0

I am trying to insert data into an online MySql database,I used this query a few months ago now it doesn't seem to work,

My Form:

$name = "Hilary";
$number = "768";
$orderss = "Rice x1";
$location = "Chilenje";

$con= mysqli_connect($host,$user,$pass,$db);

$query= "insert into orders values('".$name."','".$number."','".$orderss."','".$location."');";

$result= mysqli_query($con,$query);

if(!$result)
{
    $response = array();
    $code= "reg_false";
    $message="Error Placing Order...";
    array_push($response,array("code"=>$code,"message"=>$message));
    echo json_encode(array("server_response"=>$response));

}
else
{
    $response = array();
    $code= "reg_true";
    $message="Order Successful,Please wait for our call...";
    array_push($response,array("code"=>$code,"message"=>$message));
    echo json_encode(array("server_response"=>$response));

}

mysqli_close($con);

?>

When i run this form i get the "Error placing orders" part of server response and values are not inserted.Please help me

aynber
  • 22,380
  • 8
  • 50
  • 63
The_Hilz
  • 33
  • 1
  • 8
  • 2
    You are wide open for SQL injection. Since you're using mysqli, take advantage of [prepared statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [bind_param](http://php.net/manual/en/mysqli-stmt.bind-param.php). Also, check for error messages when you run the query. – aynber Jun 13 '17 at 20:03
  • Try [enabling exceptions](https://stackoverflow.com/questions/14578243/turning-query-errors-to-exceptions-in-mysqli) to get more specific errors. – tadman Jun 13 '17 at 20:05
  • You should read some docs here https://www.w3schools.com/php/php_mysql_insert.asp – Muhammad Usman Jun 13 '17 at 20:06
  • sad part is am running online directly cant run locally right now,but if am getting "Error Placing" dosent that mean there are no errors? – The_Hilz Jun 13 '17 at 20:06
  • Also check for connection errors – Rotimi Jun 13 '17 at 20:15
  • 1
    @The_Hilz If you're getting "Error Placing" it means you have errors. Use `mysqli_error($con)` to get the error message. – Barmar Jun 13 '17 at 20:16
  • @Barmar yes youre right overlooked that fact for some reason – The_Hilz Jun 14 '17 at 07:35

1 Answers1

0

Make your $query very simple like this if you're inserting into all columns of your table

$stmt = $conn->prepare("INSERT INTO orders VALUES (?, ?, ?, ?)");
$stmt->bind_param("siss", $name, $number, $orderss, $location);

or if you're inserting into specific columns you can use this by replacing column_name* with your actual column names

$stmt = $conn->prepare("INSERT INTO orders (column_name1, column_name2, column_name3, column_name4) VALUES (?, ?, ?, ?)");
$stmt->bind_param("siss", $name, $number, $orderss, $location);

or I also modified your current code so you can test at your end one more thing "siss" are arguments which are of 4 different types i - integer, d - double, s - string, b - BLOB

<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";

$name = "Hilary";
$number = "768";
$orderss = "Rice x1";
$location = "Chilenje";

// Create connection
$con = new mysqli($servername, $username, $password, $dbname);

// Check connection
if ($con->connect_error) {
    die("Connection failed: " . $con->connect_error);
}

// prepare and bind
$stmt = $conn->prepare("INSERT INTO orders VALUES (?, ?, ?, ?)");
$stmt->bind_param("siss", $name, $number, $orderss, $location);

if($stmt->execute()) {
$stmt->execute();
    $response = array();
    $code= "reg_true";
    $message="Order Successful,Please wait for our call...";
    array_push($response,array("code"=>$code,"message"=>$message));
    echo json_encode(array("server_response"=>$response));
} else {

    $response = array();
    $code= "reg_false";
    $message="Error Placing Order...";
    array_push($response,array("code"=>$code,"message"=>$message));
    echo json_encode(array("server_response"=>$response));

}
$stmt->close();
$con->close();
?>
Rtra
  • 514
  • 12
  • 25