-1

I'm trying something new and at the same time practicing PHP. I have checked all the previous posts on StackOverflow and couldn't find the solution. I'm trying to insert some data into the database using PHP and PhpMyAdmin. Now the problem I'm facing is that the data from the database can be displayed (SELECT FROM) if I enter the data manually. When I try to insert data into the database dynamically using PHP example:

$sql = "INSERT INTO apps (appName, appDescription, appLinkFacebook, appLinkInstagram, appLinkPlaystore, appLinkWeb,appGoogleGamesIcon, appFullImageNameBackground, appFullImageNameIcon) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?);";

I get no errors and I also get a success message that is supposed to show after the INSERT command was finished. The images I'm trying to insert are also successfully created inside designated folders and their names are also displayed in the right way. I already checked all the input fields names from the form, all the links and spelling a just can't seem to find the problem. I also tried using INSERT command while using the database on localhost and on a remote server and still nothing. If anyone has an idea on what to do please tell. Thanks

Here is the full source code of my upload.php file.

    <?php
    if (isset($_POST['btnUpload'])) {
    $newFileNameCardBackground = $_POST['imgNameCardBackground'];
    if (empty($newFileNameCardBackground)) {
        $newFileNameCardBackground = "card_background";
    } else {
        $newFileNameCardBackground = strtolower(str_replace(" ", "-", $newFileNameCardBackground));
    }

    $newFileNameCardIcon = $_POST['imgNameCardIcon'];
    if (empty($newFileNameCardIcon)) {
        $newFileNameCardIcon = "card_icon";
    } else {
        $newFileNameCardIcon = strtolower(str_replace(" ", "-", $newFileNameCardIcon));
    }

    $appName = $_POST['appName'];
    $appDescription = $_POST['appDescription'];

    $appLinkFacebook = $_POST['appLinkFacebook'];
    $appLinkInstagram = $_POST['appLinkInstagram'];
    $appLinkPlaystore = $_POST['appLinkPlaystore'];
    $appLinkWeb = $_POST['appLinkWeb'];

    $appGoogleGamesIcon = $_POST['appGoogleGamesIcon'];

    $fileCardBackground = $_FILES['fileCardBackground'];
    $fileNameCardBackground = $fileCardBackground["name"];
    $fileTypeCardBackground = $fileCardBackground["type"];
    $fileTempNameCardBackground = $fileCardBackground["tmp_name"];
    $fileErrorCardBackground = $fileCardBackground["error"];
    $fileSizeCardBackground = $fileCardBackground["size"];
    $fileCardBackgroundExtension = explode(".", $fileNameCardBackground);
    $fileCardBackgroundActualExtension = strtolower(end($fileCardBackgroundExtension));

    $fileCardIcon = $_FILES['fileCardIcon'];
    $fileNameCardIcon = $fileCardIcon["name"];
    $fileTypeCardIcon = $fileCardIcon["type"];
    $fileTempNameCardIcon = $fileCardIcon["tmp_name"];
    $fileErrorCardIcon = $fileCardIcon["error"];
    $fileSizeCardIcon = $fileCardIcon["size"];
    $fileCardIconExtension = explode(".", $fileNameCardIcon);
    $fileCardIconActualExtension = strtolower(end($fileCardIconExtension));

    $allowed = array("jpeg", "jpg", "png", "JPEG", "JPG", "PNG");

    if (in_array($fileCardBackgroundActualExtension, $allowed) && in_array($fileCardIconActualExtension, $allowed)) {
        if ($fileErrorCardBackground === 0 && $fileErrorCardIcon === 0) {

            $imageFullNameCardBackground = $newFileNameCardBackground . "." . uniqid("", true) . "." . $fileCardBackgroundActualExtension;
            $fileDestinationCardBackground = "../../img/card_background/" . $imageFullNameCardBackground;

