I can't insert information into mysql database using php

Question

I'm trying insert car information into my database but it's giving me in error every time.

This is the code

if(move_uploaded_file($file_tmp,"productimages/".$file_name))
         {
            $sql="INSERT INTO `products`(`ptitle`, `pprice`, `pdesc`, `modal`, `pcate`, `image`,`feat`,`uid`,`edate`) VALUES ('".$title."',".$price.",'".$desc."',".$modal.",".$cate.",'".$file_name."',0,".$_SESSION["uid"].",'".$edate."')";
            $result=mysqli_query($con,$sql);
            if($result)
            {
            echo "<script>window.location.href='add-car.php?msg=1'</script>";
            }
            else
             {
                echo "<script>window.location.href='add-car.php?error=2'</script>";
             }
         }
         else
         {
            echo "<script>window.location.href='add-car.php?error=2'</script>";
         }

This is the database:

You are wide open for SQL injection. Since you're using mysqli, take advantage of [prepared statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [bind_param](http://php.net/manual/en/mysqli-stmt.bind-param.php). **This will take care of any pesky quoting issues that may occur.** — aynber, May 02 '19 at 17:42
What is the error you are seeing? You have a mixture of quotes in there, in other SQL databases this could be problem so I assume MySQL will too. — Jeff Mergler, May 02 '19 at 17:42
Instead of throwing a generic error, check for [mysqli errors](http://php.net/manual/en/mysqli.error.php) and echo (dev system)/log (live system) the error. — aynber, May 02 '19 at 17:43
`int(255)` doesn't exist... or not in the term you likely expect. https://stackoverflow.com/a/3135854/3783243 — user3783243, May 02 '19 at 17:55
@Guy if you put the create table statement here would be easier help you. — Rodney Salcedo, May 02 '19 at 20:28

dspillai · Answer 1 · 2019-05-03T09:29:23.657

0

Can you try this?

$sql="INSERT INTO products (ptitle, pprice, pdesc, modal, pcate, image,feat,uid,edate) VALUES ('$title', $price,'$desc','$modal',$cate,'$file_name',0,$_SESSION["uid"],'$edate')";

EDIT:- I have updated the code. I could see you data has a combination of both int and varchar. Try to not use quotes for int and keep quotes for varchar types.

edited May 03 '19 at 09:29

answered May 02 '19 at 18:10

dspillai

171
6

Why haven't you done the error reporting aynber suggested in the comments to your OP and posted it if you don't know what to do with it? – Chris White May 02 '19 at 19:39
Why would removing the backticks resolve the issue? – user3783243 May 02 '19 at 19:49
@user3783243 Becaus the table of data consist the combination of both int and varchar types. I have updated the line. – dspillai May 03 '19 at 09:30
I meant on the column listings. The only thing that would do is possibly make it not work. Also quoting/non-quoting integers is not an issue. Mysql will cast. `$_SESSION["uid"]` is an additional issue. – user3783243 May 03 '19 at 14:20

score 0 · Answer 2 · answered May 03 '19 at 09:37

Use below code and post error here so we can resolve that

$sql="INSERT INTO `products`(`ptitle`, `pprice`, `pdesc`, `modal`, `pcate`, `image`,`feat`,`uid`,`edate`) VALUES ('".$title."',".$price.",'".$desc."',".$modal.",".$cate.",'".$file_name."',0,".$_SESSION["uid"].",'".$edate."')";
$result=mysqli_query($con,$sql) or die(mysqli_error($con));

I can't insert information into mysql database using php

2 Answers2