mysqli insertion query neither insert records nor shows the location of error

Question

I'm trying to execute an sql query that insert a record into a database on WAMP server, but when after pressing the submit button on form, that calls the php code, nothing happens. it just shows the message "Record insertion failed" i provided in the script. after trying and searching for a period of time, i'm unable to find WHERE IS THE ERROR IN QUERY. the code is give below:

    <?php
    $server="localhost";
    $user="root";
    $password="";
    $database="dbname";

   $con = mysqli_connect($server,$user,$password,$database);
   if (mysqli_connect_errno())
   {
   echo "Failed to connect to MySQL: " . mysqli_connect_error();
   }

    //variables getting values from HTML form

  if(isset($_POST['Submit-Personal'])){

    $name = $_POST['name'];
    $cnic = $_POST['cnic'];
    $date = $_POST['booking-date'];
    $ocassion = $_POST['ocassion'];
    $address = $_POST['address'];
    $phoneno = $_POST['phone-no'];
    $bridemobile = $_POST['bride-mobile'];
    $groommobile = $_POST['groom-mobile'];
    $familymobile = $_POST['family-mobile'];
    $email = $_POST['email'];
    $refering = $_POST['refering'];
    $share = $_POST['share'];
    $permission = $_POST['permission'];
   // attempt insert query execution
   $qry = "insert into personal_detail (Name, CNIC, Date, Ocassion, Address, 
    Phone_No, Bride_Mobile, Groom_Mobile, 
    Family_Mobile,EMail,Referring,Share,Permission) values 
 ('$name','$cnic','$date','$ocassion','$address','$phoneno','$bridemobile','$gro
    ommobile','$familymobile','$email','$refering','$share','$permission')";
    if(mysqli_query($con,$qry))
    {
    $message = "Record Saved Successfully";
    echo "<script type='text/javascript'>alert('$message');</script>";
    }
    else
    {
    $message = "Record Insertion Failed!";
    echo "<script type='text/javascript'>alert('$message');</script>";
    }

I have another table it's working completely fine. Means saves records into the table if the entries in the form are made as required.To me the syntax of both is looking completely same, but don't why the one not working: the PHP code that' working fine for other table is given below:

<?php
$server="localhost";
$user="root";
$password="";
$database="camouflage_studio";

$con = mysqli_connect($server,$user,$password,$database);
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }

if(isset($_POST['submit'])){
$name = $_POST['name'];
$cn = $_POST['contact-number'];
$email = $_POST['email'];
$subject = $_POST['subject'];
$message = $_POST['message'];
//query
$qry = "insert into contact_us (Name,Contact_No,EMail,Subject,Message) values ('$name','$cn','$email','$subject','$message')";

if(mysqli_query($con,$qry))
{
$message = "Record Saved Successfully";
echo "<script type='text/javascript'>alert('$message');</script>";
}
else
{
$message = "Record Insertion Failed!";
echo "<script type='text/javascript'>alert('$message');</script>";
}
}
mysqli_close($con);
?>

