-1

Looking for help please. I'm new to php and my course needs me to save form data to an sql database. I have the below code which creates my error message "Something went wrong". I'm studying online and my lecturer is less than useless at helping. Can anyone tell me where I am going wrong please?

My database reads and writes ok elsewhere..

<?php

$page_title = "Login Page";

session_start();

include('header.php');
require_once("validation_functions.php");
require_once('functions.php');
require_once('connection.php');

// Check if form was submitted
if (isset($_POST['submit'])) {

    // Remove whitespace from beginning and end of values
    $title = trim($_POST["Title"]);
    $director = trim($_POST["Director"]);
    $producer = trim($_POST["Producer"]);
    $running_time = trim($_POST["Running"]);
    $starring = trim($_POST["Starring"]);
    $distributor = trim($_POST["Distributor"]);

    // Escape strings and filter input to prevent SQL injection
    $title = mysqli_real_escape_string($connection, $title);
    $director = mysqli_real_escape_string($connection, $director);
    $producer = mysqli_real_escape_string($connection, $producer);
    $starring = mysqli_real_escape_string($connection, $starring);
    $distributor = mysqli_real_escape_string($connection, $distributor);
    $running_time = intval($running_time);

    if (isset($_POST["Rel"])) { $release = $_POST["Rel"]; }
    if (isset($_POST["Genre"])) { $genre = $_POST["Genre"]; }
    if (isset($_POST["Rating"])) { $rating = $_POST["Rating"]; }

    $form_errors = false;

    // Check if fields are blank
    if (is_blank($title) || is_blank($director) || is_blank($producer) || is_blank($release) || is_blank($running_time) || is_blank($starring) || is_blank($distributor)) {
        $blank_message = "<p class='error-msg'>All fields are required.</p>";
        $form_errors = true;
    }

    // Check if running time is a valid number
    if (isset($running_time) && !filter_var($running_time, FILTER_VALIDATE_INT)) {
        $number_message = "<p class='error-msg'>Running time is not a valid number.</p>";
        $form_errors = true;
    }

    // Check if movie already exists
    if (record_exists("SELECT * FROM Movie WHERE Movie.Title = '{$title}'")) {
        $exists_message = "<p class='error-msg'>This movie already exists in the database.</p>";
        $form_errors = true;
    }


    if ($form_errors == false) {

        $insert_movie = "INSERT INTO Movie (Title, Director, Producer, Rel, Running, GenreID, Starring, Distributor, Rating) VALUES ('{$title}', '{$director}', '{$producer}', '{$release}', '{$running_time}'', '{$genre}', '{$starring}', '{$distributor}', '{$rating}')";

        if (mysqli_query($connection, $insert_movie)) {
            $movie_id = mysqli_insert_id($connection);


            $success_message = "<p class='success-msg'>The movie has been successfully added to the database.</p>";
        }
        else {
            $error_message = "<p class='error-msg'>Something went wrong. Please try again.</p>";
        }
    }
}

//php code ends here 
?>


     <!--    // PUT ERRORS HERE-->
<?php if (isset($blank_message)) { echo $blank_message; } ?>
<?php if (isset($number_message)) { echo $number_message; } ?>
<?php if (isset($date_message)) { echo $date_message; } ?>
<?php if (isset($exists_message)) { echo $exists_message; } ?>
<?php if (isset($success_message)) { echo $success_message; } ?>
<?php if (isset($error_message)) { echo $error_message; } ?>

