inBehandeling = TRUE, 
            probleem = $probleem, trefwoorden = $trefwoorden, klantId = $klantId, prioriteit = $prioriteit,
            aantalXterug = NULL terugstuurLock = FALSE, lijnNr = $lijnNr, datumAanmaak = CURRENT_DATE,
            nogBellen = $nogBellen, categorieNaam = $categorieNaam, factuurNr = $factuurNr,
            log = $log, verlopen = $verlopen, streefdatum = $streefdatum,
            lokatie = $lokatie, klantTevreden = $klantTevreden, commentaarId=$commentaarId, oplossingId=$oplossingId ");
        $ophaalticketQuery =mysqli($connectie, "SELECT ticketId, klantId FROM ticket WHERE klantid='$klantId'");     
            $result0=mysqli_fetch_array($ophaalticketQuery);
            $teller0 = mysqli_num_rows($ophaalticketQuery);
                if ($teller0 == 1 && $result0['klantId'] === $klantId ){
                    $_SESSION["ticketId"] = $result0['ticketId'];
                    $ticketId= $_SESSION["ticketId"];
                }                

        $CommentaarQuery = mysqli($connectie, "insert into commentaar commOmscrijving = $nieuwComment, typeCommentaar=$typeCommentaar, datum =$datumAanmaak, accountNr=$fstAccountNr,
            ticketId= $ticketId");
        $ophaalCommentaarQuery =mysqli($connectie, "SELECT commentaarId, ticketId FROM commentaar WHERE ticketId='$tickerId'");
            $result1= mysqli_fetch_array($ophaalCommentaarQuery);
            $teller1= mysqli_num_rows($ophaalCommentaarQuery);
                if ($teller1 == 1 && $result1['ticketId'] === $ticketId){
                    $_SESSION["commentaarId"] =$result1['commentaarId'];
                    $commentaarID=$_SESSION['commentaarId'];
                }

        $oplossingQuery= mysqli($connectie, "INSERT INTO oplossingen definitief=$definitief, oplossOmschrijving=$oplossOmschrijving,
            datumFIX=$datumFIX, accountNr=$ftsAccountNr, ticketId=$ticketId");
        $ophaalOplossingQuery=mysli($connectie, "SELECT oplossingId, ticketId FROM oplossingen WHERE ticketId='$ticketId'");
            $result2= mysqli_fetch_array($ophaalOplossingQuery);
            $teller2= mysqli_num_rows($ophaalOplossingQuery);
                if ($teller2 == 1 && $result1['ticketId'] === $ticketId){
                    $_SESSION["oplossingId"] =$result2['oplossingId'];
                    $oplossingId=$_SESSION['oplossingId'];
                }     
 }
?>
Your Common Sense
  • 156,878
  • 40
  • 214
  • 345
Robby Morales
  • 39
  • 1
  • 7
  • Have you checked your error logs? You're making an assumption the query is working. Add error reporting to the top of your file(s) right after your opening ` – Jay Blanchard Jan 11 '17 at 13:44
  • Your INSERT queries are completely wrong, please review the syntax for those queries. http://dev.mysql.com/doc/refman/5.7/en/insert.html – Jay Blanchard Jan 11 '17 at 13:45
  • [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! [Don't believe it?](http://stackoverflow.com/q/38297105/1011527) – Jay Blanchard Jan 11 '17 at 13:47
  • 1
    Try `mysqli_query` instead of `mysqli`, I don't think it can be invoked like that. – Progrock Jan 11 '17 at 13:51
  • Good catch @Progrock. Just one of *several* issues in this code. – Jay Blanchard Jan 11 '17 at 13:53

0 Answers0