My php Post values cannot be Transferred to my MySQL Database. Whenever I echo my get the values but cannot insert the values into my Mysql Datab

Question

$department = $_POST['Department'];
$street=$_POST['streetaddress'];
$qualification=$_POST['Qualification'];
$Nmc=$_POST['Nmc'];
$day=$_POST['day'];
$month=$_POST['month'];
$year=$_POST['year'];
$date = "{$year}-{$month}-{$day}";
$BloodType=$_POST['Bloodtype'];
$dataFile= $_FILES ['dataFile'] ['name'];
$photo_size=$_FILES['dataFile']['size'];
$photo_type=$_FILES['dataFile']['type'];

if($photo_size<500000 && $photo_type=="image/jpeg" || $photo_type=="image/jpg" || $photo_type=="image/png" || $photo_type=="image/gif"){
    $explode_values=explode('.',$dataFile);
    $frontuniquename=sha1($explode_values[0].time());
    $final_photo_name=$frontuniquename.'.'.$explode_values[1];
    if(move_uploaded_file($_FILES['dataFile']['tmp_name'],"../images/Doctor/".$final_photo_name)){
        $sql= " INSERT INTO doctor_details (`ContactNumber`, `Qualification`, `Department`, `Nmc_regd_no`, `Did`, `Age`, `weight`, `Bloodtype`, `photo`, `Date`) 
                    VALUES ('$contact_no','$qualification', '$department','$Nmc','$id,'$age','$weight','$BloodType','$final_photo_name','$date')";
    }

My php Post values cannot be Transferred to my MySQL Database. Whenever I echo my get the values but cannot insert the values into my Mysql Database.

There is nothing in your code that's actually querying a database at all — GrumpyCrouton, Jul 24 '18 at 16:19
Do you ever do anything with `$sql`? (You also will be open to SQL injections. You should parameterize the query) — user3783243, Jul 24 '18 at 16:19
I have used all the variables to Insert into my Mysql Database table called doctor_details. The code executes properly without any error, The file I uploaded gets stored properly in the defined folder but no any data is passed with the Insert Statement. — Retesh Thapa, Jul 24 '18 at 16:36
we have no way of knowing which api is used to connect with and if you executed the query at all; that is what @GrumpyCrouton said/meant in the comment above. — Funk Forty Niner, Jul 24 '18 at 16:41
Please post a complete example. You have defined `$sql`, but I do not see that you have actually _used_ it. I would expect to see something like `$stmt = $dbh->prepare($sql); $stmt->execute()` or `$dbh->exec($sql)` or perhaps `mysqli_query($dbh, $sql)` — hunteke, Jul 24 '18 at 16:52
if(mysqli_query($conn, $sql)) { echo"

Successfully Saved !
"; } After the $sql I have used the code above to execute It. — Retesh Thapa, Jul 24 '18 at 17:09

score 0 · Answer 1 · answered Jul 24 '18 at 17:02

Several points to your code to improve it: 1. All variables that should go to the db have to be escaped. Depending on your DB it could be done different ways. For example for MySQL: http://php.net/manual/en/function.mysql-real-escape-string.php

Your limitation of the file size won't be applied to image/jpg image/png and image/gif. You should group all OR conditions: A && (B || C || D)

And as sad in the comments your code isn't send any requests to server. MySQL INSERT, as an example, can be performed like following: https://www.w3schools.com/php/php_mysql_insert.asp

My php Post values cannot be Transferred to my MySQL Database. Whenever I echo my get the values but cannot insert the values into my Mysql Datab

1 Answers1