-4

I have created a function called set_title(), which is used to set the title and description in the database I don't know where I was wrong 

         function set_title($file,$title = "",$description = ""){
           $pathinfo = pathinfo($file);
           $file = $pathinfo['basename'];
           if ($title == "") {
           $title = ucfirst($pathinfo['filename']);
            }
            if ($description !== "") {
            $description = mb_substr($description, 0, 150);
            }
           $sql = "SELECT file, title ,description FROM title  WHERE file = '$file'";
           $con = new mysqli('localhost','root','','jbstore');
           $result = $con->query($sql);
           if($result->num_rows > 0){
             $data = $result->fetch_assoc();
               if($data['description'] == ""){
                 $sql = "INSERT INTO title (description) VALUES('$description')";
                 $con->query($sql);
               }
           }elseif ($result->num_rows == 0) {
             $sql = "INSERT INTO title (file,title,description) VALUES ('$file','$title',$description)";
             $result = $con->query($sql);
           }
         }

I expected it insert data into database but nothing happens

samad
  • 43
  • 2
  • 6
  • 1
    have you tested if those ```IFs``` are being executed? – LukeDS May 21 '19 at 08:38
  • Change the ```elseif``` to just ```else```, maybe ```$result->num_rows``` is returning a ```NULL``` value which means your code has a chance of not executing – LukeDS May 21 '19 at 08:42
  • 1
    Are there any errors? (If not, [have you enabled error reporting](https://stackoverflow.com/a/5438125)?) Have you checked which paths in your code are ran (for example by logging a specific text?) If so is the path you expect it to be? If not have you checked what the value is you are using in your if-statements? – Ivar May 21 '19 at 08:44
  • 1
    Also you should really use prepared statements. You are very likely vulnerable to [SQL-Injection](https://www.owasp.org/index.php/SQL_Injection). Please see [How can I prevent SQL injection in PHP?](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Ivar May 21 '19 at 08:45
  • IFs are not executing – samad May 21 '19 at 09:16

1 Answers1

0

Some issue in code. 

 $sql = "INSERT INTO title (file,title,description) VALUES ('$file','$title',$description)";

Here $description will work as INT val.

add $description with quote('')

 $sql = "INSERT INTO title (file,title,description) VALUES ('$file','$title','$description')";
Shivendra Singh
  • 2,986
  • 1
  • 11
  • 11