0

I've created a form, database table, etc. on my local machine but the data is not getting inserted. If I run print the sql query and pasted it in PHP myadmin then it's inserting the values. Can anyone guide me in identifying the issue in not inserting the values into the databas? Following is my code:

Don't look the values of POST. They are coming fine. The issue must be in a PHP code that's what I think. 

$hlr2RegQty=$_POST['txtHLR2Reg'];
$hlr2MicroQty=$_POST['txtHLR2Micro'];
$hlr2NanoQty=$_POST['txtHLR2Nano'];

$hlr3RegQty=$_POST['txtHLR3Reg'];
$hlr3MicroQty=$_POST['txtHLR3Micro'];
$hlr3NanoQty=$_POST['txtHLR3Nano'];
$count= $hlr1RegQty+$hlr2RegQty+$hlr3RegQty+$hlr1MicroQty+$hlr2MicroQty+$hlr3MicroQty+$hlr1NanoQty+$hlr2NanoQty+$hlr3NanoQty;

$conn=mysql_connect('localhost','root','');

mysql_select_db('prime_comm', $conn);

$query="INSERT INTO `prime_comm`.`newsim`(`Invoice No`, `HLR-1`, `HLR-2`, `HLR-3`, `HLR-4`, `MICRO-1`, `MICRO-2`, `MICRO-3`, `NANO-1`, `NANO-2`, `NANO-3`, `Total Count`, `Amount`, `VAT`) 
            VALUES( $invoiceNo, $hlr1RegQty,$hlr2RegQty,$hlr3RegQty,0,$hlr1MicroQty,$hlr2MicroQty,$hlr3MicroQty,$hlr1NanoQty,$hlr2NanoQty,$hlr3NanoQty,$count, 0,0)";
$flag = mysql_query($query);
?>
PHPLover
  • 1
  • 51
  • 158
  • 311
  • 3
    Warning: that code is vulnerable to sql injection. Yo should stop using the deprecated old mysql extension in php. Switch to the newer mysqli extension or PDO and start using "prepared statements". – arkascha Feb 12 '14 at 07:39
  • 2
    use `$flag = mysql_query($query) or die(mysql_error());` to diagnose problem – Iłya Bursov Feb 12 '14 at 07:39
  • @arkascha: I'm anewbie to this database connectivity so I've used the above approach. Can you please correct my error in the above code please? – PHPLover Feb 12 '14 at 07:40
  • You do no sort of error handling whatsoever. How do you expect to find the error then? Start listening to mysql telling you what error it runs into. Also: dump the statement and run it manually. – arkascha Feb 12 '14 at 07:40

5 Answers5

1

First of all, you are vulnerable to SQL injection. This is a serious security hole.

Second, you need to put the values in '

Like that ($value must first be sanitized with mysql_real_escape_string or similar) :

'$value'
Lorenz
  • 2,179
  • 3
  • 19
  • 18
1

Try also looking at the error message that you're now ignoring.

$flag = mysql_query($query) or die(mysql_errno() . ' ' . mysql_error());

This will give you more of an insight into what is wrong with your query. Also try to sanitize your input, since people can just perform SQL injection in your database.

Kurt Du Bois
  • 7,550
  • 4
  • 25
  • 33
1

you better check your connection first

$check = mysql_connect('localhost', '', '');
    if (!$check) {
        die('Could not connect: ' . mysql_error());
    }

If you dont get that error message, try to var_dump() all your data that you want to insert to see if it's null.

HarryIsBack
  • 40
  • 3
0

try putting single quotes around the variables;

$query="INSERT INTO `prime_comm`.`newsim`(`Invoice No`, `HLR-1`, `HLR-2`, `HLR-3`, `HLR-4`, `MICRO-1`, `MICRO-2`, `MICRO-3`, `NANO-1`, `NANO-2`, `NANO-3`, `Total Count`, `Amount`, `VAT`) 
            VALUES( '$invoiceNo', '$hlr1RegQty', '$hlr2RegQty', '$hlr3RegQty', 0, '$hlr1MicroQty', '$hlr2MicroQty', '$hlr3MicroQty', '$hlr1NanoQty', '$hlr2NanoQty', '$hlr3NanoQty', '$count', 0,0)";

Also, never assume post data is what you expect it to be, or clean/safe, as this is wide open to sql injection. I also recommend using mysqli_* functions over mysql_* functions, which are deprecated in the newer versions of PHP. Hope this helps :)

flauntster
  • 2,008
  • 13
  • 20
0

Try like this:

mysql_query("INSERT INTO  tablename (row-name-1, row-name-2)
values({$variable1}, {$variable2})");

You should be using mysqli_query, else you're vurnable to msql injections!

STP38
  • 348
  • 2
  • 14