Insertion to database is unsuccessful and no redirection to pages php mysql

Question

Hello and good day everyone.

I'm about to ask a silly question, but I couldn't find the cause of the error in it which is why it's frustrate me for a week already. I have a form containing 100 inputs. There's not much problem with the input form but the php side is the one that I'm having problem with.

My php code looks fine, but upon submission, it's only echo "Error" instead of redirecting me back to my form page if error occur. Can anyone shows me what I have done wrong with my php code?

addreport.php

<?php
 session_start();

 if(empty($_SESSION['user'])){
  header ("Location:../index.php");
 }


require_once("../db.php");

if(isset($_POST)){
 
 $stmt = $conn->prepare("INSERT INTO iir_incidentmain(user_id, incident_title, incident_description, witness, incident_date, incident_year, incident_month, monsoon, holiday, incident_time, time_hourly, time_category, 
 project_facility_logistic, country, state, onshoreoffshore, incident_location, incident_worksite, vessel, incident_type, incident_category, accident_type, day_lost_time, estimated_cost, actual_cost, spill_voll, 
 production_loss, production_unit, downtime, impact_to, division, department, business_group, business_section, opus, domestic_international, project_name, section, project_phase, project_start_date, project_end_date , 
 contractor, sub_contractor, name, nationality, age_number, age_range, gender, work_trade, years_of_experience, imm_supervisor_name, desc_of_injury, body_part, body_part_group, hours_in_shift, days_in_tour, hse_risk, 
 critical_activity, sub_critical, hazard, hazard_number, sub_hazard, sub_hazard_no, failed_missing_barrier, ic_description1, precondition1, uauc1, ic_description2, precondition2, uauc2, ic_description3, precondition3, 
 uauc3, ic_description4, precondition4, uauc4, root_cause_latern_failure1, root_cause_latern_failure2, root_cause_latern_failure3, root_cause_latern_failure4, brf1, brf2, brf3, brf4, latitude, longitude, 
 immediateaction, person_responsible, completion_date, permanentaction, person_responsible1, completion_date1, managementaction, person_responsible2, completion_date2, ratingperson, ratingenvironment, ratingasset, 
 ratingreputation, ratingsecurity, report_status, file)
 VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)");

 $stmt->bind_param("isssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss", $_SESSION['id'], $incident_title, $incident_description, $witness, $incident_date, $incident_year, 
 $incident_month, $monsoon, $holiday, $incident_time, $time_hourly, $time_category, $project_facility_logistic, $country, $state, $onshoreoffshore, $incident_location, $incident_worksite, $vessel, $incident_type, 
 $incident_category, $accident_type, $day_lost_time, $estimated_cost, $actual_cost, $spill_voll, $production_loss, $production_unit, $downtime, $impact_to, $division, $department, $business_group, $business_section, 
 $opus, $domestic_international, $project_name, $section, $project_phase, $project_start_date, $project_end_date , $contractor, $sub_contractor, $name, $nationality, $age_number, $age_range, $gender, $work_trade, 
 $years_of_experience, $imm_supervisor_name, $desc_of_injury, $body_part, $body_part_group, $hours_in_shift, $days_in_tour, $hse_risk, $critical_activity, $sub_critical, $hazard, $hazard_number, 
 $sub_hazard, $sub_hazard_no, $failed_missing_barrier, $ic_description1, $precondition1, $uauc1, $ic_description2, $precondition2, $uauc2, $ic_description3, $precondition3, $uauc3, $ic_description4, 
 $precondition4, $uauc4, $root_cause_latern_failure1, $root_cause_latern_failure2, $root_cause_latern_failure3, $root_cause_latern_failure4, $brf1, $brf2, $brf3, $brf4, $latitude, $longitude, $immediateaction, 
 $person_responsible, $completion_date, $permanentaction, $person_responsible1, $completion_date1, $managementaction, $person_responsible2, $completion_date2, $ratingperson, $ratingenvironment, $ratingasset, 
 $ratingreputation, $ratingsecurity, $report_status, $file);

