0
<?php include('dbcon.php'); 
include('header.php');

    //variable
    $clientID='';
    $billAmount='';
    $arrear='';
    $monthlyBill='';
    $surcharge='';


    //data add

    $clientID=$_POST['clientID'];


    $sqll = "SELECT  `client`.`clientId` , (
         `arrear` + `surcharge` + `monthlyBill`) AS  'billamount', (

        FROM  `billifno` 
        JOIN  `client` ON  `billifno`.`clientID` =  `client`.`clientID` WHERE  `billifno`.`clientID`='".$_POST["clientID"]."'";


    $result = mysqli_query($con,$sqll);

//  if ($result->num_rows > 0) 


    // output data of each row
    while($row = mysqli_fetch_assoc($result)) {

        $clientId = $row['clientId'];
        $arrear = $row['arrear'];
        $monthlyBill= $row['monthlyBill'];
        $billAmount = $row['billAmount'];
        $surcharge = $row['surcharge'];

    }   


        //echo $billAmount;



    $sql = "INSERT INTO `billIfno`
    (`clientID`, `billAmount`,`arrear`,  `monthlyBill`,`surcharge`) VALUES 
    ('$clientID','$billAmount','$arrear','$monthlyBill','$surcharge')";
    if ($con->query($sql)=== true)
    {
    echo "Recorded!!!";
    }
    else
    {
    echo "Not Recorded !!!";
    }


    $con->close();
?>

Hare I am taking some value and process it using query then again insert into billInfo table but it not inserting the new values like If I echo billAmonu it print the correct value that is calculated by query bt that value is not inserting into database.

Fahomida Sultana
  • 1
  • 1
  • 1
    In the while loop you use $billamount without a capital A and in your $sql it's with a capital A. – Mr. Greenwoodz Oct 04 '17 at 15:51
  • You desperately need to implement prepared statements before going live with this – Rotimi Oct 04 '17 at 15:53
  • but still it not inserting the right value. It's show Undefined index: arrear – Fahomida Sultana Oct 04 '17 at 16:07
  • It's recorded the null Value – Fahomida Sultana Oct 04 '17 at 16:10
  • @Mr. Greenwoodz is their any another way to insert the new value – Fahomida Sultana Oct 04 '17 at 17:32
  • Your code is vulnerable to [**SQL injection**](https://en.wikipedia.org/wiki/SQL_injection) attacks. You should use prepared statements with bound parameters, via either the [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php) drivers. [**This post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) has some good examples. – Alex Howansky Oct 04 '17 at 18:21
  • Another thing i notice is that your $clientId has capital I and a lower d and in your query it's $clientID. Best thing you can do is troubleshoot. Do some echo's and find out if the variable is filled. If it is, echo the $sql and see if it's filled with the required data. If it is, try copying the sql directly into your query builder (in phpmyadmin or w/e you are using) etc.. Also you want to keep your code consistant. Make rules for yourself when to use capital letters and when you shouldn't to prevent these mistakes;) – Mr. Greenwoodz Oct 04 '17 at 19:22

0 Answers0