            $imageFullNameCardIcon = $newFileNameCardIcon . "." . uniqid("", true) . "." . $fileCardIconActualExtension;
            $fileDestinationCardIcon = "../../img/card_logo/" . $imageFullNameCardIcon;

            include 'connection.php';

            if (empty($appName) && empty($appDescription) && empty($appGoogleGamesIcon)) {
                header("Location: ../../admin/admin-main.php?upload=SelectedFields-MUST-NOT-BeEmpty");
                exit();
            } else {
                $sql = "SELECT * FROM apps;";
                $statement = mysqli_stmt_init($conn);
                if (!mysqli_stmt_prepare($statement, $sql)) {
                    echo "SQL statment failed";
                } else {
                    mysqli_stmt_execute($statement);
                    $result = mysqli_stmt_get_result($statement);
                    $rowCount = mysqli_num_rows($result);

                    $sql = "INSERT INTO apps (appName, appDescription, appLinkFacebook, appLinkInstagram, appLinkPlaystore, appLinkWeb,
                        appGoogleGamesIcon, appFullImageNameBackground, appFullImageNameIcon) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?);";

                    if (!mysqli_stmt_prepare($statement, $sql)) {
                        echo "SQL statment failed";
                    } else {
                        mysqli_stmt_bind_param(
                            $statement,
                            "sssssssss",
                            $appName,
                            $appDescription,
                            $appLinkFacebook,
                            $appLinkInstagram,
                            $appLinkPlaystore,
                            $appLinkWeb,
                            $appGoogleGamesIcon,
                            $appFullImageNameBackground,
                            $appFullImageNameIcon
                        );
                        mysqli_stmt_execute($statement);

                        move_uploaded_file($fileTempNameCardBackground, $fileDestinationCardBackground);
                        move_uploaded_file($fileTempNameCardIcon, $fileDestinationCardIcon);

                        header("Location: ../../admin/admin-main.php?upload=success");
                    }
                }
            }
        } else {
            echo "You have an error";
            exit();
        }
    } else {
        echo "Yopu need to upload a proper file type";
        exit();
    }
}

So to sum it up sql SELECT is working when I enter the data manually, images are where they are supposed to be under the right name and there are no errors.

Thanks :D

Dharman
  • 30,962
  • 25
  • 85
  • 135
BigBoiVladica
  • 181
  • 1
  • 12
  • The number of variables and length of string types must match the parameters in the statement - https://www.php.net/manual/en/mysqli-stmt.bind-param.php - You have 9 in your `INSERT` statement and 11 in your `mysqli_stmt_bind_param`. – JBES Jun 05 '19 at 22:59
  • Look SQL error, try to dump variables if there is what you expect, etc... basic debugging. – pavel Jun 05 '19 at 23:00
  • 1
    @JBES: no, there is 9 bind params, it's okay (1st param is statement, 2nd is data types and then there is 9 bind params) – pavel Jun 05 '19 at 23:00
  • 1
    You don't check the result of your bind or execute. Do it and look for errors. – miken32 Jun 05 '19 at 23:03
  • 1
    Also, as others are saying, you are not actually checking for success during the process. `mysqli_stmt_bind_param` will return true on success as will `mysqli-stmt.execute`. See https://www.php.net/manual/en/mysqli-stmt.execute.php and the link above. – JBES Jun 05 '19 at 23:07
  • Note: The [object-oriented interface to `mysqli`](https://www.php.net/manual/en/mysqli.quickstart.connections.php) is significantly less verbose, making code easier to read and audit, and is not easily confused with the obsolete `mysql_query` interface where missing a single `i` can cause trouble. Example: `$db = new mysqli(…)` and `$db->prepare("…")` The procedural interface is largely an artifact from the PHP 4 era when `mysqli` API was introduced and should not be used in new code. – tadman Jun 05 '19 at 23:10
  • "even though success message is shown" - but you **never** check what is returned by `mysqli_stmt_execute(...)` in the code above. – symcbean Jun 05 '19 at 23:39

1 Answers1

1

Found the problem by using this command above my sql statement. Everything works now. Thanks for your help.

mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
BigBoiVladica
  • 181
  • 1
  • 12