-3

I've been recently working on my course work and stuck with the problem.

The case is this: User makes a request of an art work from the website HTML, input data such as UserID for who the art must be made is needed to include into SQL table, but it gives an error that I can't modify a foreign key that it takes from session data

This is the error it displays and the code itself

errorCannot add or update a child row: a foreign key constraint fails (project work.arts, CONSTRAINT arts_ibfk_1FOREIGN KEY (For_UserID) REFERENCESusers(UserID`))

  <?php
    session_start();
    $genre=$_POST['genre'];
    $ext=$_POST['ext'];
    $desc=$_POST['desc'];
    $conn= new mysqli("127.0.0.1", "root", "","project work") or die ("Can't connect to db");

    if (($genre!="") and ($ext!="") and ($desc!="")) {

    $query= "INSERT INTO `Arts` (`Genre`,`Extension`,`Description`,`For_UserID`,`Is_Done`) 

    VALUES ('$genre','$ext','$desc','{$_SESSION['UserID']}','0')";

    if ($conn->query($query)== TRUE)    
        echo "Succesfully!" ;   
    else  die('error' .$conn->error);
    }
    else echo "Fill all the fields, please!";
    ?>

Is there a way to avoid this error?

MusterHere
  • 35
  • 5
  • 2
    [How can I prevent SQL injection in PHP?](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1) – brombeer Apr 19 '20 at 16:01
  • **Warning:** Your code is vulnerable to SQL Injection attacks. You should use parameterised queries and prepared statements to help prevent attackers from compromising your database by using malicious input values. http://bobby-tables.com gives an explanation of the risks, as well as some examples of how to write your queries safely using PHP / mysqli. **Never** insert unsanitised data directly into your SQL. The way your code is written now, someone could easily steal, incorrectly change, or even delete your data. – ADyson Apr 19 '20 at 16:04
  • **Never** get your web app to login to the database as root. Root can do whatever it likes, so on top of the SQL injection vulnerabilities this just leaves your database an open book for hackers. Instead create a separate user account specifically for this application which has only the permissions it actually _needs_ in order to work properly. Don't even use the root account as a shortcut during development or testing, because you need to test your account permissions as well - otherwise when you go live you might have unexpected errors relating to the user account setup. – ADyson Apr 19 '20 at 16:04
  • Anyway, you need to check the value in `$_SESSION['UserID']`, and then check that your users table has a row containing that ID. The error is telling you that there isn't a matching ID in the users table. So either you haven't created that value in the database, and/or the value stored in the Session is incorrect / missing. – ADyson Apr 19 '20 at 16:07

1 Answers1

1

This error only means that the For_UserID entered as an input is not a valid (existing) UserID of your table 'users'. For instance, if there are 3 users in your table 'users' with respective ids 1,2,3, and you try to enter id 4 for who the art must be made, it will throw this error, because your table 'arts_ibfk_1' has a foreign key related to this table 'users'.

Rootkeek
  • 35
  • 4