Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Data not getting into MySql Database

I've read some related question regarding my problem but I still can't figure it out. So I decided to ask now.

I'd like to know if there is something wrong with my code. Basically, the data in the input boxes should get into the database( MYSQL ) but everytime I click the submit button, nothing is happening.

Code: insert_product.php <-- main page

<!DOCTYPE html>
<?php
include("includes/db.php");
?>
<html>
    <head>

    </head>
<script src="//cdn.tinymce.com/4/tinymce.min.js"></script>
 <script>tinymce.init({ selector:'textarea' });</script>

<body bgcolor="#aad6bb">
    <form action="insert_product.php" method="post" enctype="multipart/form-data">
        <table align="center" width="600" border='1' bgcolor='#d6aac5'>

            <tr align="center">
                <td colspan='8'><h2>Inser New Post Here</h2></td>   
            </tr>

            <tr >
                <td align="right"> <b>Product Name:<b></td>
                <td><input type='text'name="product_name" size='50'/></td>
            </tr>

            <tr>
                <td align="right"><b> Product Description</b></td>
                <td><textarea name="product_desc" cols='20' rows='10'></textarea></td>
            </tr>

            <tr>
                <td align="right"> <b>Product Price:</b></td>
                <td><input type='text'name="product_price"/></td>
            </tr>

            <tr>
                <td align="right"><b> Product Quantity:</b></td>
                <td><input type='text'name="product_quantity"/></td>
            </tr>

            <tr>
                <td align="right"> <b>Product Category:</b></td>
                <td><select name="product_cat">
                        <option>Select Category</option>
                        <?php
                            $get_cats = "Select * from categories";
                            $run_cat = mysqli_query($con, $get_cats);
                            while ($row_cats=mysqli_fetch_array($run_cat)){
                            $cat_id = $row_cats['cat_id'];
                            $cat_title = $row_cats['cat_title'];
                            echo"<option value='$cat_id'>$cat_title</option>";
                            }
                        ?>
                </select>
                </td>
            </tr>


            <tr>
                <td align="right"> <b>Product Image:</b></td>
                <td><input type='file' name="product_img"/></td>
            </tr>

            <tr>
                <td align="right"> <b>Product Keywords:</b></td>
                <td><input type='text' size="40" name="product_kw"/></td>
            </tr>
            <tr  align='center'>
                <td colspan='8'><input type='submit'name="insert_post" value="Insert Product"/></td>
            </tr>

        </table>


    </form>
</body>
</html>
<?php
    if(isset($_POST['insert_post'])){
//GETTING DATA FROM THE FIELD
        $product_name= $_POST['product_name'];
        $product_desc= $_POST['product_desc'];
        $product_price= $_POST['product_price'];
        $product_quantity= $_POST['product_quantity'];
        $product_cat= $_POST['product_cat'];
        $product_kw= $_POST['product_kw'];
//GETTING IMAGE FROM THE FIELD
        $product_img = $_FILES['product_img']['name'];
        $product_img_tmp = $_FILES['product_img']['tmp_name'];

        move_uploaded_file($product_img_tmp, "product_images/$product_img");

        $insert_product = "insert into item (product_name,product_desc,product_price,product_quantity,product_cat,product_img,keywords)
         values ('ItemName','ItemDesc',ItemPrice,ItemQty,'ItemCat','ItemImg','keywords')" OR die(mysql_error());


         $insert_prod = mysqli_query($con, $insert_product);
         if($insert_prod){

            echo "<script>alert('SUCCESS')</script>";
            echo "<script>window.open('insert_product.php','self')</script>";
         }//END OF IF(INSERT_PROD)
}
?>  

db.php <-- For connection

   <?php
$con = mysqli_connect("localhost","root","","ecommerce");
?>

Table from the database (Name is ecommerce) is item In my item table: ItemID Primary and AI ItemName ItemDesc ItemPrice ItemQty ItemCat ItemImg keywords

NOTE: I'm aware that my code is vulnerable for SQL Injection attacks. But I'm still a beginner and focusing on connection with HTML and PHP stuffs :)

like image 404
KingsmanX Avatar asked Dec 27 '15 13:12

KingsmanX


1 Answers

You just don't insert your variables.

While you've declared you are just practicing, I'll ignore SQL-injection vulnerability.

$insert_product = "insert into item (product_name,product_desc,product_price,product_quantity,product_cat,product_img,keywords)
         values ('$product_name', '$product_desc', $product_price, $product_quantity, '$product_cat', '$product_img', '$product_kw')" OR die(mysql_error());
like image 164
Aycan Yaşıt Avatar answered Sep 30 '22 13:09

Aycan Yaşıt