Saqib Malik Saqib Malik - 1 year ago 80
CSS Question

Query always outputs Probmlem

Does anyone know what the problem in this query is, everytime i fill the form it outouts the script "Problem!"

if(isset($_POST['submit'])){
//getting the text data from the fields
$title = $_POST['title'];
$cat= $_POST['cat'];
$desc = $_POST['desc'];
$qty = $_POST['qty'];
$price = $_POST['price'];
$status = $_POST['status'];



//getting the image from the field
$image = $_FILES['image']['name'];
$image_tmp = $_FILES['image']['tmp_name'];

move_uploaded_file($image_tmp,"images/drinks/$image");


$insert_product = "insert into drinks (title,cat,image,desc,qty,price,status) values ('$title','$cat','$image','$desc','$qty','$price','$status')";

$insert_pro = mysqli_query($con, $insert_product);

if($insert_pro){

echo "<script>alert('Drink Has been inserted!')</script>";
echo "<script>window.open('index.php?viewdrink','_self')</script>";

}
else{
echo "<script>alert('Problem!')</script>";
}
}


how can improve this code to make it work.

Answer Source

DESC is a MySQL reserved word, it must be wrapped in ticks if you want to keep on using that column's name.

$insert_product = "insert into drinks (title,cat,image,`desc`,qty,price,status)....";

Having used mysqli_error($con) on the query (in the else{...}), it would have signaled the syntax error.

You're also open to an SQL injection. Use a prepared statement.

If that still fails, make sure that there is no character being inserted that will cause an injection and that all arrays contain value. In any case, you should be escaping all values inserted in your database.

Use PHP's error reporting:

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download