-1
$sql = "INSERT INTO stock VALUES 
('$pid','$name','$hsn','$qty','$unit','$sid')";

if(mysqli_query($conn, $sql)){


$message = "Records added successfully.";
echo "<script type='javascript'>alert('$message');</script>";

} 
else{

$message= "ERROR: Could not able to execute $sql. " . mysqli_error($link);
echo "<script type='text/javascript'>alert('$message');</script>";

}

mysqli_close($conn);
header("Location: addp.php"); /* Redirect browser */
exit();

The alert is not displayed even if it is successfully executed in the database.

EDIT: Got it working by using @Randall answer:

echo '<script language="Javascript" type="text/javascript">';
echo     'alert('. json_encode($message) .');';
echo '</script>';

Alert is displayed only when 

header("Location: addp.php");

is removed. I need to display alert and redirect.

Jason Bourne
  • 11
  • 2
  • Is anything alerted, ever? Even on fail? – Zak Nov 03 '17 at 16:24
  • 4
    [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard Nov 03 '17 at 16:24
  • 1
    @JayBlanchard not if all his variables are generated server side, not using information that came from the client. which, granted, is probably not the case. – tyler mackenzie Nov 03 '17 at 16:29
  • 1
    You should *always* prepare your queries. Always @tylermackenzie – Jay Blanchard Nov 03 '17 at 16:30
  • @Zak No. Nothing is ever alerted. – Jason Bourne Nov 03 '17 at 16:36
  • 1
    Oh yeah, I agree @JayBlanchard. It's good to be in the habit of doing it. Just saying there are rare circumstances where it's perfectly safe not to. – tyler mackenzie Nov 03 '17 at 16:36
  • @WillParky93 yes – Jason Bourne Nov 03 '17 at 16:36
  • When you do get it to show the alert() ... you will want to make sure you escape 'else' $message better for the javascript echo. As the $sql can contain things that will break the quoting in javascript. – IncredibleHat Nov 03 '17 at 16:37
  • worked fine for me with a generic variable/text. – Funk Forty Niner Nov 03 '17 at 16:49

2 Answers2

1

Something I've noticed in your paste:

if (mysqli_query($conn, $sql)) {
    $message = "Records added successfully.";
    echo "<script type='javascript'>alert('$message');</script>";
} else {
    $message= "ERROR: Could not able to execute $sql. " . mysqli_error($link);
    echo "<script type='text/javascript'>alert('$message');</script>";
}

In the first case, you use just <script type='javascript'>, which may cause some issues as that is not a valid type (check your browser dev console for errors).

In the second case you are not escaping the $sql portion of your $message. This will assuredly cause a javascript error you should see in your browsers dev console.

Therefore, try this instead:

if (mysqli_query($conn, $sql)) {
    $message = "Records added successfully.";
} else {
    $message = "ERROR: Could not execute $sql. " . mysqli_error($link);
}
echo '<script language="Javascript" type="text/javascript">';
echo     'alert('. json_encode($message) .');';
echo '</script>';

I put the echo of script after the if/else, because you will always have a $message to alert, and thus this consolidates code.

-EDIT-

In light of news that you have a header(); redirect at the bottom of your php... which kills any notion of javascript firing off since the web browser never gets that information... this is a possible way to handle it:

echo '<meta http-equiv="refresh" content="1; url=addp.php">';

Tells the browser to refresh to the final destination after spewing out the javascript alert (messy, and ugly).

Another example is to use:

header("Refresh: 1; url=addp.php");

Which puts the refresh timer into the header, instead of the html body. Has the same effect, and is ugly and messy.

The last exemaple is to really restructure your path of execution and what you are doing... for which I will not supply code for. Too much work.

IncredibleHat
  • 4,000
  • 4
  • 15
  • 27
  • Below this I have written `mysqli_close($conn); header("Location: addp.php"); /* Redirect browser */ exit(); ` I only get a alert if I remove `header("Location: addp.php");` . If I remove this I get a blank page. I want it to redirect to the location. – Jason Bourne Nov 03 '17 at 19:13
  • You should have included that in your example. The header is completely negating anything you do with javascript output (the alert included). If you wish it to redirect to another page AND show a javascript alert... I will update my answer with a way to do that. – IncredibleHat Nov 03 '17 at 19:33
  • Thanks @Randall . The First Way Worked. Cheers! – Jason Bourne Nov 03 '17 at 19:47
0

Your type attribute of <script> is wrong. either remove type attribute or specify it as text/javascript 

$sql = "INSERT INTO stock VALUES 
('$pid','$name','$hsn','$qty','$unit','$sid')";

if(mysqli_query($conn, $sql)){


$message = "Records added successfully.";
echo "<script type='text/javascript'>alert('$message');</script>";

} 
else{

$message= "ERROR: Could not able to execute $sql. " . mysqli_error($link);
echo "<script type='text/javascript'>alert('$message');</script>";

}

PS: your php script is vulnerable to sql injection attacks. use prepared statements

Farsheel
  • 610
  • 6
  • 17