Row Added But No Data Inserted?

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Antonio Bacasno
    New Member
    • Sep 2011
    • 22
    #1

    Row Added But No Data Inserted?

    Hi. Please excuse my noobiness, but I'm new to PHP. My problem is data was not inserted into the database but PHP didn't return any error. Row was added since there was a new ID number, but then the rest of the columns are blanks and Sequence No and Date inserted 0's(zeros) instead of the real data. Could you kindly please check my code for any discrepancies? Please also check the images attached. Thanks.

    ***PROCESS PAGE***

    Code:
    <?php include("includes/db_connect.php"); ?>
<?php require_once("includes/functions.php"); ?>

<html>
<head><title>Add Equipment</title></head>

<body>
<h3>Please review the data before finally submitting to the database.</h3>
<h3>Press the back button of your browser if you want to edit the data.</h3>
<h3>Press the submit button to submit it to the database.</h3><hr>
<br />
<?php

	$equipname = $_POST['equipname'];
	$manufacturer = $_POST['manufacturer'];
	$serno = $_POST['serno'];
	$modelno = $_POST['modelno'];
	$capacity = $_POST['capacity'];
	$curloc = $_POST['curlocation'];
	$equipcode = $_POST['equipcode'];
	$seqno = $_POST['seqno'];	
	$addDate = $_POST['dateYr']. "-";
	$addDate .= $_POST['dateMO']. "-";
	$addDate .= $_POST['dateDay'];
	
	echo "Equipment Name : <b>{$equipname}</b><br />";
	echo "Manufacturer : <b>{$manufacturer}</b><br />";
	echo "Serial No. : <b>{$serno}</b><br />";
	echo "Model No. : <b>{$modelno}</b><br />";
	echo "Capacity/Range : <b>{$capacity}</b><br />";
	echo "Current Location : <b>{$curloc}</b><br />";
	echo "Equipment Code : <b>{$equipcode}</b><br />";
	echo "Sequence No. : <b>{$seqno}</b><br />";
	echo "Date Added : <b>{$addDate}</b>";
?>
<hr>
<form action="adddata.php" method="POST">
<input type="submit" name="submit" id="submit" value="Submit"></form>

</body></html>
<?php 
	if (isset($equip_db)) {
		mysqli_close($equip_db); 
	}
?>
    -------------

    ***ADDDATA***

    Code:
    <?php include("includes/db_connect.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php

	$equipname = $_POST['$equipname'];
	$manufacturer = $_POST['$manufacturer'];
	$serno = $_POST['$serno'];
	$modelno = $_POST['$modelno'];
	$capacity = $_POST['$capacity'];
	$curloc = $_POST['$curlocation'];
	$equipcode = $_POST['$equipcode'];
	$seqno = $_POST['$seqno'];	
	$addDate = $_POST['$dateYr'] ."-". $_POST['$dateMO'] ."-". $_POST['$dateDay'];
		
	$query_add = "INSERT INTO tblequipmentmasterlist (equipname, manufacturer, serno,
					modelno, capacity, curlocation, equipcode, seqno, adddate) 
					VALUES ('{$equipname}','{$manufacturer}','{$serno}','{$modelno}',
					'{$capacity}','{$curloc}','{$equipcode}','{$seqno}','{$addDate}')";
					
	if (mysqli_query($db_cxn, $query_add)) {
		header ("Location: newequipment.php");
		exit;
		} else {
			echo "<p>Data addition has failed. Please contact the site administrator.</p>";
			echo "<p>" . mysqli_error($db_cxn) . "</p>";
		}				
?>
<?php 
	if (isset($db_cxn)) {
		mysqli_close($db_cxn); 
	}
?>
    Attached Files
    Tags: data missing, data not inserted
    • Dormilich
      Recognized Expert Expert
      • Aug 2008
      • 8694
      #2
      actually, I can’t see anything odd in the material given. you may try var_dump($_POST ) to check that all data are correctly passed.

      additionally, the redirect may fail in adddata.php.

      I may also note that there are no precautions against SQL Injection attacks.

        Comment

        • Antonio Bacasno
          New Member
          • Sep 2011
          • 22
          #3
          Thanks for the quick reply. I inserted a var_dump and a print_r to my ADDDATA script and they came up empty actually. It returned an error but when I checked my database, it added another row. I really don't understand it. And what do you mean by "no precautions against SQL injection attacks?" I've revised both my PROCESS and ADDDATA scripts. Also, I've attached some new images showing the results. Thanks.

