Facing mysqli_query problems when update/insert data into mysql

Question

I'm having trouble when I try to update/insert data into MySQL. I have the following insert.php file:

<?php  
 include 'conn.php'; // MySQL Connection

 if(!empty($_POST))  
 {  
      $output = '';  
      $message = '';  
      $domn_doamna = mysqli_real_escape_string($connect, $_POST["domn_doamna"]);  
      $nume = mysqli_real_escape_string($connect, $_POST["nume"]);  
      $prenume = mysqli_real_escape_string($connect, $_POST["prenume"]);  
      $cnp = mysqli_real_escape_string($connect, $_POST["cnp"]);  
      $oras = mysqli_real_escape_string($connect, $_POST["oras"]);  
      $judet = mysqli_real_escape_string($connect, $_POST["judet"]);  
      $strada = mysqli_real_escape_string($connect, $_POST["strada"]);  
      $numar = mysqli_real_escape_string($connect, $_POST["numar"]);  
      $bloc = mysqli_real_escape_string($connect, $_POST["bloc"]);  
      $scara = mysqli_real_escape_string($connect, $_POST["scara"]);  
      $etaj = mysqli_real_escape_string($connect, $_POST["etaj"]);  
      $apartament = mysqli_real_escape_string($connect, $_POST["apartament"]);  
      $telefon = mysqli_real_escape_string($connect, $_POST["telefon"]);  
      $email = mysqli_real_escape_string($connect, $_POST["email"]);  
      $serie_ci = mysqli_real_escape_string($connect, $_POST["serie_ci"]);  
      $nr_ci = mysqli_real_escape_string($connect, $_POST["nr_ci"]);  
      $ci_eliberat_de = mysqli_real_escape_string($connect, $_POST["ci_eliberat_de"]);  
      $data_eliberare_ci = mysqli_real_escape_string($connect, $_POST["data_eliberare_ci"]);  
      $data_cerere = mysqli_real_escape_string($connect, $_POST["data_cerere"]);  
      $email_bc = mysqli_real_escape_string($connect, $_POST["email_bc"]);  
      $telefon_bc = mysqli_real_escape_string($connect, $_POST["telefon_bc"]);  
      $info = mysqli_real_escape_string($connect, $_POST["info"]);  
      $ce_doreste = mysqli_real_escape_string($connect, $_POST["ce_doreste"]);  
      $status = mysqli_real_escape_string($connect, $_POST["status"]);  

      if($_POST["employee_id"] != '')  
      {  

           $query = "UPDATE `clienti_existenti` SET `domn_doamna` = '$domn_doamna',`nume` = '$nume',`prenume` = '$prenume',`cnp` = '$cnp',`oras` = '$oras',`judet` = '$judet',`strada` = '$strada',`numar` = '$numar',`bloc` = '$bloc',`scara` = '$scara',`etaj` = '$etaj',`apartament` = '$apartament',`telefon` = '$telefon',`email_client` = '$email',`serie_ci` = '$serie_ci',`nr_ci` = '$nr_ci',`ci_eliberat_de` = '$ci_eliberat_de',`data_eliberare_ci` = '$data_eliberare_ci',`data_adaugare` = '$data_cerere',`email_bc` = '$email_bc',`telefon_bc` = '$telefon_bc',`info` = '$info',`ce_doreste` = '$ce_doreste',`status` = '$status' WHERE `id` = '".$_POST["employee_id"]."' ";  
           $message = 'Data Updated';

      }  
      else  
      {  

           $query = "INSERT INTO `clienti_existenti`  (`domn_doamna`,`nume,`prenume`,`cnp`,`oras`,`judet`,`strada`,`numar`,`bloc`,`scara`,`etaj`,`apartament`,`telefon`,`email_client`,`serie_ci`,`nr_ci`,`ci_eliberat_de`,`data_eliberare_ci`,`data_adaugare`,`email_bc`,`telefon_bc`,`info`,`ce_doreste`,`status`) VALUES ('$domn_doamna','$nume','$prenume','$cnp','$oras','$judet','$strada','$numar','$bloc','$scara','$etaj','$apartament','$telefon','$email','$serie_ci','$nr_ci','$ci_eliberat_de','$data_eliberare_ci','$data_cerere','$email_bc','$telefon_bc','$info','$ce_doreste','$status') ";  
           $message = 'Data Inserted';  

