0

When I add a record in my database, it is successful, but instead of the data entered, it returns 1 instead. Here is the code of the form.

<?php
include('session.php');

$productname = isset($_POST['productname']);
$stocks = isset($_POST['stocks']);
$category = isset($_POST['category']);
$price = isset($_POST['price']);

$addrecord = "insert into inventory values (' ', '$productname', '$stocks', ' ', ' ', '$category', '$price')";

if (!empty($productname) && !empty($stocks) && !empty($category) &&  !empty($price)) {
$query = mysqli_query($db, $addrecord);
echo 'Inventory record added';
}
?>
<html>
<head>
<title>New Inventory Record | Healthy Eats Point of Sales System</title>
<link rel="stylesheet" href="css/main.css" type="text/css">
<link href="https://fonts.googleapis.com/css?family=Roboto" rel="stylesheet">
</head>
<body>
<div id="main">
    <div id="nav">
        <ul>
            <li><a href="system_transactions.php" class="button">TRANSACTIONS</a></li>
            <li><a href="#" class="button">INVENTORY</a></li>
            <li><a href="#" class="button">FINANCES</a></li>
            <li><a href="#" class="button">AUDIT TRAIL</a></li>
            <div class="pic"><img src="images/pastedImage0.png"></div><br>
            <p style="float: right; margin:3% -11%"><?php echo $login_session; ?><br><a href="logout.php" style="font-weight: bold">Log Out</a></p>
        </ul>
    </div>
    <div id="table">
  <a href="system_inventory.php" class="button">BACK</a>
  <br /><br />
  <h3>New Inventory Record</h3>
  <form action="new_record.php" method="post">
    <table style="border: 0;">
      <tr>
        <th>Product Name</th>
        <td><input type="text" name="productname" autocomplete="off"></td>
      </tr>
      <tr>
        <th>Stocks</th>
        <td><input type="text" name="stocks"></td>
      </tr>
      <tr>
        <th>Category</th>
        <td><select name="category">
              <option value="">Choose category...</option>
              <option value="Vegetarian">Vegetarian</option>
              <option value="Burrito">Hearty Burrito</option>
              <option value="Green Servings">Green Servings</option>
              <option value="Rice Meals/Toppings">Rice Meals/Toppings</option>
              <option value="Pasta">Pasta</option>
              <option value="Skizza">Skizza</option>
              <option value="Sandwiches">Sandwiches</option>
              <option value="Pancakes/Cakes">Pancakes/Cakes</option>
              <option value="Juices/Beverages">Juices/Beverages</option>
            </select></td>
      </tr>
      <tr>
        <th>Price</th>
        <td><input type="text" name="price" autocomplete="off"></td>
      </tr>
      <tr>
        <th><input type="submit" value="ADD RECORD"> <input type="reset" value="ERASE ALL"></th>
      </tr>
    </table>
  </form>
    </div>
</div>

It returns 1 for every column. Here is a photo of a new record entered.

https://i.stack.imgur.com/0EOz9.jpg

Let's say the record entered are the following:

  • Name: Grilled Veggies
  • Stocks: 10 (so that committed and available columns become 0 and 10, latter is derived)
  • Category: Vegetarian (from option select list)
  • Price: 115.00

Then Add Record button is entered. Instead of the details above, it returns the picture above. Is there any workaround on this?

Lance Christian B. SAN PEDRO
  • 1
  • 2
  • Before going forward check this : `value="Green Servings"` is really bad. `` this is a definite no no. Always use numeric values so called "ids" like `` – Vinay Feb 25 '18 at 12:20
  • `$productname = isset($_POST['productname']) ? $_POST['productname'] : 'some_default_value';` – RiggsFolly Feb 25 '18 at 12:33
  • Or better still if they are not set, you cannot enter a complete record to database, so throw error back to the user and tell them they must enter these values – RiggsFolly Feb 25 '18 at 12:34

1 Answers1

-1

Change the line <input type="submit" value="ADD RECORD"> to <input type="submit" name="submit" value="ADD RECORD">.

Change the following lines 

include('session.php');
$productname = isset($_POST['productname']);
$stocks = isset($_POST['stocks']);
$category = isset($_POST['category']);
$price = isset($_POST['price']);
// rest of the PHP code goes here

to 

 include('session.php');
 if(isset($_POST['submit'])){   
    $productname = $_POST['productname'];
    $stocks = $_POST['stocks'];
    $category = $_POST['category'];
    $price = $_POST['price'];

        // rest of the PHP code goes here 
  }

From here -isset returns TRUE if var exists and has value other than NULL. FALSE otherwise.

And then TRUE becomes 1 when entered in database.

Istiaque Ahmed
  • 6,072
  • 24
  • 75
  • 141
  • It now works as intended, but it gives me four notices of undefined indexes.on the four variables. How is it suppressed? – Lance Christian B. SAN PEDRO Feb 25 '18 at 12:26
  • @LanceChristianB.SANPEDRO, paste the notices here – Istiaque Ahmed Feb 25 '18 at 12:29
  • 2
    _Dont suppress errors_ **Fix them** – RiggsFolly Feb 25 '18 at 12:30
  • This would make the script wide open to [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and never use unclenzed POST or GET data – RiggsFolly Feb 25 '18 at 12:37
  • - Notice: Undefined index: productname in C:\xampp\htdocs\CAPSTONE\new_record.php on line 4 - Notice: Undefined index: stocks in -C:\xampp\htdocs\CAPSTONE\new_record.php on line 5 - Notice: Undefined index: category in C:\xampp\htdocs\CAPSTONE\new_record.php on line 6 - Notice: Undefined index: price in C:\xampp\htdocs\CAPSTONE\new_record.php on line 7 – Lance Christian B. SAN PEDRO Feb 25 '18 at 12:41
  • @LanceChristianB.SANPEDRO, where is the PHP code written - inside `new_record.php` ? – Istiaque Ahmed Feb 25 '18 at 12:43
  • @LanceChristianB.SANPEDRO, edited my answer – Istiaque Ahmed Feb 25 '18 at 12:48