$incident_title = mysqli_real_escape_string($conn, $_POST['incident_title']);
$incident_description = mysqli_real_escape_string($conn, $_POST['incident_description']); 
$witness = mysqli_real_escape_string($conn, $_POST['witness']);
$incident_date = mysqli_real_escape_string($conn, $_POST['incident_date']);
$incident_year =  mysqli_real_escape_string($conn, $_POST['incident_year']);
$incident_month = mysqli_real_escape_string($conn, $_POST['incident_month']);
$monsoon = mysqli_real_escape_string($conn, $_POST['monsoon']);
$incident_time = mysqli_real_escape_string($conn, $_POST['incident_time']); 
$time_hourly = mysqli_real_escape_string($conn, $_POST['time_hourly']); 
$time_category = mysqli_real_escape_string($conn, $_POST['time_category']);
$holiday = mysqli_real_escape_string($conn, $_POST['holiday']);
$incident_location = mysqli_real_escape_string($conn, $_POST['incident_location']);
$latitude = mysqli_real_escape_string($conn, $_POST['latitude']); 
$longitude = mysqli_real_escape_string($conn, $_POST['longitude']);
$incident_worksite = mysqli_real_escape_string($conn, $_POST['incident_worksite']);
$onshoreoffshore = mysqli_real_escape_string($conn, $_POST['onshoreoffshore']); 
$sector = mysqli_real_escape_string($conn, $_POST['sector']);
$department = mysqli_real_escape_string($conn, $_POST['department']); 
$business_group = mysqli_real_escape_string($conn, $_POST['business_group']);  
$business_section = mysqli_real_escape_string($conn, $_POST['business_section']); 
$country = mysqli_real_escape_string($conn, $_POST['country']);
$state = mysqli_real_escape_string($conn, $_POST['state']);  
$opus = mysqli_real_escape_string($conn, $_POST['opus']);  
$vessel = mysqli_real_escape_string($conn, $_POST['vessel']);
$project_name = mysqli_real_escape_string($conn, $_POST['project_name']);
$project_type = mysqli_real_escape_string($conn, $_POST['project_type']); 
$project_phase = mysqli_real_escape_string($conn, $_POST['project_phase']); 
$project_start_date = mysqli_real_escape_string($conn, $_POST['project_start_date']); 
$project_end_date= mysqli_real_escape_string($conn, $_POST['project_end_date']); 
if($_POST['contractor']=="ifothers")
 {
  $contractor = mysqli_real_escape_string($conn, $_POST['contractor2']);
 }
 else
 {
  $contractor = mysqli_real_escape_string($conn, $_POST['contractor']);
 }

