-1

I use this code to insert the data selection from select tag in html but i doesn't work perfectly when i put a value number in text input i would like someone helps me with that. otherwise, when i click in add_btn without value the insertion of data is added in MySQL databases.

HTML->

  <form id="myForm" action="userInfo.php" method="post">
                    <select name="type" class="add__type" >
                        <option value="inc" selected>+</option>
                        <option value="exp">-</option>
                    </select>                
                 <select  name="description" class="add__description" title="h" >
                   <option  value="Food">Food</option>
                   <option  value="Salary">Salary</option>
                   <option  value="Home">Home</option>
                   <option  value="Car">Car</option>
                   <option  value="Education">Education</option>
                   <option  value="Gift">Gift</option>
                   <option  value="Travle"> Travle </option>
                   <option  value="Fun">Fun</option>
                        </select>
                <input name="value" type="number" class="add__value">
           <button class="add__btn"><i class="ion-ios-checkmark-outline"></i></button>
            </form>
     <script src="script/jquery-1.8.1.min.js" type="text/javascript"></script>
    <script src="script/my_script.js" type="text/javascript"></script>

PHP-> userinfo.php

  <?php
        include_once('db.php');

        $type = $_POST['type'];
        $description = $_POST['description'];
        $value = $_POST['value'];

        if(mysql_query("INSERT INTO budget VALUES('$type', '$description' , '$value')"))
          echo "Successfully Inserted";
        else
          echo "Insertion Failed";
?>

PHP -> db.php

<?php
      $conn = mysql_connect ('localhost', 'root', '');
      $db   = mysql_select_db ('test');
?>
Tony
  • 1
  • 2
  • Your code is severely vulnerable towards database injections. Not only are you using a deprecated api (`mysql` rather than `mysqli` or `PDO`) but you're injecting variables directly into your string, which is a big nogo (as users can generate any SQL query that want to eg `'); --` to break your code. – h2ooooooo Dec 04 '17 at 09:36
  • I will checkout. Thank you. – Tony Dec 04 '17 at 09:37
  • @Tony can you show us the output of the following code after submitting the form. **echo "INSERT INTO budget VALUES('$type', '$description' , '$value')");** – Faiyaz Alam Dec 04 '17 at 09:50
  • @FaiyazAlam this is the output of the code : INSERT INTO budget VALUES('inc', '' , '') – Tony Dec 04 '17 at 09:59
  • @FaiyazAlam and this is the other output without putting value INSERT INTO budget VALUES('inc', 'Food' , '') – Tony Dec 04 '17 at 10:01
  • @Tony in both output you are not getting the value field. Try print_r($_POST) and check if the value is in this variable. – Faiyaz Alam Dec 04 '17 at 10:05
  • @FaiyazAlam you're right I didn't get the value : "Array ( [type] => inc [description] => Food [value] => ) Error: Column count doesn't match value count at row 1" – Tony Dec 04 '17 at 10:12
  • @Tony try this: $value = $_POST['thisistestvalue']; – Faiyaz Alam Dec 04 '17 at 10:14
  • @FaiyazAlam "Notice: Undefined index: thisistestvalue in C:\xampp\htdocs\userInfo.php on line 6 Array ( [type] => inc [description] => Food [value] => ) Error: Column count doesn't match value count at row 1" – Tony Dec 04 '17 at 10:18
  • mind changing the CAPS to lowercase for the title? it's considered as yelling – Funk Forty Niner Dec 04 '17 at 11:14
  • 1
    @FaiyazAlam Finally, I found the the answer; I forgot to use the type button tag "submit" :) – Tony Dec 05 '17 at 12:08

2 Answers2

1

If in your database table have Auto Increment value like id you need to declare inside the values field like this

INSERT INTO budget VALUES('','$type', '$description' , '$value')

If you want to what type of error for inserting in the query you need to check the what is the error. in yours, if condition be like 

if(mysql_query("INSERT INTO budget VALUES('','$type', '$description' , '$value')"))
   echo "Successfully Inserted";
else
   echo "Error: <br>" . mysql_error($conn);

And you need to change your default values like value, type this is no issue here but my advice is to avoid default words for define variable.

Final:

Avoid using MySQL because Mysql extension is deprecated as of PHP 5.5.0, and has been removed as of PHP 7.0.0. Instead

Nawin
  • 1,653
  • 2
  • 14
  • 23
-1

You're using an outdated method to do this. Have a look here : http://php.net/manual/it/book.mysqli.php

I suggest you also to check datas before insert them into your database. you are not checking anything to protect you to SqlInjection (you can start with a simple mysql_real_escape_string).

Correct the line 5 from this

$value = $_POST['value'];

to this

$value = $_POST['description'];

The fact that the data may not get inserted successfully can be due to an issue with your database. Be sure that your columns have the property to accept varchar instead of the text because if you try to insert number to a filed that only want letters your query will not work.

Jacopo Sciampi
  • 67
  • 3
  • 13