PHP-Unable to enter data into database

Question

I have posted a similar question before.. but then right now there is an issue with the code... The data is getting entered into MySql Database...

PHP FILE:

<html>

<head>
  <title>Enter New Project Details</title>
</head>

<body>
<?php include 'RegProj.html';

$pn=isset($_POST['ProjectName']) ? $_POST['ProjectName'] : '';
$tn=isset($_POST['TaskName']) ? $_POST['TaskName'] : ''; 
$dsc=isset($_POST['Proj_desc']) ? $_POST['Proj_desc'] : ''; 
$date = date('Y-m-d H:i:s');
$serverName = "Swagatha-PC"; 
if($_SERVER['REQUEST_METHOD']=="POST")
{

$conn = mysqli_connect( 'localhost:3307', 'root', '', 'TimeSheet');

if( $conn ) 
{
 echo "Connection established.<br />";
}
else
{
 echo "Connection could not be established.<br />";
 die( print_r( mysqli_connect_errno($conn), true));
} 

$query="Insert Into dbo.Project (DateAdded,ProjectName,TaskName,Proj_desc) 
values ('$date','$pn' ,'$tn' , '$dsc')";
$stmt=mysqli_query($conn,$query);


if($stmt==false)
{
echo "Error in adding Info!! Reload Page and try again!!<br/>";
 die( print_r( mysqli_connect_errno($stmt), true));
}
else
{
 echo " Record Added!!";
}
mysqli_close($conn);

}
?>
</body>
</html>

HTML FILE:

    <html>

   <head>
      <title>Enter New Project Details</title>    
    </head>

<body>
 <form id="project" method = "post" action = "RPMS.php">
         <table>
            <tr>
               <td>Project Name:</td> 
               <td><input type = "text" name = "ProjectName"></td>
            </tr>

            <tr>
               <td>Task Name:</td>
               <td><input type = "text" name = "TaskName"></td>
            </tr>

            <tr>
               <td>Project description:</td>
               <td><textarea name = "Proj_desc" rows = "5" cols = "40"></textarea></td>
            </tr>

            <tr>
               <td>
                  <input type = "submit" name = "submit" value = "Submit" > 
               </td>
            </tr>
         </table>
      </form>

</body>
</html>

The Error looks something like this:

How can i fix it??

did you try echo'ing the sql statement and running it manually? — Logan Murphy, Jun 23 '17 at 17:26
try to use prepared statement..this will cause sql injection — lalithkumar, Jun 23 '17 at 17:26
Add `ini_set('display_errors', 1); ini_set('log_errors',1); error_reporting(E_ALL); mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);` to the top of your script. This will force any `mysqli_` errors to generate an Exception that you can see on the browser and other errors will also be visible on your browser. — RiggsFolly, Jun 23 '17 at 17:27
You connected to a database called `TimeSheet` in the `mysqli_connect` and then when you copied the SQL Statement you left `dbo.` infront of `dbo.Project` SO _its a TYPO_ — RiggsFolly, Jun 23 '17 at 17:29
You would have been told the error if you were using `mysqli_error($stmt);` instead of `die( print_r( mysqli_connect_errno($stmt), true));` _Its another TYPO_ — RiggsFolly, Jun 23 '17 at 17:31
You should post the error here instead of using a link that may break in the future and is impossible to copy paste. — Goose, Jun 23 '17 at 17:38
@RiggsFolly After making the changes,the 0 is gone but data is still not getting entered — , Jun 23 '17 at 18:45
also I am having an issue with entering the date.. It isn't getting auto entered to the current — , Jun 24 '17 at 18:17

score 1 · Answer 1 · answered Jun 23 '17 at 17:27

1

You have to change your database name

from

$query="Insert Into dbo.Project (DateAdded, ProjectName, TaskName, Proj_desc) values ('$date','$pn' ,'$tn' , '$dsc')";

to

$query="Insert Into TimeSheet.Project (DateAdded, ProjectName, TaskName, Proj_desc) values ('$date','$pn' ,'$tn' , '$dsc')";

answered Jun 23 '17 at 17:27

Hemant Anjana

114
7

Just removing the `dbo.` would be enough – RiggsFolly Jun 23 '17 at 17:32
Yaah that is enough – Hemant Anjana Jun 23 '17 at 17:33

Ivan Bolnikh · Answer 2 · 2017-06-23T17:37:22.317

-1

You should mysqli_real_escape_string all $_POST data. If any containt single quote - will be sql syntax error. SQL injection also possible.

edited Jun 23 '17 at 17:37

answered Jun 23 '17 at 17:26

Ivan Bolnikh

742
9
19

That would not correct the [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) – RiggsFolly Jun 23 '17 at 17:26

PHP-Unable to enter data into database

2 Answers2