1

I want to take the itemcode from url and insert into database. But item code is not inserted.

<?php

$item_code = $_GET['item_code'];

if (isset($_POST['submit'])) {
    $first_name = $_POST['first_name'];
    $last_name = $_POST['last_name'];
    $email = $_POST['email'];
    $phone = $_POST['phone'];
    $address = $_POST['address'];
    $city = $_POST['city'];
    $state = $_POST['state'];
    $pincode = $_POST['pincode'];
    $item_number = $_POST['item_number'];
    $date = $_POST['date'];
    $call_time = $_POST['call_time'];
    $comment = $_POST['comment'];
    $datetime = date_default_timezone_set('Asia/Kolkata');
    $datetime = date("l jS \of F Y h:i:s A");



    $insert_query = "insert into rlu_order(item_code,first_name,last_name,email,phone,address,city,state,pincode,item_number,date,call_time,comment,datetime) values('$item_code','$first_name','$last_name','$email','$phone','$address','$city','$state','$pincode','$item_number','$date','$call_time','$comment','$datetime')";


    if (mysqli_query($con, $insert_query)) {

        echo "<script>alert('Thank You for your Project order we will contact you shortly')</script>";
        echo "<script>window.open('index.php','_self')</script>";
    }
}
?>

I pass the url like 'order.php?item_code=$item_code'

Omi
  • 3,954
  • 5
  • 21
  • 41
Banjit Das
  • 39
  • 5
  • 1
    have you checked the `$_GET['item_code']` value? – TheRealMrCrowley Aug 29 '17 at 19:30
  • 3
    **WARNING**: When using `mysqli` you should be using [parameterized queries](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add user data to your query. **DO NOT** use string interpolation or concatenation to accomplish this because you have created a severe [SQL injection bug](http://bobby-tables.com/). **NEVER** put `$_POST`, `$_GET` or **any** user data directly into a query, it can be very harmful if someone seeks to exploit your mistake. – tadman Aug 29 '17 at 19:31
  • Yes. Item_code is shown in the URL like order.php?item_code=JUBBN7 – Banjit Das Aug 29 '17 at 19:31
  • have you debugged `$insert_query` to see what it has for values? – TheRealMrCrowley Aug 29 '17 at 19:32
  • the database is connected. Everything is inserted except the item code which is fetched from the previous page by using url. – Banjit Das Aug 29 '17 at 19:33
  • @BanjitDas that's not what I asked. have you debugged the actual value of `$_GET['item_code']`? just because it is in your url does not mean it is what you think it is – TheRealMrCrowley Aug 29 '17 at 19:34
  • how to debug and get the value from URL sir @TheRealMrCrowley – Banjit Das Aug 29 '17 at 19:35
  • there are lot's of ways. `var_dump`, `echo`... take your pick, but you need to inspect the data before assuming other problems – TheRealMrCrowley Aug 29 '17 at 19:36
  • and as tadman mentioned, you really need to be using parameterized queries – TheRealMrCrowley Aug 29 '17 at 19:37
  • when i echo the $item_code i am getting undefined veriable – Banjit Das Aug 29 '17 at 19:39
  • i echo the variable in 'order.php?item_code=$item_code' page everything is working fine but item_code is not inserted in the database rest all are inserted. @TheRealMrCrowley – Banjit Das Aug 29 '17 at 19:45
  • i echo the variable in 'order.php?item_code=$item_code' page everything is working fine but item_code is not inserted in the database rest all are inserted. @TheRealMrCrowley – Banjit Das Aug 29 '17 at 19:49
  • @BanjitDas Can you please show us the `
    ` tag in your HTML, and the output from your `echo $insert_query`?
     – RToyo Aug 29 '17 at 19:50

2 Answers2

1

Always do error check before continue to next step

*check for $item_code after ***SUBMIT is fired

if (isset($_POST['submit'])) {

$item_code = ( !empty $_REQUEST['item_code'] ) ? $_REQUEST['item_code'] : '';

if( empty($item_code) ) 
{
   //No need to continue if there's no item_code
   die("We need item_code");
}

$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$address = $_POST['address'];
$city = $_POST['city'];
$state = $_POST['state'];
$pincode = $_POST['pincode'];
$item_number = $_POST['item_number'];
$date = $_POST['date'];
$call_time = $_POST['call_time'];
$comment = $_POST['comment'];
$datetime = date_default_timezone_set('Asia/Kolkata');
$datetime = date("l jS \of F Y h:i:s A");



$insert_query = "insert into rlu_order(item_code,first_name,last_name,email,phone,address,city,state,pincode,item_number,date,call_time,comment,datetime) values('$item_code','$first_name','$last_name','$email','$phone','$address','$city','$state','$pincode','$item_number','$date','$call_time','$comment','$datetime')";


if (mysqli_query($con, $insert_query)) {

    echo "<script>alert('Thank You for your Project order we will contact 

you shortly')</script>";
        echo "<script>window.open('index.php','_self')</script>";
    }
}
Prince Adeyemi
  • 724
  • 6
  • 12
0

It seem you are using GET and POST

$_GET[''] $_POST['']

I use REQUEST to get all my values

$_REQUEST['']
Kyle Brown
  • 21
  • 4
  • OP appears to be using `$_GET` appropriately. $_REQUEST is unlikely to solve the problem. – RToyo Aug 29 '17 at 19:51