PHP Insert into MySQL Database doesn't work

Question

I'm trying to input data into MySQL Database. I can log into database. However, whenever I run, the error "Error Querying Database 2" keeps appearing.

I'm suspecting my SQL Query having problems. However, I have checked my SQL query several times but I can't find any errors. (not yet)

Any help is appreciated!

<!DOCTYPE HTML>
<html>
<head>
<title>Create Events</title>
<link rel="stylesheet" href="RegisterLogin.css">
</head>


 <?php
    session_start();
    if (isset($_SESSION['Username'])) {
        $Username=$_SESSION['Username'];

    }
?>
<body>


<?php
    //define variables and set to empty values
     $EventNameErr = $MembersAttending_Err = $EventDateErr = $LocationErr = $websiteErr = "";
     $EventName = $MembersAttending = $EventDate = $Location = $website = "";

    if ($_SERVER["REQUEST_METHOD"] == "POST") {
         if (empty($_POST["EventName"])) {
            $EventNameErr = "A name for the event is required";
          } else {
            $EventName = test_input($_POST["EventName"]);  
          }

          if (empty($_POST["MembersAttending"])) {
            $MembersAttendingErr = "How many members are attending";
          } else {
            $MembersAttending = test_input($_POST["MembersAttending"]); 
          }

           if (empty($_POST["EventDate"])) {
            $EventDateErr = "The date of the event is required";
          } else {
            $EventDate = test_input($_POST["EventDate"]); 
          }

          if (empty($_POST["Location"])) {
            $LocationErr = "Location of the event is required";
          } else {
            $Location = test_input($_POST["Location"]); 
          }



        //continues to target page if all validation is passed
        if ( $EventNameErr ==""&& $MembersAttendingErr ==""&& $EventDateErr ==""&& $LocationErr == ""){
            // check if exists in database
            $dbc=mysqli_connect('localhost','testuser','password','Project')
            or die("Could not Connect!\n");
            $sql="SELECT * from Events WHERE EventName ='$EventName';";
            $result =mysqli_Query($dbc,$sql) or die (" Error querying database 1");
            $a=mysqli_num_rows($result);
            if ($a>0){
            $EventNameErr="Event Name already exists".$a;
            } else {

            $sql1="INSERT INTO Events VALUES(NULL,'$EventName','$MembersAttending','$EventDate','$Location');";
                $result =mysqli_Query($dbc,$sql1) or die (" Error querying database 2");
                mysqli_close();
            header('Location: /EventCreated.php');
            }

        }
    }

       // clears spaces etc to prep data for testing
    function test_input($data){
        $data=trim ($data); // gets rid of extra spaces befor and after
        $data=stripslashes($data); //gets rid of any slashes
        $data=htmlspecialchars($data); //converts any symbols usch as < and > to special characters
        return $data;
    }

?>
<h2 style="color:yellow" align="center"> Event Creation </h2>
<form method="POST" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" align="center" style="color:#40ff00">
    EventName: 
    <input type="text" name="EventName" value="<?php echo $EventName;?>"/>
    <span class="error">* <?php echo $EventNameErr;?></span>
    <br/><br/>

    Members:
    <input type="text"  name="MembersAttending" value="<?php echo $MembersAttending;?>"/>
    <span class="error">* <?php echo $MembersAttendingErr;?></span>
    <br/><br/>

    Date:
    <input type="text"  name="EventDate" value="<?php echo $EventDate;?>"/>
    <span class="error">* <?php echo $EventDateErr;?></span>
    <br/><br/>

    Location:
    <input type="text" name="Location" value="<?php echo $Location;?>"/>
    <span class="error">* <?php echo $LocationErr;?></span>
    <br/><br/>



    <input type="Reset"  name="Reset" value="Reset">
    <input type="submit" name="submit" value="Submit"/> 
</form>

</body>
</html>

`or die('some useless message')` is not helping you! Add `ini_set('display_errors', 1); ini_set('log_errors',1); error_reporting(E_ALL); mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);` to the top of your script. This will force any `mysqli_` errors to generate an Exception that you can see on the browser and other errors will also be visible on your browser. — RiggsFolly, Apr 21 '18 at 22:41
Your script is wide open to [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) in either the `MYSQLI_` or `PDO` API's — RiggsFolly, Apr 21 '18 at 22:41
you are not added the column name in insert field.. what are the column name for the insert field — Anfath Hifans, Apr 21 '18 at 22:42
1) Use PDO or any other form of parameter binding. and 2) When logging errors, try to log the full database error as given by your PDO library or wrapper. — mmdts, Apr 21 '18 at 22:44
Basically, this would break and throw an error if any of your four fields has a single-quotation sign in it's value. For example, if the event name is "Let's work together towards a better future!", also the NULL could be inserted in a column with a NOT NULL or UNIQUE constraint (if you're not using auto-increment IDs) — mmdts, Apr 21 '18 at 22:48

score -1 · Answer 1 · answered Apr 21 '18 at 22:46

-1

I'm not sure what are the column name available in your table, but try with the following query,

I got the column name form your code, I'm not sure it's right or wrong. just try it.

$sql1="INSERT INTO Events (EventName,MembersAttending,EventDate,Location)
VALUES('$EventName','$MembersAttending','$EventDate','$Location');";

answered Apr 21 '18 at 22:46

Anfath Hifans

1,588
1
11
20

This only fixes the error if the error is with the number of columns not matching the number of values. If the error is with the first column having a UNIQUE / NOT NULL constraint, this still won't work. And if the error is with an SQL injection of single quotation, it still won't work too. – mmdts Apr 21 '18 at 22:50

PHP Insert into MySQL Database doesn't work

1 Answers1