0
$Control_no = uniqid();

$q = "INSERT INTO `client_t` (`Control_no`, `Client_id`, `Fname`, 
                                `Mname`, `Lname`, `Religion`, 
                                `Citizenship`, `Address`, `E-mail`,
                                `Monthly_Income`, `Detained`, `Date_detained`,
                                `Age`, `Gender`, `Civil_Status`,
                                `Educ_attain`, `Language`, `Contact_no`, 
                                `Spouse`) 
                VALUES ('$Control_no','','$_POST[Fname]',
                        '$_POST[Mname]','$_POST[Religion]','$_POST[Citizenship]',
                        '$_POST[Address]}','$_POST[Email]','$_POST[Monthly_Income]',
                        '$_POST[Detained]','$_POST[Date_Detained]','$_POST[Age]',
                        '$_POST[Gender]','$_POST[Civil_Status]','$_POST[Educ_Attain]',
                        '$_POST[Language]','$_POST[Contact_no]','$_POST[Spouse]')";
$r = mysqli_query($db,$q);
$Client_id = mysqli_insert_id();
RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
C Monts
  • 1
  • 2
  • `'$_POST[Religion]'` check all of the `$_POST` if you are confuse just set the values before the query and than use variable, and second, mysqli does not magically secure your code, learn how to escape, and always turn the error on, so you can solve your problem your self – arif_suhail_123 Mar 27 '17 at 00:52
  • You don't need to include an auto incremented field in your insert query – matthewpark319 Mar 27 '17 at 00:53
  • Share query `echo $q` ? – Niklesh Raut Mar 27 '17 at 00:54
  • 1
    You don't know what's wrong because you don't check for errors in your code. Never assume the code is always going to work flawlessly. Use [`mysqli_error()`](http://php.net/manual/en/mysqli.error.php) to get a detailed error message from the database. – John Conde Mar 27 '17 at 00:54
  • `'$_POST[Address]}'` ??? random `}` – RiggsFolly Mar 27 '17 at 00:54
  • 1
    Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). – John Conde Mar 27 '17 at 00:54
  • if Client_id is an auto-increment column simply don't include it your insert, it will automatically be populated with the next value – Duane Lortie Mar 27 '17 at 00:55
  • 19 column names and 18 parameters will not help things go smoothly either – RiggsFolly Mar 27 '17 at 00:59
  • what is the maximum parameter of a insert query – C Monts Mar 27 '17 at 01:31

0 Answers0