mysqli Prepare Insert statement not working

Question

I'm switching over to php prepare statements for a website of mine and I can't seem to get the insert to work. I have no errors back from this, it just doesn't put data into the database. I've followed a video tutorial on this and I've checked for spelling etc and thats all ok, plus the db connection is ok, as it works everywhere else through the site.

PHP:

function insertCategory() {
    global $conn;
    // Check for submit
    if (isset($_POST['submit'])) {
        $cat_title_submit = $_POST['cat_title'];
        // Check we have a cat title
        if ($cat_title_submit == "" || empty($cat_title_submit)) {
            echo "The category cannot be blank";
        } else {
            // Insert Category
            $q1stmt = mysqli_prepare($conn, "INSERT INTO categories (cat_title) VALUES (?)");
            mysqli_stmt_bind_param($q1stmt, "s", $cat_title_submit);
            mysqli_stmt_execute($q1stmt);
            // Check query was run
            if (!$q1stmt) {
                die("Insert Category Failed: ". mysqli_error($conn));
            }
        }
    }
}

HTML:

<!--Add Category-->
<?php insertCategory(); ?>
<div class="col-xs-6">
   <form action="" method="post">
      <div class="form-group">
         <label for="cat_title">Add Category</label>
         <input name="cat_title" type="text" class="form-control" />
      </div>
      <div class="form-group">
         <input name="submit" type="submit" class="btn btn-primary" value="Add Category" />
      </div>
   </form>
</div>

It is a very bad idea to use `die(mysqli_error($conn));` in your code, because it could potentially leak sensitive information. See this post for more explanation: [mysqli or die, does it have to die?](https://stackoverflow.com/a/15320411/1839439) — Dharman, Oct 27 '19 at 22:44
At the moment I'm just following a tutorial and learning the ropes - so I'm just following what I'm taught - once I know a bit more I'll start reading up on security and what not - but thanks for the heads up :) — Web Develop Wolf, Oct 27 '19 at 22:46
I think you misunderstood. You can't see the errors with what you are doing. You need to remove that `if` statement and enable mysqli exceptions. [How to get the error message in MySQLi?](https://stackoverflow.com/a/22662582/1839439) — Dharman, Oct 27 '19 at 22:48
You're checking the wrong thing, in the wrong place. Your `if (!$q1stmt) { ...` test will check whether the prepare failed, not whether the query succeeded, and should happen immediately after the call to `mysqli_prepare`. To check whether the query succeeded, you need wrap the `mysqli_stmt_execute` call in a test i.e. `if (mysqli_stmt_execute($q1stmt)) { ... ` — Nick, Oct 27 '19 at 22:53
Thanks @Nick turns out data was too long for the column - doh! Thanks! Pop it in as the answer if you like and I'll mark it :) — Web Develop Wolf, Oct 27 '19 at 22:56
@WebDevelopWolf I'm not sure the answer would help anyone relative to the dupe, so I'll just close as a dupe, or you can just delete. Your choice... — Nick, Oct 27 '19 at 22:57
@Phil - Can you go over the comments here? It appears that the dupe you chose to close the question with, doesn't address the real issue, being their column length was too short. I feel it should be reopened, then revoted to close as a typographical error. — Funk Forty Niner, Oct 27 '19 at 23:09
@FunkFortyNiner I voted too, for the duplicate. They would not see the typographical error if not for the error reporting. The duplicate is correct in my opinion. — Dharman, Oct 27 '19 at 23:44

mysqli Prepare Insert statement not working

0 Answers0