POST data not sending

Question

UPDATE Added all the code for the img upload as well as adding to the DB. The output of print_r($_POST); :Array ( [prodName] => Test Product [prodPrice] => 100 [prodDescript] => Test description [submit] => UPLOAD ) Also the prodID col is auto increment.

Building off an image uploader you all so graciously helped me with, I am now trying to get the rest of this form to work. I am sending the data via POST but none of the info is being sent. I have verified the images upload, via the $_FILES array, but nothing is coming through in the $_POST data

I know my hosting service allows $_POST because I have another form that works perfectly with it. I cannot get to seem to get any errors to point me in the right direction. So once again. I come to you wonderful people.

<form action="inventory_add.php" method="POST" enctype="multipart/form-data">
    <label>Product Name: </label>
    <input type="text" name="prodName" id="prodName">
    <br>
    <label>Product Price: </label>
    <input type="text" name="prodPrice" id="prodPrice">
    <br>
    <label>Product Description</label><br>
    <textarea name="prodDescript" width="200px" id="prodDescript"></textarea>
    <br>
    Select Image Files to Upload:
    <br>
    <input type="file" name="upload[]" multiple >
    <input type="submit" name="submit" value="UPLOAD">
</form>

Some of the code from inventory_add.php:

if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $servername = "**********";
    $username = "**********";
    $password = "***********";
    $dbname = "************";

    $prod_name = $_POST['prodName'];
    $prod_price = $_POST['prodPrice'];
    $prod_descript = $_POST['prodDescript'];
    print_r($_POST);
    // Create connection
    $conn = new mysqli($servername, $username, $password, $dbname);
    // Check connection
    if ($conn->connect_error) {
        die("Connection failed: " . $conn->connect_error);
    } else {
        if(isset($_FILES['upload'])){
            $total = count($_FILES['upload']['name']);
            for( $i=0 ; $i < $total ; $i++ ) {
                $tmpFilePath = $_FILES['upload']['tmp_name'][$i];
                if ($tmpFilePath != ""){
                    $newFilePath = "images/prod/" . $_FILES['upload']['name'][$i];
                    if(move_uploaded_file($tmpFilePath, $newFilePath)) {
                        $img_names = implode(",",$_FILES['upload']['name']);

                    }
                }
            }
            $prodID = $_SESSION['curcount'] + 1;
            $sql = "INSERT INTO `inventory` (`prodId`, `prodTitle`, `prodDescript`, `prodCost`, `prodImages`) VALUES (' '," . $prod_name. "," . $prod_descript . "," . $prod_price ."," .$img_names.")";
            if ($conn->query($sql) === TRUE) {;
                 //   header('location:http://nerdsforhire.pnd-productions.com/shopmgr.php');
            } else {
                    echo 'There was an issue adding this item.';
            };
        }
    }
} else {
    echo "Failed";
}

Would hope this would update the database... yet it is not. I keep getting "There was an issue adding this item."

You need to use a prepared statement with bound variables. That way you solve both the sql injection problem you have now and the missing-quotes-around-strings problem that causes your query to fail. — jeroen, Jan 21 '19 at 17:54
Yes it is a fragment. I have the $_POST vars being set to the matching $prod**** var — , Jan 21 '19 at 18:24
Read [your PHP error log](https://stackoverflow.com/questions/5127838/where-does-php-store-the-error-log-php5-apache-fastcgi-cpanel). Use `print_r($_POST);` to output the raw data - what does it show? You should be able to work out from these what's going on. — Martin, Jan 21 '19 at 18:51
@Alex I did answer - For clarification I added the whole PHP code — , Jan 21 '19 at 19:34
As pointed out by @jeroen the problem you are having is because you do not use prepared statements. Change your query to use parameters and that should solve your problem with missing quotes. — Dharman, Jan 21 '19 at 19:40

Moxtheox · Accepted Answer · 2019-01-22T15:47:33.053

1

UPDATE based on our conversation below, and the code above, I think the issue is in your SQL not your PHP. I suggest adding mariadb to your question.

$conn = new mysqli($servername, $username, $password, $dbname);
$sql = 'INSERT INTO `inventory` ( `prodTitle`, `prodDescript`, `prodCost`, `prodImages`) VALUES (?,?,?,?)' ;
$stmt = $conn->prepare($sql)
$stmt->bind_param("ssss", $prod_name, $prod_descript, $prod_price, $img_names);
$stmt->execute()
if($stmt->affected_rows > 0) {
   //header("location:https://sample.com"); #affected_rows > 0 so row was inserted
} else {
   echo 'There was an issue adding this item.'; #failed to insert;
}

That should solve the issue. It is a prepared statement that will handle the issue with unescaped commas in the string as well as prevent SQL injection. Because prodId is auto increment, you don't need it in your statement, at least in MySQL you don't. The "ssss" part of the statement is assuming you are passing string values to the Db. Possible data types to be passed are:

i - integer
d - double
s - string
b - blob

See WC3Schools for more about php and prepared statements.

edited Jan 22 '19 at 15:47

answered Jan 21 '19 at 18:00

Moxtheox

99
6

1

Yes they are on the root – Jan 21 '19 at 18:24
How did you verify that `$_POST` is in fact empty? Also why would you pass '' as a value to your Db? Just omit the value all together, and eliminating point of possible failure. If \`prodId\` is supposed to be a unique key, passing the same value, ' ', for each record could cause an error as well. Instead omit the value, and set the default value in the Db to auto increment. – Moxtheox Jan 21 '19 at 18:51
I have updated the original code snippet to all the code in the PHP file – Jan 21 '19 at 19:35
Added $conn->error and getting this result: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'Product,Test description ,100,justin.jpg,Gina.jpg,Daniel.jpg)' at line 1 – Jan 21 '19 at 19:40
So what does the result from your code look like? There are several possibilities as to the cause, but without seeing what your output looks like, it's hard to say what the issue is. By the way, I always use `print_r(var_dump($_POST))` to output `$_POST`. This way if `Null` is the return, it is displayed rather than output as null (the browser will display this as empty space. It detects all output. – Moxtheox Jan 21 '19 at 19:43
this is the output with with all the prints you suggested and with the echos I already have shown in my code _array(4) { ["prodName"]=> string(6) "test 5" ["prodPrice"]=> string(1) "5" ["prodDescript"]=> string(22) "test 5 " ["submit"]=> string(6) "UPLOAD" } There was an issue adding this item.You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'test 5 ,5,bg4.jpg,bg3.jpg,bg2.jpg)' at line 1_ @moxtheox – Jan 21 '19 at 19:47
It looks like, and I'm no MariaDB expert, but your list of images doesn't have escaped commas. So the server is taking each picture and attributing it to a column, and there aren't enough columns in the first half of your SQL statement. To get more help I suggest adding #MariaDB to your question. The PHP is working fine, it's the SQL that is the issue. – Moxtheox Jan 21 '19 at 20:09
That makes sense about the escaped commas... How would I escape them? Sorry for being a total dimwhit about this. – Jan 21 '19 at 20:52
I updated my post to include how to use a prepared statement. I use the affected rows property of the mysqli object to make sure that there was in fact a row inserted. To implement this solution, paste everything in my code from the `$sql` variable down. Paste it over your `$sql` variable and `if` statement. Then double check my spelling of your column names, and lets see if this gets you to where you need to be. – Moxtheox Jan 21 '19 at 21:12
You, sir, are a savior!! I have been working on variations of this for days! This worked perfectly! – Jan 21 '19 at 22:00
Glad I could help. – Moxtheox Jan 21 '19 at 22:44

POST data not sending

1 Answers1