$sub_contractor = mysqli_real_escape_string($conn, $_POST['sub_contractor']); 
$incident_type = mysqli_real_escape_string($conn, $_POST['incident_type']); 
$incident_category = mysqli_real_escape_string($conn, $_POST['incident_category']);
$accident_type = mysqli_real_escape_string($conn, $_POST['accident_type']);
$name = mysqli_real_escape_string($conn, $_POST['injuriousname']);
$nationality = mysqli_real_escape_string($conn, $_POST['nationality']);
$age_number = mysqli_real_escape_string($conn, $_POST['age']);
$age_range = mysqli_real_escape_string($conn, $_POST['agerange']);
$gender = mysqli_real_escape_string($conn, $_POST['gender']);
$work_trade = mysqli_real_escape_string($conn, $_POST['worktrades']);
$years_of_experience = mysqli_real_escape_string($conn, $_POST['yearsexp']);
$imm_supervisor_name = mysqli_real_escape_string($conn, $_POST['supervisor']);
$desc_of_injury = mysqli_real_escape_string($conn, $_POST['injuries_description']);
$body_part = mysqli_real_escape_string($conn, $_POST['bodypart']);
$body_part_group = mysqli_real_escape_string($conn, $_POST['bodypartgroup']);
$hours_in_shift = mysqli_real_escape_string($conn, $_POST['hoursinshift']);
$days_in_tour = mysqli_real_escape_string($conn, $_POST['daysintour']);
$day_lost_time = mysqli_real_escape_string($conn, $_POST['daylosttime']);
$estimated_cost = mysqli_real_escape_string($conn, $_POST['estimatedcost']);
$actual_cost = mysqli_real_escape_string($conn, $_POST['actualcost']);
$spill_vol = mysqli_real_escape_string($conn, $_POST['spillvolume']);
$production_loss = mysqli_real_escape_string($conn, $_POST['productionloss']);
if($_POST['productionunit']=="OTHER")
 {
  $production_unit = mysqli_real_escape_string($conn, $_POST['productionunit2a']);
 }
 else
 {
  $production_unit = mysqli_real_escape_string($conn, $_POST['productionunit']);
 }
$downtime = mysqli_real_escape_string($conn, $_POST['downtime']);
$impact_to = mysqli_real_escape_string($conn, $_POST['impactto']);
$hse_risk = mysqli_real_escape_string($conn, $_POST['hserisks']);
$critical_activity = mysqli_real_escape_string($conn, $_POST['critical_activity']);
$sub_critical = mysqli_real_escape_string($conn, $_POST['sub_activity']);
$hazard = mysqli_real_escape_string($conn, $_POST['hazard']);
$hazard_number = mysqli_real_escape_string($conn, $_POST['hazardnumber']);
$sub_hazard = mysqli_real_escape_string($conn, $_POST['subhazard']);
$sub_hazard_no = mysqli_real_escape_string($conn, $_POST['subhazardnumber']);
$failed_missing_barrier = mysqli_real_escape_string($conn, $_POST['barrier']);
$ic_description1 = mysqli_real_escape_string($conn, $_POST['ic_description1']);
$precondition1 = mysqli_real_escape_string($conn, $_POST['precondition1']);
$uauc1 = mysqli_real_escape_string($conn, $_POST['uauc1']);
$root_cause_latern_failure1 = mysqli_real_escape_string($conn, $_POST['ic_description1']);
$brf1 = mysqli_real_escape_string($conn, $_POST['riskfactor1']);
$ic_description2 = mysqli_real_escape_string($conn, $_POST['ic_description2']);
$precondition2 = mysqli_real_escape_string($conn, $_POST['precondition2']);
$uauc2 = mysqli_real_escape_string($conn, $_POST['uauc2']);
$root_cause_latern_failure2 = mysqli_real_escape_string($conn, $_POST['ic_description2']);
$brf2 = mysqli_real_escape_string($conn, $_POST['riskfactor2']);
$ic_description3 = mysqli_real_escape_string($conn, $_POST['ic_description3']);
$precondition3 = mysqli_real_escape_string($conn, $_POST['precondition3']);
$uauc3 = mysqli_real_escape_string($conn, $_POST['uauc3']);
$root_cause_latern_failure3 = mysqli_real_escape_string($conn, $_POST['ic_description3']);
$brf3 = mysqli_real_escape_string($conn, $_POST['riskfactor3']);
$ic_description4 = mysqli_real_escape_string($conn, $_POST['ic_description4']);
$precondition4 = mysqli_real_escape_string($conn, $_POST['precondition4']);
$uauc4 = mysqli_real_escape_string($conn, $_POST['uauc4']);
$root_cause_latern_failure4 = mysqli_real_escape_string($conn, $_POST['ic_description4']);
$brf4 = mysqli_real_escape_string($conn, $_POST['riskfactor4']);
$immediateaction = mysqli_real_escape_string($conn, $_POST['immediateaction']);
$person_responsible = mysqli_real_escape_string($conn, $_POST['person_responsible']);
$completion_date = mysqli_real_escape_string($conn, $_POST['completion_date']);
$permanentaction = mysqli_real_escape_string($conn, $_POST['permanentaction']);
$person_responsible1 = mysqli_real_escape_string($conn, $_POST['person_responsible1']);
$completion_date1 = mysqli_real_escape_string($conn, $_POST['completion_date1']);
$managementaction = mysqli_real_escape_string($conn, $_POST['managementaction']);
$person_responsible1 = mysqli_real_escape_string($conn, $_POST['person_responsible2']);
$completion_date2 = mysqli_real_escape_string($conn, $_POST['completion_date2']);
$ratingperson = mysqli_real_escape_string($conn, $_POST['ratingperson']);
$ratingenvironment = mysqli_real_escape_string($conn, $_POST['ratingenvironment']);
$ratingasset = mysqli_real_escape_string($conn, $_POST['ratingasset']);
$ratingreputation = mysqli_real_escape_string($conn, $_POST['ratingreputation']);
$ratingsecurity = mysqli_real_escape_string($conn, $_POST['ratingsecurity']);
$report_status = mysqli_real_escape_string($conn, $_POST['report_status']);

