Form fails to insert data into my database

Question

I'm trying to send a simple title to my database, but for some reason it keeps giving me this error:

> Error: INSERT INTO `formular` (`idFormular`, `idUser`, `Nume`) VALUES (NULL, 'qwe', 'Test1');
Column 'idformular' cannot be null

I've tried to change the insert function many times but nothing worked. This is the code I'm using:

<?php

session_start();
include 'connections.php';
$name = $_POST['nume'];
$id = $_SESSION['username'];

$name = stripcslashes($name);
$name = mysqli_real_escape_string($con, $name);

$sql = "INSERT INTO `formular` (`idFormular`, `idUser`, `Nume`) VALUES (NULL, '$id', '$name');";

if ($con->query($sql) === true) {
    $sql1 = "SELECT idFormular FROM `formular` WHERE idUser=$id AND Nume='$name';";
    $result = mysqli_query($con, $sql1);
    $row = mysqli_fetch_array($result, MYSQLI_ASSOC);
    $idForm = $row["idFormular"];
    $_SESSION["idForm"] = $idForm;
    header("Location:Forms.php", true, 301);
    exit();
} else {
    echo "Error: " . $sql . "<br>" . $con->error;
}

$con->close();

If this helps this the table I'm trying to insert it into:

**Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) — Dharman, May 31 '21 at 12:35

score 1 · Answer 1 · edited May 29 '21 at 20:29

1

The error has been introduced by yourself.

This is the query your wrote:

INSERT INTO `formular` (`idFormular`, `idUser`, `Nume`) VALUES (NULL, 'qwe', 'Test1');

The reported error message is:

Column 'idformular' cannot be null

So, it is absolutely clear: The field idFormular is a key on your table, and you are passing a NULL value!.

What you have to do is to declare idFormular as AUTO_INCREMENT and reimplement you code as in the example at https://www.php.net/manual/en/mysqli.insert-id.php.

Here an example on how you should rewrite the relevant part of your code:

mysqli_query($con, "INSERT INTO `formular` ( `idUser`, `Nume` ) VALUES ( 'qwe', 'Test1' )" );
$idForm = mysqli_insert_id($con);

edited May 29 '21 at 20:29

Dharman

30,962
25
85
135

answered May 29 '21 at 15:09

Antonio Petricca

8,891
5
36
74

ok, i did correct that paranthesis, but now it doesn't like the mysql_query function? Fatal error: Uncaught Error: Call to undefined function mysql_query() in D:\xamp\htdocs\pw\CreateNewForm.php:10 Stack trace: #0 {main} thrown in D:\xamp\htdocs\pw\CreateNewForm.php on line 10 – YelloTwist May 29 '21 at 15:36
@YelloTwist I fixed all the typos in this answer. – Dharman May 29 '21 at 20:31

Form fails to insert data into my database

1 Answers1