      }  



      echo $connect;

      if (mysqli_query($connect, $query))  //############# HERE IT`S STOPING !!!
      {  

           $output .= '<label class="text-success">' . $message . '</label>';  
           $select_query = "SELECT * FROM clienti_existenti ORDER BY id DESC";  
           $result = mysqli_query($connect, $select_query);  

           $output .= '  
                <table class="table table-bordered">  
                     <tr>  
                         <th width="10%">Nume</th>
                         <th width="10%">Prenume</th>
                         <th width="10%">Telefon</th>
                         <th width="10%">Suma</th>
                         <th width="10%">Avans</th>
                         <th width="10%">Status</th>
                         <th width="10%">Adaugat</th>

                         <th width="10%" class="text-center">Editeaza</th>
                         <th width="10%" class="text-center">Vizualizeaza</th>
                         <th width="10%" class="text-center">Documente</th>
                         </tr> 
           ';  
           while($row = mysqli_fetch_array($result))  
           {  

                $output .= '  
                    <tr>  
                              <td>'.$row["nume"].'</td>  
                              <td>'.$row["prenume"].'</td>
                              <td>'.$row["telefon"].'</td>
                              <td>'.$row["suma_ct"].'</td>
                              <td>'.$row["avans_ct"].'</td>
                              <td>'.$row["status"].'</td>
                              <td>'.$row["data_adaugare"].'</td>
            <td class="text-center"><input type="button" name="edit" value="Editeaza" id="'.$row["id"].'" class="btn btn-info btn-xs edit_data" /></td>  
            <td class="text-center"><input type="button" name="view" value="Vizualizeaza" id="'.$row["id"].'" class="btn btn-info btn-xs view_data" /></td> 
            <td class="text-center"><input type="button" name="documente" value="Documente" id="'.$row["id"].'" class="btn btn-info btn-xs view_data" /></td>

                         </tr> 

                ';  
           }  
           $output .= '</table>';  
      }  

      echo $output;  
 }  
 ?>

and the conn.php:


    <?php
$connect = mysqli_connect("localhost", "sbdc", "sbdc", "sbdc");
?>

For some reason I get blank page and nothing is updated/inserted in mysql DB... somehow it's stopped around echo $connect; and doesn't want to execute if line , the output result for echo p$connect;` is:

Recoverable fatal error: Object of class mysqli could not be converted to string.

Could anyone help me out please ? Thank you very much.

**WARNING**: When using `mysqli` you should be using [parameterized queries](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add user data to your query. **DO NOT** use manual escaping and string interpolation or concatenation to accomplish this because you will invariably create severe [SQL injection bugs](http://bobby-tables.com/). Accidentally unescaped data is a serious risk. Using bound parameters is less verbose and easier to review to check you’re doing it properly. — tadman, Mar 20 '20 at 23:15
Note: The [object-oriented interface to `mysqli`](https://www.php.net/manual/en/mysqli.quickstart.connections.php) is significantly less verbose, making code easier to read and audit, and is not easily confused with the obsolete `mysql_query` interface where missing a single `i` can cause trouble. Example: `$db = new mysqli(…)` and `$db->prepare("…")` The procedural interface is an artifact from the PHP 4 era and should not be used in new code. — tadman, Mar 20 '20 at 23:16
If you're just getting started with PHP and want to build applications, I'd strongly recommend looking at various [development frameworks](https://www.cloudways.com/blog/best-php-frameworks/) to see if you can find one that fits your style and needs. They come in various flavors from lightweight like [Fat-Free Framework](https://fatfreeframework.com/) to far more comprehensive like [Laravel](http://laravel.com/). These give you concrete examples to work from and guidance on how to write your code and organize your project's files. — tadman, Mar 20 '20 at 23:16

score 0 · Answer 1 · answered Mar 20 '20 at 23:05

0

You cannot echo the $connect, since it is a mysqli object to a MySQL server and not a string.

You have assigned return value from mysqli_connect() to the `$connect, and return value is an object.

Remove this line echo $connect; and it should fix the issue.

answered Mar 20 '20 at 23:05

Nikola Kirincic

3,651
1
24
28

Removed the line as you said but still geting blank page :( and nothing happened. – Mircea Ispasoiu Mar 20 '20 at 23:12

Facing mysqli_query problems when update/insert data into mysql

1 Answers1