In your else-block, add `echo mysqli_error($con)`, that's how you get the error from mysql — Qirel, May 27 '17 at 07:54
you're aware that you have SQL-injection vulnerability , right ? — niceman, May 27 '17 at 08:00
and for production I don't recommend logging in to database as root user — niceman, May 27 '17 at 08:01
Your code is vulnerable to SQL injections. Please learn to use [prepared statements](https://www.youtube.com/watch?v=nLinqtCfhKY). — tereško, May 27 '17 at 08:06
`echo` your query to see if it holds the values you expect it to hold. How is date defined in the database? — RST, May 27 '17 at 08:47
@qirel i did as you guided but no success. still prompt nothing when i press the SUBMIT button on the form, neither give an error neither the record is inserted into the personal_detail table. — Muhammad Aatif, May 27 '17 at 11:02
@PavanBaddi no brother, i'm not getting any error. after pressing the submit button, the page just reloads and fields of the form becomes empty. — Muhammad Aatif, May 27 '17 at 11:03
@niceman i searches the google and implements things with a little knowledge about what i'm implementing. so as you guided i'll create a new user name. and kindly can explain a little more about what do you mean by FOR PRODUCTION? — Muhammad Aatif, May 27 '17 at 11:05
@RST I did echo my in the else block as also guided by Qirel , but still it prompts nothing. and the type of DATE in database is DATE. — Muhammad Aatif, May 27 '17 at 11:09
I said query not message do a print_r($qry). Could be as simple as trying to save text as date. — RST, May 27 '17 at 11:12
Take a look at `'$gro ommobile'` inside the query - that doesn't look right at all. With PHP and MySQL error reporting, your logs would've told you about this. — Qirel, May 27 '17 at 11:22
@Qirel you observed correctly what you mentioned. but it's displayed in the stackoverflow like that (as you mentioned) because of end of line i think so. in the code it's $groommobile. — Muhammad Aatif, May 27 '17 at 11:27
@RST i did as print_r($qry); but still nothing happens after pressing SUBMIT button on form. sorry if i'm not getting you correctly as i'm not more expert in the web field. it's just my first sit that i'm developing, that's why facing a lot of difficulties — Muhammad Aatif, May 27 '17 at 11:36
@PavanBaddi There's no need to write in capslock, and also OP will get notified about your answer - theres no need to comment about it. — Qirel, May 27 '17 at 11:39
"for production" means on the server you're going to deploy the app to, it would be for example `www.example.com` instead of `localhost/` which is "development environment" — niceman, May 27 '17 at 14:42

score 0 · Accepted Answer · edited Jun 20 '20 at 09:12

@Muhammad Aatif here i have a similar example of your with same column and table name.

I have used mysqli_real_escape_string($conn, $_POST['name_of_form']) against SQL INJECTION to know more you can visit this site sql injection link

HERE IS THE HTML FORM CODE IN FILE NAME: INDEX.PHP

    <!DOCTYPE html>
<html>
<head>
<title>Page Title</title>
</head>
<body>

<form action="process.php" method="post">
    <p>enter name</p>
    <input type="text" name="name"><br>
    
    <p>enter cnic</p>
    <input type="text" name="cnic"><br>
    
    <p>enter data</p>
    <input type="date" name="date"><br>
    
    <p>enter Occassion</p>
    <input type="text" name="ocassion"><br>
    
    <p>enter Address</p>
    <input type="text" name="address"><br>
    
    <p>enter phone_no</p>
    <input type="text" name="phone_no"><br>
    
    <p>enter Bride mobil</p>
    <input type="text" name="bride_mobile"><br>
    
    <p>enter Groom mobile</p>
    <input type="text" name="groom_mobile"><br>
    
    <p>enter family mobile</p>
    <input type="text" name="family_mobile"><br>
    
    <p>enter email</p>
    <input type="text" name="email"><br>
    
    <p>enter Referring</p>
    <input type="text" name="referring"><br>
    
    <p>enter share</p>
    <input type="text" name="share"><br>
    
    <p>enter permission</p>
    <input type="text" name="permission"><br>
    
    <input type="submit" name="Submit-Personal"><br>
</form>

</body>
</html>

HERE IS THE PHP CODE IN FILE NAME: PROCESS.PHP

 <?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "demo";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
} 

if(isset($_POST['Submit-Personal'])){
    
    $name = mysqli_real_escape_string($conn, $_POST['name']);
    $cnic = mysqli_real_escape_string($conn, $_POST['cnic']);
    $date = mysqli_real_escape_string($conn, $_POST['date']);
    $ocassion = mysqli_real_escape_string($conn, $_POST['ocassion']);
    $address = mysqli_real_escape_string($conn, $_POST['address']);
    $phone_no = mysqli_real_escape_string($conn, $_POST['phone_no']);
    $bride_mobile = mysqli_real_escape_string($conn, $_POST['bride_mobile']);
    $groom_mobile = mysqli_real_escape_string($conn, $_POST['groom_mobile']);
    $family_mobile = mysqli_real_escape_string($conn, $_POST['family_mobile']);
    $email = mysqli_real_escape_string($conn, $_POST['email']);
    $referring = mysqli_real_escape_string($conn, $_POST['referring']);
    $share = mysqli_real_escape_string($conn, $_POST['share']);
    $permission = mysqli_real_escape_string($conn, $_POST['permission']);
    
