Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Can not execute insert query?

Tags:

php

mysql

Can you help me solve this problem? im trying to insert data to my database but instead of inserting it die() output; appears

<?php
    if (isset($_GET['submit'])) {
        $item_code = mysqli_real_escape_string($conn, $_GET['item_code']);
        $item_name = mysqli_real_escape_string($conn, $_GET['item_name']);
        $supplier = mysqli_real_escape_string($conn, $_GET['supplier_name']);
        $brand = mysqli_real_escape_string($conn, $_GET['brand_name']);
        $quantity = mysqli_real_escape_string($conn, $_GET['quantity']);
        $unit = mysqli_real_escape_string($conn, $_GET['unit_name']);
        $price = mysqli_real_escape_string($conn, $_GET['price']);
        $item_type = mysqli_real_escape_string($conn, $_GET['type_name']);
        $category = mysqli_real_escape_string($conn, $_GET['cat_name']);

        if ($item_code == '' || $item_name == '' || $supplier == '' || $brand == '' ||
            $quantity == '' ||
            $unit == '' ||
            $price == '' ||
            $item_type == '' ||
            $category == ''
        ) {
            header("Location: item.php?attempt=empty");
        } else {
            $sql = mysqli_query($conn, "INSERT INTO itemlist (item_name,supplier_name,brand_name,quantity,unit_name,price,type_name,cat_name)    values('$item_name','$supplier','$brand','$quantity','$unit','$price','$item_type','$category')")

            or die("Could not execute the insert query.");
            header("Location: item.php?attempt=saved");
        }
    } 
?>
like image 670
MACKIE MACKO Avatar asked Oct 18 '22 09:10

MACKIE MACKO


2 Answers

I just notice things:

  • Why use GET method to pass data instead of POST?
  • You can use empty() instead of == ''
  • You can try prepared statement rather than escaping and sanitizing each submitted data
  • What is the purpose of $_GET['item_code']? You did not use it in your insert, but it is in your if() condition.

Assuming you changed your form from GET to POST method:

if (isset($_POST['submit'])) {

    if(empty($_POST['item_code']) || empty($_POST['item_name']) || empty($_POST['supplier_name']) || empty($_POST['brand_name']) || empty($_POST['quantity']) || empty($_POST['unit_name']) || empty($_POST['price']) || empty($_POST['type_name']) || empty($_POST['cat_name'])){

        header("Location: item.php?attempt=empty");

    } else {

        $stmt = $conn->prepare("INSERT INTO itemlist (item_code, item_name, supplier_name, brand_name, quantity, unit_name, price, type_name, cat_name) VALUES (?, ?, ?, ?, ?, ?, ?, ?)");
        $stmt->bind_param("sssssssss", $_POST['item_code'], $_POST['item_name'], $_POST['supplier_name'], $_POST['brand_name'], $_POST['quantity'], $_POST['unit_name'], $_POST['price'], $_POST['type_name'], $_POST['cat_name']);
        $stmt->execute();
        $stmt->close();

        header("Location: item.php?attempt=saved");
    }
} 

Remember, one empty data will go inside the if() condition and execute the header("Location: item.php?attempt=empty");.

like image 177
Logan Wayne Avatar answered Oct 21 '22 04:10

Logan Wayne


1) Add item_code in your insert query.

<?php
    if (isset($_GET['submit'])) {
        $item_code = mysqli_real_escape_string($conn, $_GET['item_code']);
        $item_name = mysqli_real_escape_string($conn, $_GET['item_name']);
        $supplier = mysqli_real_escape_string($conn, $_GET['supplier_name']);
        $brand = mysqli_real_escape_string($conn, $_GET['brand_name']);
        $quantity = mysqli_real_escape_string($conn, $_GET['quantity']);
        $unit = mysqli_real_escape_string($conn, $_GET['unit_name']);
        $price = mysqli_real_escape_string($conn, $_GET['price']);
        $item_type = mysqli_real_escape_string($conn, $_GET['type_name']);
        $category = mysqli_real_escape_string($conn, $_GET['cat_name']);

        if ($item_code == '' || $item_name == '' || $supplier == '' || $brand == '' ||
            $quantity == '' ||
            $unit == '' ||
            $price == '' ||
            $item_type == '' ||
            $category == ''
        ) {
            header("Location: item.php?attempt=empty");
        } else {
            $sql = mysqli_query($conn, "INSERT INTO itemlist (item_code,item_name,supplier_name,brand_name,quantity,unit_name,price,type_name,cat_name)    values('$item_code','$item_name','$supplier','$brand','$quantity','$unit','$price','$item_type','$category')")

            or die("Could not execute the insert query.");
            header("Location: item.php?attempt=saved");
        }
    } 
?>

2) Another way to solve it is to define your item_code as primary key.

3) Other way is to define item_code with any default value like 0.

like image 39
RJParikh Avatar answered Oct 21 '22 04:10

RJParikh