0

i try to store it in database, but why my database was blank again after i submit this

<?php 
    require_once("connect.php");

$nama_file = $_FILES['imageUpload']['name'];
$category = $_POST['category'];
$sizes = $_POST['sizes'];
$fabric = $_POST['fabric'];
$total = $_POST['total'];

 move_uploaded_file($_FILES['imageUpload']['tmp_name'], "images/".$_FILES['imageUpload']['name']);

$simpan = mysql_query("INSERT INTO pesanan(category,sizes,fabric, total,images,tshirt,bag,case,cap,bracelet) VALUES('$category','$sizes','$fabric','$total','$nama_file','80000','130000','100000','80000','50000')");

    echo "Your add has been submited....";
    header("Location: cart.php");   
?>

and this for my form html :

<form action="doOrder.php" method="post" enctype="multipart/form-data">
Category :  <input type="hidden" name="category" value="T-SHIRT"> T-SHIRT
Choose Size
<label for="sizes"><span>
<input type="radio" name="sizes" value="S" checked="checked"/>S
<input type="radio" name="sizes" value="M" />M
<input type="radio" name="sizes" value="L" />L
<input type="radio" name="sizes" value="XL" />XL
</span>
</label>
Fabric Type
<select name="fabric">
    <option value="Cotton Combed">Cotton Combed</option>
    <option value="Cotton Carded">Cotton Carded</option>
   <option value="Polyester / PE">Polyester / PE</option>
    </select>
Total
<input type="number" name="total" min="1" max="100">
<input type="file" name="imageUpload" id="imageUpload">
<input value="Submit" type="submit" name="submit">
</form>

if anyone can help me, im newbie in this coding and thank you before...

Ai Ren
  • 3
  • 1
  • 1
    which type of error you got...? – Bhargav Chudasama Oct 13 '17 at 11:44
  • 3
    Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). – John Conde Oct 13 '17 at 11:44
  • 3
    FYI, [you shouldn't use `mysql_*` functions in new code](http://stackoverflow.com/questions/12859942/). They are no longer maintained [and are officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). See the [red box](http://php.net/manual/en/function.mysql-connect.php)? Learn about [*prepared statements*](https://en.wikipedia.org/wiki/Prepared_statement) instead, and use [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) - [this article](http://php.net/manual/en/mysqlinfo.api.choosing.php) will help you decide which one is best for you. – John Conde Oct 13 '17 at 11:44
  • 2
    You don't know what's wrong because you don't check for errors in your code. Never assume the code is always going to work flawlessly. Use [`mysql_error()`](http://php.net/manual/en/mysql.error.php) to get a detailed error message from the database. – John Conde Oct 13 '17 at 11:44
  • 1
    Your redirect won't work either. – John Conde Oct 13 '17 at 11:44
  • 1
    `mysql_*` is deprecated as of [tag:php-5.5]. So instead use `mysqli_*` or `PDO`. https://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php/14110189#14110189 – mega6382 Oct 13 '17 at 11:45
  • pls help me to input this value '80000','130000','100000','80000','50000' in tshirt,bag,case,cap,bracelet .. im done input value before that, but when i input 5 value above, in phpmyadmin sql not input anything – Ai Ren Oct 13 '17 at 11:55

0 Answers0