      <form action="<?php htmlspecialchars($_SERVER['PHP_SELF']); ?>" method="post" enctype="multipart/form-data" id="movieinput">
          Title:<br>
          <input type="text" name="Title" placeholder="e.g. Aliens" data-validation="required" value="<?php if (isset($title)) { echo $title; } ?>"><br>
          Director:<br>
          <input type="text" name="Director" placeholder="e.g. Ridley Scott" data-validation="required" value="<?php if (isset($director)) { echo $director; } ?>"><br>
          Producer:<br>
          <input type="text" name="Producer" placeholder="e.g. Gale Ann Hurd" data-validation="required" value="<?php if (isset($producer)) { echo $producer; } ?>"><br>
          Release Date:<br>
          <input type="date" name="Rel" format="yyyy/mm/dd" value="<?php if (isset($date)) { echo $date; } ?>"><br>
          Running Time (mins):<br>
          <input type="number" pattern=".{1,3}" name="Running" placeholder="e.g. 137" data-validation="required" value="<?php if (isset($running)) { echo $running; } ?>"><br>
          Genre:<br><select name="Genre" value="<?php if (isset($genre)) { echo $genre; } ?>"><br>>
            <option value="drama" name="drama">Drama</option>
            <option value="documentary" name ="documentary">Documentary</option>
            <option value="scifi" name="scifi" selected>Sci-Fi</option>
            <option value="comedy" name="comedy">Comedy</option>
              <option value="biopic" name ="biopic">Biopic</option>
              <option value="horror" name="horror">Horror</option>
    </select><br>
          Starring:<br>
          <input type="text" name="Starring" placeholder="e.g. Sigourney Weaver, Michael Biehn, William Hope" value="<?php if (isset($starring)) { echo $starring; } ?>"><br>
          Distributor:<br>
          <input type="text" name="Distributor" placeholder="e.g. 20th Century Fox" data-validation="required" value="<?php if (isset($distributor)) { echo $distributor; } ?>"><br>
          Rating:<br><select name="Rating" value="<?php if (isset($rating)) { echo $rating; } ?>"><br>>>
          <option
            value="one">1
          </option>
          <option
            value="two">2
          </option>
          <option
            value="three">3
          </option>
          <option
            value="four">4
          </option>
          <option
            value="five">5
          </option>
          </select><br>
          <br>
          <input type="submit" name="submit" value="Submit"/>
      </form>




<script> </script>

Jimmeh
  • 1

3 Answers3

0

You are using SQL database from php and using mysqli_query() function to insert which would definitely not work. You have to use PDO. to access SQL database. Connect to SQL Server through PDO using SQL Server Driver

https://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=0ahUKEwjk4MS-w-HRAhUPR48KHbLaAIMQFggdMAE&url=http%3A%2F%2Fphp.net%2Fmanual%2Fen%2Fref.pdo-dblib.php&usg=AFQjCNGG9EMmNv41NHQfjhpapjqhugBYQA

Community
  • 1
  • 1
Shubhranshu
  • 511
  • 3
  • 12
0
>  $insert_movie = "INSERT INTO Movie (Title, Director, Producer, Rel,
> Running, GenreID, Starring, Distributor, Rating) VALUES ('{$title}',
> '{$director}', '{$producer}', '{$release}', '{$running_time}'',
> '{$genre}', '{$starring}', '{$distributor}', '{$rating}')";

use this instead of

>  $insert_movie = "INSERT INTO Movie (Title, Director, Producer, Rel,
> Running, GenreID, Starring, Distributor, Rating) VALUES ('$title',
> '$director', '$producer', '$release', '$running_time', '$genre',
> '$starring', '$distributor', '$rating')";
Vikas Umrao
  • 2,800
  • 1
  • 15
  • 23
nick
  • 1
  • 1
0

In this case, some of the below possibility will cause this issue.

  1. Input type is mismatch with column data type in database table.
  2. Required parameter to be used to insert into the table.

One suggestion to ensure that there is no issue in INSERT query. Just print the insert statement in browser and execute that manually in DB.

    $insert_movie = "INSERT INTO Movie (Title, Director, Producer, Rel, Running, GenreID, Starring, Distributor, Rating) VALUES ('{$title}', '{$director}', '{$producer}', '{$release}', '{$running_time}'', '{$genre}', '{$starring}', '{$distributor}', '{$rating}')";

    echo $insert_movie; exit;

Try this and will continue the debugging if there is no issue in insert statement.

Cheers!

Sudhagar Chelladurai
  • 1