PHP script sometimes inserts data into database and sometimes not

Question

I am writing simple PHP program to insert student information into mysql database and respond back with user id. This script sometimes works good. But sometimes it is not working. What are the possible reasons for this kind of behavior. If my program has any bugs then please suggest corrections. Below is my student registration script and mysql database function. I am not good at PHP, PLEASE SUGGEST CORRECTION IF ANY

<?php
    $username = $_POST['name'];
    $clgName = $_POST['clg_name'];
    $branch = $_POST['branch'];
    $sem = $_POST['sem'];
    $mobile = $_POST['mobile'];
    $email = $_POST['email'];
    $profile_pic_color = $_POST['profile_pic_color'];
    $deviceId = $_POST['device_id'];

    include "DatabaseHandler/DBFunctions.php";

    $db = new DBFunctions();

    $query = "INSERT INTO user_details(user_name, user_clgName, user_branch, user_sem, user_mobile, user_email, profile_color, device_id) values('$username', '$clgName', '$branch','$sem', '$mobile', '$email', '$profile_pic_color', '$deviceId')";

    list($result, $mysqli) = $db->select($query);

    $query = "SELECT MAX(user_id) FROM user_details";

    if($mysqli->affected_rows > 0){

        list($result, $mysqli) = $db->select($query);

        $arr = array();

        if($result){
            $row = $result->fetch_array();
            $arr[] = $row;
            echo json_encode($arr);
        }
    }

?>

And this is my Database Manager PHP SCRIPT.

<?php


    class DBFunctions{



        public function connect(){
            include "DBConfig.php";
                 $mysqli = new mysqli($domain, $username, $password, $database);

            return $mysqli;
        }

        public function query($query){
                // Connect to the database
            $mysqli = $this -> connect();

            // Query the database
            $result = $mysqli -> query($query);

            return array($result, $mysqli);
        }

        public function select($query){

            $mysqli = $this -> connect();

            $result = $mysqli -> query($query);

            if($result === false) {
                        return false;
                }

                return array($result, $mysqli);
        }
    }
?>

What does `But sometime it is not working.` mean? What does it say, when it is not working? Which is the error? — , Feb 10 '17 at 18:37
If i print something at beginning of script. It prints everytime. But does not inserts data into database sometime. And not gives any error. — Sagar Yadav, Feb 11 '17 at 09:27
When i make lot of request in short time. Then this is happening. maybe mysql no. of connections exceeding. — Sagar Yadav, Feb 11 '17 at 09:48
Your script is vulnerable to SQL injection, which could explain the issue: whenever you data happens to have quotes the program will crash. — Álvaro González, Feb 12 '17 at 11:47

score 0 · Answer 1 · answered Feb 12 '17 at 11:13

0

I found reason for this behavior. Some input strings had single quotes. Because of that sql query syntax fails. Used real_escape_string() function of PHP. Now it is working good. Thank You all

answered Feb 12 '17 at 11:13

Sagar Yadav

137
2
11

That's the most verbose and annoying way to prevent SQL injection. I recommend you use prepared statements. – Álvaro González Feb 12 '17 at 11:48

PHP script sometimes inserts data into database and sometimes not

1 Answers1