    $sql = "INSERT INTO personal_detail (Name,CNIC, Date,Ocassion,Address,Phone_No,Bride_Mobile,Groom_Mobile,Family_Mobile,EMail,Referring,Share,Permission) VALUES ('$name','$cnic','$date','$ocassion','$address','$phone_no','$bride_mobile','$groom_mobile',    '$family_mobile','$email','$referring','$share','$permission')";

    if ($conn->query($sql) === TRUE) {
        echo "New record created successfully";
        
        echo "<script type='text/javascript'>alert('sucess');</script>";
        
    } else {
        echo "Error: " . $sql . "<br>" . $conn->error;
    }
    
}
?>

HERE IS THE OUTPUT RESULT

HERE IS THE TABLE IMAGE

FEEL FREE TO ASK MORE QUESTIONS

The proper way to prevent sql injection is to use MYSQLI->PREPARED STATEMENT CLICK ON THIS LINK TO GET BREIF DETAIL SQL INJECTION

The only *proper* way to protect against SQL injection is prepared statements - escaping *can* be circumvented in some cases. https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php — Qirel, May 27 '17 at 11:40
@Qirel yes you are right but how to the questionair now. but thanks i'll any how notify in my answere — Pavan Baddi, May 27 '17 at 11:42
@PavanBaddi once i did exactly as you answered, but then after wasting a lot of time, i was unable to find out where to PLACE THE .PHP FILES AND .HTML FILES, means in which folder inside the folder that contains all the files of site. now i write php coding in the same html file at the bottom after the
tag, and in the action attribute of form, i calls the same file in which both the hmtl and php code is written. — Muhammad Aatif, May 27 '17 at 11:46
@Muhammad Aatif sure you can write html and php code in same file with your file extension to be in `.php` and change the `action="process.php"` to your current file name as `action="youfilename.php" ` — Pavan Baddi, May 27 '17 at 11:48
@PavanBaddi thanks. and is there any security/hacking issues in doing like that, means writing php and html both in a single file? — Muhammad Aatif, May 27 '17 at 11:51
@Muhammad Aatif there are issues in writing in same file. so most of the developers write HTML code in other file and php code in other. Indentation and code clarity with comment in important area is necessary and a good habit to adopte.. — Pavan Baddi, May 27 '17 at 12:00
@Muhammad Aatif if you like my answere click on `TICK` and upvote the arrow — Pavan Baddi, May 27 '17 at 12:12
@PavanBaddi i was thinking somehow the same as you said bro. when both of them is written in a same file, it becomes a salad and then during editing this file one has to search for the intended piece of code by going up and down miserably in same file, to do the modifications. but I don't know where to place the php files and html file. my website all files and folders are saved in a folder named as say ABC and the path to this ABC folder is C:\wamp64\www\ABC. now where do I need to save the php files and html files that are written separately? — Muhammad Aatif, May 27 '17 at 12:16
@PavanBaddi diffidently your answers are helpful bro and I tried to upvote your answer, but stackoverlow said something about less than 15 reputations.... and it did undo my upvote. — Muhammad Aatif, May 27 '17 at 12:20
@Muhammad Aatif its ok but you can use this tick mark near my answer you can click that it is just below upvote — Pavan Baddi, May 27 '17 at 12:23

mysqli insertion query neither insert records nor shows the location of error

1 Answers1

FEEL FREE TO ASK MORE QUESTIONS