By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
435,157 Members | 1,001 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 435,157 IT Pros & Developers. It's quick & easy.

Row Added But No Data Inserted?

P: 22
Hi. Please excuse my noobiness, but I'm new to PHP. My problem is data was not inserted into the database but PHP didn't return any error. Row was added since there was a new ID number, but then the rest of the columns are blanks and Sequence No and Date inserted 0's(zeros) instead of the real data. Could you kindly please check my code for any discrepancies? Please also check the images attached. Thanks.

***PROCESS PAGE***

Expand|Select|Wrap|Line Numbers
  1. <?php include("includes/db_connect.php"); ?>
  2. <?php require_once("includes/functions.php"); ?>
  3.  
  4. <html>
  5. <head><title>Add Equipment</title></head>
  6.  
  7. <body>
  8. <h3>Please review the data before finally submitting to the database.</h3>
  9. <h3>Press the back button of your browser if you want to edit the data.</h3>
  10. <h3>Press the submit button to submit it to the database.</h3><hr>
  11. <br />
  12. <?php
  13.  
  14.     $equipname = $_POST['equipname'];
  15.     $manufacturer = $_POST['manufacturer'];
  16.     $serno = $_POST['serno'];
  17.     $modelno = $_POST['modelno'];
  18.     $capacity = $_POST['capacity'];
  19.     $curloc = $_POST['curlocation'];
  20.     $equipcode = $_POST['equipcode'];
  21.     $seqno = $_POST['seqno'];    
  22.     $addDate = $_POST['dateYr']. "-";
  23.     $addDate .= $_POST['dateMO']. "-";
  24.     $addDate .= $_POST['dateDay'];
  25.  
  26.     echo "Equipment Name : <b>{$equipname}</b><br />";
  27.     echo "Manufacturer : <b>{$manufacturer}</b><br />";
  28.     echo "Serial No. : <b>{$serno}</b><br />";
  29.     echo "Model No. : <b>{$modelno}</b><br />";
  30.     echo "Capacity/Range : <b>{$capacity}</b><br />";
  31.     echo "Current Location : <b>{$curloc}</b><br />";
  32.     echo "Equipment Code : <b>{$equipcode}</b><br />";
  33.     echo "Sequence No. : <b>{$seqno}</b><br />";
  34.     echo "Date Added : <b>{$addDate}</b>";
  35. ?>
  36. <hr>
  37. <form action="adddata.php" method="POST">
  38. <input type="submit" name="submit" id="submit" value="Submit"></form>
  39.  
  40. </body></html>
  41. <?php 
  42.     if (isset($equip_db)) {
  43.         mysqli_close($equip_db); 
  44.     }
  45. ?>
-------------

***ADDDATA***

Expand|Select|Wrap|Line Numbers
  1. <?php include("includes/db_connect.php"); ?>
  2. <?php require_once("includes/functions.php"); ?>
  3. <?php
  4.  
  5.     $equipname = $_POST['$equipname'];
  6.     $manufacturer = $_POST['$manufacturer'];
  7.     $serno = $_POST['$serno'];
  8.     $modelno = $_POST['$modelno'];
  9.     $capacity = $_POST['$capacity'];
  10.     $curloc = $_POST['$curlocation'];
  11.     $equipcode = $_POST['$equipcode'];
  12.     $seqno = $_POST['$seqno'];    
  13.     $addDate = $_POST['$dateYr'] ."-". $_POST['$dateMO'] ."-". $_POST['$dateDay'];
  14.  
  15.     $query_add = "INSERT INTO tblequipmentmasterlist (equipname, manufacturer, serno,
  16.                     modelno, capacity, curlocation, equipcode, seqno, adddate) 
  17.                     VALUES ('{$equipname}','{$manufacturer}','{$serno}','{$modelno}',
  18.                     '{$capacity}','{$curloc}','{$equipcode}','{$seqno}','{$addDate}')";
  19.  
  20.     if (mysqli_query($db_cxn, $query_add)) {
  21.         header ("Location: newequipment.php");
  22.         exit;
  23.         } else {
  24.             echo "<p>Data addition has failed. Please contact the site administrator.</p>";
  25.             echo "<p>" . mysqli_error($db_cxn) . "</p>";
  26.         }                
  27. ?>
  28. <?php 
  29.     if (isset($db_cxn)) {
  30.         mysqli_close($db_cxn); 
  31.     }
  32. ?>
Attached Images
File Type: jpg MainPage.jpg (63.9 KB, 110 views)
File Type: jpg MissingData.jpg (73.7 KB, 99 views)
File Type: jpg DataCheckBeforeDatabaseInsertion.jpg (66.9 KB, 102 views)
Sep 25 '11 #1

✓ answered by Dormilich

actually, I canít see anything odd in the material given. you may try var_dump($_POST) to check that all data are correctly passed.

additionally, the redirect may fail in adddata.php.

I may also note that there are no precautions against SQL Injection attacks.

