0

I need help on my code. When data is entered on my site, it does not show up in the mySQL data table. The insert function that I used might be the problem, but I cannot figure out how to get it to actually insert and show up in my table in my database. Can someone please guide me in the right direction with my code? 

<?php
   session_start();
   include("db_connect.php");

if(isset($_POST['submit'])){
$item = $_POST['item'];
if(empty($item)) {
  $errors = "you must enter something";
}
else{
  mysqli_query("INSERT INTO a4_todolist (item) VALUES ('$item')");
  header('location: index.php');
}
}

$a4_todolist = mysqli_query("SELECT * FROM a4_todolist");
?>



<!DOCTYPE html>
<html>
<head>
<title> Assignment 4 - To Do List </title>
<link rel ="stylesheet" type ="text/css" href="style.css">
</head>
<body>
<div class "head">
  <h2> To Do </h2>
</div>

<form method= "POST" action = "index.php">
<?php if (isset($errors)) { ?>
 <p><?php echo $errors; ?></p>
  <?php } ?>



 Item <input type = "text" name= "item" class="item_input">
  Author <input type = "text" name= "author" class="author_input">
  <button type = "submit" class="add-btn" name="submit"> Add Task 
  </button>
  </form>
  <table>

 <tbody>
    <?php while ($row = mysqli_fetch_array($a4_todolist)) { ?>
    <tr>
      <td class="id"> <?php print  $row['id']; ?> </td>
      <td class="item"> <?php echo $row['item']; ?> </td>
    </tr>
   <?php } ?>

</tbody>
</table>
</thread>


</body>
</html>
Grace0523
  • 1
  • 1
    Hi, welcome to Stack Overflow. It's good to see you've included part of the code. But make sure it was a [Minimal, Complete, and Verifiable Example (MCVE)](https://stackoverflow.com/help/mcve), note that asking for SQL Query need to have [Minimal, Complete, and Verifiable Example (MCVE)](https://meta.stackoverflow.com/questions/333952/why-should-i-provide-an-mcve-for-what-seems-to-me-to-be-a-very-simple-sql-query) too. – Mukyuu Mar 28 '19 at 02:01
  • 1
    You need to use error reporting. If used `mysqli_query` would have thrown an error about parameter 1 being a string and not a mysqli connection. Additional you are open to SQL injections and need to check the result of that query call. – user3783243 Mar 28 '19 at 02:37
  • Where is connection variable in `mysqli_query("INSERT INTO a4_todolist (item) VALUES ('$item')");`? – Zain Farooq Mar 28 '19 at 04:54
  • **Warning:** Your code is vulnerable to SQL Injection attacks. You should use parameterised queries and prepared statements to help prevent attackers from compromising your database by using malicious input values. http://bobby-tables.com gives an explanation of the risks, as well as some examples of how to write your queries safely using PHP / mysqli. **Never** insert unsanitised data directly into your SQL. The way your code is written now, someone could easily steal, incorrectly change, or even delete your data. – ADyson Mar 28 '19 at 09:44

2 Answers2

1

You have missed the sql connection variable which is coming from db_connect.php file inside your mysqli_query. Your mysqli_query() should be like this

mysqli_query($connection,"INSERT INTO a4_todolist (item) VALUES ('$item')");

Also this

$a4_todolist = mysqli_query($connection,"SELECT * FROM a4_todolist");

It seems that you are a beginner so I recommend you to learn Prepared statements which is more efficient and safe to use.

Zain Farooq
  • 2,956
  • 3
  • 20
  • 42
0

You should pass the connection link identifier as well as you can check for errors.

$con = mysqli_connect("localhost","my_user","my_password","my_db");

// Check connection
if (mysqli_connect_errno())
{
    echo "Failed to connect to MySQL: " . mysqli_connect_error();
}

Also after executing query you can again check for error.

if (!mysqli_query($con,"INSERT INTO a4_todolist (item) VALUES ('$item')")) {
    echo("Error description: " . mysqli_error($con));
}
Akash Sharma
  • 721
  • 3
  • 6