0

I have a problem that need help

I have 2 table that need to be inserted

po

poID     poNo     prNo     branch     supplier    date_po     date_delivery note    tax    grandtotal

and the other is

detail_po
poNo      productCode     productName    qty    price    discount    total

my code for inserting data into two table doesn't work for the detail data there are checkbox in the form, and only data with checkbox checked will insert into detail_po table

it doesn't show any error message either

<?php
header("Location: poAdd.php");
$conn = mysql_connect("localhost","root","");
mysql_select_db("a.karat");
if(isset($_POST['product_submit']))
{

$poNo           = $_POST['poNo'];   
$prNo           = $_POST['prNo'];   
$branch         = $_POST['branch'];
$supplier       = $_POST['supplier'];   
$date_po        = $_POST['date_po'];
$date_delivery  = $_POST['date_delivery'];
$note           = $_POST['note'];
$tax            = $_POST['tax'];
$grandtotal     = $_POST['grandtotal'];


$query = mysqli_query($con,"INSERT INTO po (poNo,prNo,branch,supplier,date_po,date_delivery,note,tax,grandtotal)VALUES('$poNo', '$prNo','$branch', '$supplier', '$date_po',  '$date_delivery', '$note', '$tax','$grandtotal')");

$check=$_POST['check'];
foreach($check as $i)
{
    $prcode=$_POST['productCode'.$i];
    $prname=$_POST['productName'.$i];
    $qty=$_POST['qty'.$i];
    $price=$_POST['price'.$i];
    $discount=$_POST['discount'.$i];
    $total=$_POST['total'.$i];
    $query = mysqli_query($con,"insert into detail_po (poNo,productCode,productName,qty,price,discount,total) value ('$pono', '$prcode', '$prname', '$qty', '$price','$discount','$total',)");
}
if($query)
{
?>
<script>
alert("success");
</script>
<?php
}
}
header("Location: poAdd.php");
?>

need help to make it works

Shevcenko
  • 5
  • 3
  • You don't know what's wrong because you don't check for errors in your code. Never assume the code is always going to work flawlessly. Use [`mysqli_error()`](http://php.net/manual/en/mysqli.error.php) to get a detailed error message from the database. – John Conde Mar 24 '17 at 01:41
  • Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). – John Conde Mar 24 '17 at 01:41

0 Answers0