Share this Question
Share on Google+
4 Replies


Dormilich
Expert Mod 5K+
P: 8,639
actually, I canít see anything odd in the material given. you may try var_dump($_POST) to check that all data are correctly passed.

additionally, the redirect may fail in adddata.php.

I may also note that there are no precautions against SQL Injection attacks.
Sep 25 '11 #2

P: 22
Thanks for the quick reply. I inserted a var_dump and a print_r to my ADDDATA script and they came up empty actually. It returned an error but when I checked my database, it added another row. I really don't understand it. And what do you mean by "no precautions against SQL injection attacks?" I've revised both my PROCESS and ADDDATA scripts. Also, I've attached some new images showing the results. Thanks.

PROCESS_STRING_ESCAPED
Expand|Select|Wrap|Line Numbers
  1. <?php include("includes/db_connect.php"); ?>
  2. <?php require_once("includes/functions.php"); ?>
  3.  
  4. <html>
  5. <head><title>Add Equipment</title></head>
  6.  
  7. <body>
  8. <h4>Please review the data before finally submitting to the database.</h4>
  9. <h4>Press the back button of your browser if you want to edit the data.</h4>
  10. <h4>Press the submit button to submit it to the database.</h4><hr>
  11. <br />
  12. <?php
  13.  
  14.     $equipname = mysqli_real_escape_string($db_cxn, $_POST['equipname']);
  15.     $manufacturer = mysqli_real_escape_string($db_cxn, $_POST['manufacturer']);
  16.     $serno = mysqli_real_escape_string($db_cxn, $_POST['serno']);
  17.     $modelno = mysqli_real_escape_string($db_cxn, $_POST['modelno']);
  18.     $capacity = mysqli_real_escape_string($db_cxn, $_POST['capacity']);
  19.     $curloc = mysqli_real_escape_string($db_cxn, $_POST['curlocation']);
  20.     $equipcode = mysqli_real_escape_string($db_cxn, $_POST['equipcode']);
  21.     $seqno = mysqli_real_escape_string($db_cxn, $_POST['seqno']);    
  22.     $addDate = mysqli_real_escape_string($db_cxn, $_POST['dateYr']). "-";
  23.     $addDate .= mysqli_real_escape_string($db_cxn, $_POST['dateMO']). "-";
  24.     $addDate .= mysqli_real_escape_string($db_cxn, $_POST['dateDay']);
  25.  
  26.     echo "Equipment Name : <b>{$equipname}</b><br />";
  27.     echo "Manufacturer : <b>{$manufacturer}</b><br />";
  28.     echo "Serial No. : <b>{$serno}</b><br />";
  29.     echo "Model No. : <b>{$modelno}</b><br />";
  30.     echo "Capacity/Range : <b>{$capacity}</b><br />";
  31.     echo "Current Location : <b>{$curloc}</b><br />";
  32.     echo "Equipment Code : <b>{$equipcode}</b><br />";
  33.     echo "Sequence No. : <b>{$seqno}</b><br />";
  34.     echo "Date Added : <b>{$addDate}</b>";
  35. ?>
  36. <hr>
  37. <form action="adddata.php" method="POST">
  38. <input type="submit" name="submit" id="submit" value="Submit"></form>
  39.  
  40. </body></html>
  41. <?php 
  42.     if (isset($db_cxn)) {
  43.         mysqli_close($db_cxn); 
  44.     }
  45. ?>
----------------

ADDDATA with VAR_DUMP and PRINT_R

Expand|Select|Wrap|Line Numbers
  1. <?php include("includes/db_connect.php"); ?>
  2. <?php require_once("includes/functions.php"); ?>
  3. <?php
  4.  
  5.     $equipname = $_POST['$equipname'];
  6.     $manufacturer = $_POST['$manufacturer'];
  7.     $serno = $_POST['$serno'];
  8.     $modelno = $_POST['$modelno'];
  9.     $capacity = $_POST['$capacity'];
  10.     $curloc = $_POST['$curlocation'];
  11.     $equipcode = $_POST['$equipcode'];
  12.     $seqno = $_POST['$seqno'];    
  13.     $addDate = $_POST['$dateYr'] ."-". $_POST['$dateMO'] ."-". $_POST['$dateDay'];
  14.  
  15.     $query_add = "INSERT INTO tblequipmentmasterlist (equipname, manufacturer, serno,
  16.                     modelno, capacity, curlocation, equipcode, seqno, adddate) 
  17.                     VALUES ('{$equipname}','{$manufacturer}','{$serno}','{$modelno}',
  18.                     '{$capacity}','{$curloc}','{$equipcode}','{$seqno}','{$addDate}')";
  19.  
  20.     if ($query_add != null) {
  21.         mysqli_query($db_cxn, $query_add);
  22.         echo "<pre>";
  23.         echo print_r($query_add);
  24.         echo var_dump($query_add);
  25.         echo "</pre>";
  26.         //header ("Location: newequipment.php");
  27.         exit;
  28.         } else {
  29.             echo "<p>Record was not added : ". $query_add.  " Please contact the site administrator.</p>";
  30.             echo "<p>" . mysqli_error($db_cxn) . "</p>";
  31.         }                
  32. ?>
  33. <?php 
  34.     if (isset($db_cxn)) {
  35.         mysqli_close($db_cxn); 
  36.     }
  37. ?>
Attached Images
File Type: jpg RowAddedNoData.jpg (39.0 KB, 102 views)
File Type: jpg VarDump.jpg (76.8 KB, 118 views)
Sep 25 '11 #3