$total = count($_FILES['file']['name']);
 for( $i=0 ; $i < $total ; $i++ ){
  $tmpFilePath = $_FILES['file']['tmp_name'][$i];

  if ($tmpFilePath != ""){
   $newFilePath = "../uploads/attachment" . $_FILES['file']['name'][$i];

    //Upload the file into the temp dir
      if(move_uploaded_file($tmpFilePath, $newFilePath)) {

        echo "Uploads success";
  
  } else {
   echo "Failed to upload";
   header ("Location: newentry.php");
   exit();
  } 

 }
}

if ($stmt->execute()){
 $_SESSION ['reportSuccess']= true;
 header("Location: index.php");

 exit();
} else {
 echo "Error";
}
 
 $stmt->close();

}else 
 header ("Location: newentry.php");

exit();

?>

What the result looks after submit button is clicked

You have no logic that *would* redirect; you're hitting the `else` statement that just has `echo "Error"` in it and nothing else. Maybe add a `header()` redirect in there as well if you want to redirect upon error. — Obsidian Age, Dec 16 '19 at 02:51
You will need to check the error reported by the engine. `echo $conn->error;` there for details. You should NOT call `mysqli_real_escape_string()` on values passed as bound parameters to a mysqli statement. The `?` params are sufficient already, and escaping them will alter the data stored in the table beyond your intent. — Michael Berkowski, Dec 16 '19 at 02:51
@MichaelBerkowski I don't actually get what you're trying to explain. I'm sorry for that part — Wan Nur Azyan, Dec 16 '19 at 03:03
Why are you using both a prepared statement *and* `mysqli_real_escape_string()` for? — Funk Forty Niner, Dec 16 '19 at 03:42
@FunkFortyNiner should I just use only one of it? May I know the right way to do it? Since I just learn to code based on example — Wan Nur Azyan, Dec 16 '19 at 05:00
Does this answer your question? [mysqli\_fetch\_assoc() expects parameter / Call to a member function bind\_param() errors. How to get the actual mysql error and fix it?](https://stackoverflow.com/questions/22662488/mysqli-fetch-assoc-expects-parameter-call-to-a-member-function-bind-param) — Progman, Dec 16 '19 at 10:06
@WanNurAzyan Are you sure you want to create one table with that many columns? It looks like your table is not normalized, see https://stackoverflow.com/questions/1102590/what-exactly-does-database-normalization-do. When you have a column name with a prefix or index (like numbers), it is an indication that your tables are not normalized. — Progman, Dec 16 '19 at 10:09
@WanNurAzyan In your code, you correctly call `prepare()/bind_param()/execute()`. There is no need to call `mysqli_real_escape_string()` - that should be used only when executing raw SQL queries with regular PHP variables but is superfluous and sometimes harmful when used on top of `prepare()/bind_param()/execute()`. You should remove all the calls to `mysqli_real_escape_string()` — Michael Berkowski, Dec 16 '19 at 14:21
The other and more immediate part of my comment was to replace `echo "Error"` with `echo $conn->error;`. MySQLi will store any errors from the database engine in that property and that will give you some clues as to what failed here. It is challenging to assemble code with so many input parameters as you have. It's easy to lose count. — Michael Berkowski, Dec 16 '19 at 14:22

Insertion to database is unsuccessful and no redirection to pages php mysql

0 Answers0