-2

I'm trying to insert values in table it is saying error please tell me where i'm wrong here is my code its said please try again 

   <?php
    include_once('dbconnect.php');

    if(isset($_POST['submit']))
    {
      $name = $_POST['name'];
      $phone = $_POST['phone'];
      $cash = $_POST['cash'];

      if(mysql_query("INSERT INTO tbl2 VALUES('',$name','$phone','$cash','date('l jS \of F Y h:i:s A'))"))
        echo "Successful Insertion!";
      else
        echo "Please try again";
    }


    $res = mysql_query("SELECT * FROM tbl2");


?>

<form action="" method="POST">
 <input type="text" name="name"/><br />
 <input type="text" name="phone"/><br />
 <input type="text" name="cash"/><br />

<input type="submit" name="submit"  value=" Enter "/>
</form>

<h1>List of companies ..</h1>
<?php
    while( $row = mysql_fetch_array($res) )
      echo "$row[id].$row[Name] 
                <a href='edit.php?edit=$row[id]'>edit</a><br />";
                ?>

will you guide me i thought the problem is in date date

Huzail Spy
  • 15
  • 7
  • 1
    ***Please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php).*** [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard Oct 20 '17 at 14:01
  • 1
    [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)***. Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard Oct 20 '17 at 14:01
  • 1
    What error are you geting? – Jay Blanchard Oct 20 '17 at 14:01
  • `mysql_*` is deprecated as of [tag:php-5.5]. So instead use `mysqli_*` or `PDO`. https://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php/14110189#14110189 – mega6382 Oct 20 '17 at 14:02
  • What's your PHP version? If you are using newer PHP versions `mysql_` has been deprecated – Sam Oct 20 '17 at 14:02
  • my database not updating it run the else condition – Huzail Spy Oct 20 '17 at 14:03
  • i'm getting error in updating the database – Huzail Spy Oct 20 '17 at 14:05
  • How to _ask_ the database for what went wrong, has been discussed countless times before. Please do some proper research, instead of making us explain the same issue once again for you in "private tutoring" ... – CBroe Oct 20 '17 at 14:06
  • @CBroe sir i'm doing this almost from two ho already done the search that's why asking – Huzail Spy Oct 20 '17 at 14:07
  • How can you search for two hours and not come across for example `mysql_error`? – CBroe Oct 20 '17 at 14:09
  • i search for update database query , and then for how to debug the problem like that , always get the same answer which i already tried i wish i can show you the tabs which i already search – Huzail Spy Oct 20 '17 at 14:11
  • Well now you've been told, so use mysql_error, and tell us what the result is. – CBroe Oct 20 '17 at 14:13
  • sorry i'm bit low in learning? where to use mysql_error? – Huzail Spy Oct 20 '17 at 14:26
  • i was getting the error when i hit update – Huzail Spy Oct 20 '17 at 14:27

1 Answers1

0

Two things I can think of top my head;

  1. mysql_ has been deprecated, thus the else kicks in.
  2. Your syntax maybe wrong for mysql_query?

Nonetheless, start over and start over with code that is functional and up-to-date...

Given that your connection is working properly update it to a new mysqli syntax, it's very simple and much more elegant:

$connect = new mysqli( 'localhost', 'USERNAME', 'PASSWORD', 'DATABASE' );
// check for an error
if ($this->_connection->connect_error)
{
    trigger_error("Connection Error: " . $this->_connection->connect_error(), E_USER_ERROR);
}

Now that you are connected walk-through a new process for your code.

Start by checking like you currently are for a submit $_POST so that you can start running the script:

if ( isset( $_POST['submit'] ) )
{
    // Encode the URL when creating the variables
    $name = htmlentities( $_POST['name'] );
    $phone = htmlentities( $_POST['phone'] );
    $cash = htmlentities( $_POST['cash'] );
    $date = date( 'l jS \of F Y h:i:s A' );

    // create sql
    // DO NOT INSERT VALUES STRAIGHT INTO YOUR QUERY
    $sql = "INSERT INTO tbl2 ( name, phone, cash, date ) VALUES ( ?, ?, ?, ? )";

Note: before continuing, let me explain that you should never insert content into your query because that would throw raw user input in the mist of your code. Now, most users will never try anything fishy. But anyone could easily throw a few SQL commands inside of your inputs and DELETE, SELECT, and UPDATE your database content and cause numerous problems.

Here is some reference: https://en.wikipedia.org/wiki/SQL_injection

To work around that problem, use prepared statements. You can read all about it on PHP manual; and also see some real-life examples.

    // prepare query
    // USE PREPARED STATEMENTS
    if ($stmt = $connect->prepare( $sql ))
    {
        // bind the params
        $stmt->bind_param('ssss', $name, $phone, $cash, $date);
        // execute the query
        $stmt->execute();

        // check for errors
        if ($stmt->errno)
        {
            $message = array(
                'is_error' => 'danger',
                'message' => 'Error: ' . $stmt->error
            );
        }

        // make sure at least 1 or more rows were affected
        if ($stmt->affected_rows > 0)
        {
            $message = array(
                'is_error' => 'success',
                'message' => 'Success: ' . $stmt->affected_rows . ' rows were inserted.' // value should be 1
            );
        }
        else
        {
            // if not, send warning to user
            $message = array(
                'is_error' => 'warning',
                'message' => 'Warning: ' . $stmt->affected_rows . ' rows were updated.'
            );
        }
        // close your connection
        $stmt->close();
    }
    else
    {
        $message = array(
            'is_error' => 'danger',
            'message' => 'QUERY: error. Try again.'
        );
        exit;
    }
}
else
{
    $message = array(
        'is_error' => 'warning',
        'message' => 'There was no submission attempt. Try again.'
    );
    exit;
}

Notice in the code is broken down into parts where you can catch multiple errors, and it's important for debugging; it will allow you to know exactly where the code went wrong, and localize your problem to a single section of it.

Sam
  • 2,856
  • 3
  • 18
  • 29