Dormilich
Expert Mod 5K+
P: 8,639
I inserted a var_dump and a print_r to my ADDDATA script and they came up empty actually.
that is indicating that there is something wrong with your HTML form.

when I checked my database, it added another row.
even if the values are empty, they will be inserted.

besides that, did you really name the form elements like $eqipname?
Sep 26 '11 #4

P: 22
The problem is now resolved. What I did was do away with the ADDDATA page and just insert the record at the PROCESSFORM page, taking into account character escaping. It is now working as it should be. Here is my new code for the revised PROCESSFORM page. Thanks for the help.

NEW PROCESS FORM PAGE

Expand|Select|Wrap|Line Numbers
  1. <?php include("includes/db_connect.php"); ?>
  2. <?php require_once("includes/functions.php"); ?>
  3.  
  4. <?php
  5.  
  6.     $equipname = mysqli_real_escape_string($db_cxn, trim(htmlspecialchars($_POST['equipname'])));
  7.     $manufacturer = mysqli_real_escape_string($db_cxn, trim(htmlspecialchars($_POST['manufacturer'])));
  8.     $serno = mysqli_real_escape_string($db_cxn, trim(htmlspecialchars($_POST['serno'])));
  9.     $modelno = mysqli_real_escape_string($db_cxn, trim(htmlspecialchars($_POST['modelno'])));
  10.     $capacity = mysqli_real_escape_string($db_cxn, trim(htmlspecialchars($_POST['capacity'])));
  11.     $curloc = mysqli_real_escape_string($db_cxn, trim(strip_tags($_POST['curlocation'])));
  12.     $equipcode = mysqli_real_escape_string($db_cxn, trim(strip_tags($_POST['equipcode'])));
  13.     $seqno = mysqli_real_escape_string($db_cxn, trim(strip_tags($_POST['seqno'])));    
  14.     $addDate = mysqli_real_escape_string($db_cxn, trim(strip_tags($_POST['dateYr']))). "-";
  15.     $addDate .= mysqli_real_escape_string($db_cxn, trim(strip_tags($_POST['dateMO']))). "-";
  16.     $addDate .= mysqli_real_escape_string($db_cxn, trim(strip_tags($_POST['dateDay'])));
  17.  
  18.     $query_add = "INSERT INTO tblequipmentmasterlist (equipname, manufacturer, serno,
  19.                     modelno, capacity, curlocation, equipcode, seqno, adddate) 
  20.                     VALUES ('{$equipname}','{$manufacturer}','{$serno}','{$modelno}',
  21.                     '{$capacity}','{$curloc}','{$equipcode}','{$seqno}','{$addDate}')";
  22.  
  23.     if ($query_add != null) {
  24.         mysqli_query($db_cxn, $query_add);
  25.         echo "<pre>";
  26.         echo "<h4>You have successfully added the following records to the database : </h4>";
  27.         echo "<hr>";
  28.         echo "<br />";
  29.         echo "Equipment Name : <b>{$equipname}</b><br />";
  30.         echo "Manufacturer : <b>{$manufacturer}</b><br />";
  31.         echo "Serial No. : <b>{$serno}</b><br />";
  32.         echo "Model No. : <b>{$modelno}</b><br />";
  33.         echo "Capacity/Range : <b>{$capacity}</b><br />";
  34.         echo "Current Location : <b>{$curloc}</b><br />";
  35.         echo "Equipment Code : <b>{$equipcode}</b><br />";
  36.         echo "Sequence No. : <b>{$seqno}</b><br />";
  37.         echo "Date Added : <b>{$addDate}</b>";
  38.         //echo print_r($_POST);
  39.         //echo var_dump($_POST);
  40.         echo "</pre>";
  41.         echo "<hr>";
  42.         echo "<form action='newequipment.php' method='POST'>";
  43.         echo "<input type='submit' name='submit' id='submit' value='Continue' /></form>";
  44.         //header ("Location: processform_old.php");
  45.         //exit;
  46.         } else {
  47.             echo "<p>Record was not added : ". $query_add.  " Please contact the site administrator.</p>";
  48.             echo "<p>" . mysqli_error($db_cxn) . "</p>";
  49.         }                
  50. ?>
  51.  
  52. <?php 
  53.     if (isset($db_cxn)) {
  54.         mysqli_close($db_cxn); 
  55.     }
  56. ?>
Sep 26 '11 #5

Post your reply

Sign in to post your reply or Sign up for a free account.