          PROCESS_STRING_ ESCAPED
          Code:
          <?php include("includes/db_connect.php"); ?>
<?php require_once("includes/functions.php"); ?>

<html>
<head><title>Add Equipment</title></head>

<body>
<h4>Please review the data before finally submitting to the database.</h4>
<h4>Press the back button of your browser if you want to edit the data.</h4>
<h4>Press the submit button to submit it to the database.</h4><hr>
<br />
<?php

	$equipname = mysqli_real_escape_string($db_cxn, $_POST['equipname']);
	$manufacturer = mysqli_real_escape_string($db_cxn, $_POST['manufacturer']);
	$serno = mysqli_real_escape_string($db_cxn, $_POST['serno']);
	$modelno = mysqli_real_escape_string($db_cxn, $_POST['modelno']);
	$capacity = mysqli_real_escape_string($db_cxn, $_POST['capacity']);
	$curloc = mysqli_real_escape_string($db_cxn, $_POST['curlocation']);
	$equipcode = mysqli_real_escape_string($db_cxn, $_POST['equipcode']);
	$seqno = mysqli_real_escape_string($db_cxn, $_POST['seqno']);	
	$addDate = mysqli_real_escape_string($db_cxn, $_POST['dateYr']). "-";
	$addDate .= mysqli_real_escape_string($db_cxn, $_POST['dateMO']). "-";
	$addDate .= mysqli_real_escape_string($db_cxn, $_POST['dateDay']);
	
	echo "Equipment Name : <b>{$equipname}</b><br />";
	echo "Manufacturer : <b>{$manufacturer}</b><br />";
	echo "Serial No. : <b>{$serno}</b><br />";
	echo "Model No. : <b>{$modelno}</b><br />";
	echo "Capacity/Range : <b>{$capacity}</b><br />";
	echo "Current Location : <b>{$curloc}</b><br />";
	echo "Equipment Code : <b>{$equipcode}</b><br />";
	echo "Sequence No. : <b>{$seqno}</b><br />";
	echo "Date Added : <b>{$addDate}</b>";
?>
<hr>
<form action="adddata.php" method="POST">
<input type="submit" name="submit" id="submit" value="Submit"></form>

</body></html>
<?php 
	if (isset($db_cxn)) {
		mysqli_close($db_cxn); 
	}
?>
          ----------------

          ADDDATA with VAR_DUMP and PRINT_R

          Code:
          <?php include("includes/db_connect.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php
	
	$equipname = $_POST['$equipname'];
	$manufacturer = $_POST['$manufacturer'];
	$serno = $_POST['$serno'];
	$modelno = $_POST['$modelno'];
	$capacity = $_POST['$capacity'];
	$curloc = $_POST['$curlocation'];
	$equipcode = $_POST['$equipcode'];
	$seqno = $_POST['$seqno'];	
	$addDate = $_POST['$dateYr'] ."-". $_POST['$dateMO'] ."-". $_POST['$dateDay'];
		
	$query_add = "INSERT INTO tblequipmentmasterlist (equipname, manufacturer, serno,
					modelno, capacity, curlocation, equipcode, seqno, adddate) 
					VALUES ('{$equipname}','{$manufacturer}','{$serno}','{$modelno}',
					'{$capacity}','{$curloc}','{$equipcode}','{$seqno}','{$addDate}')";
					
	if ($query_add != null) {
		mysqli_query($db_cxn, $query_add);
		echo "<pre>";
		echo print_r($query_add);
		echo var_dump($query_add);
		echo "</pre>";
		//header ("Location: newequipment.php");
		exit;
		} else {
			echo "<p>Record was not added : ". $query_add.  " Please contact the site administrator.</p>";
			echo "<p>" . mysqli_error($db_cxn) . "</p>";
		}				
?>
<?php 
	if (isset($db_cxn)) {
		mysqli_close($db_cxn); 
	}
?>
          Attached Files

            Comment

            • Dormilich
              Recognized Expert Expert
              • Aug 2008
              • 8694
              #4
              I inserted a var_dump and a print_r to my ADDDATA script and they came up empty actually.
              that is indicating that there is something wrong with your HTML form.

              when I checked my database, it added another row.
              even if the values are empty, they will be inserted.

              besides that, did you really name the form elements like $eqipname?

                Comment

                • Antonio Bacasno
                  New Member
                  • Sep 2011
                  • 22
                  #5
                  The problem is now resolved. What I did was do away with the ADDDATA page and just insert the record at the PROCESSFORM page, taking into account character escaping. It is now working as it should be. Here is my new code for the revised PROCESSFORM page. Thanks for the help.

                  NEW PROCESS FORM PAGE

                  Code:
                  <?php include("includes/db_connect.php"); ?>
<?php require_once("includes/functions.php"); ?>

<?php

	$equipname = mysqli_real_escape_string($db_cxn, trim(htmlspecialchars($_POST['equipname'])));
	$manufacturer = mysqli_real_escape_string($db_cxn, trim(htmlspecialchars($_POST['manufacturer'])));
	$serno = mysqli_real_escape_string($db_cxn, trim(htmlspecialchars($_POST['serno'])));
	$modelno = mysqli_real_escape_string($db_cxn, trim(htmlspecialchars($_POST['modelno'])));
	$capacity = mysqli_real_escape_string($db_cxn, trim(htmlspecialchars($_POST['capacity'])));
	$curloc = mysqli_real_escape_string($db_cxn, trim(strip_tags($_POST['curlocation'])));
	$equipcode = mysqli_real_escape_string($db_cxn, trim(strip_tags($_POST['equipcode'])));
	$seqno = mysqli_real_escape_string($db_cxn, trim(strip_tags($_POST['seqno'])));	
	$addDate = mysqli_real_escape_string($db_cxn, trim(strip_tags($_POST['dateYr']))). "-";
	$addDate .= mysqli_real_escape_string($db_cxn, trim(strip_tags($_POST['dateMO']))). "-";
	$addDate .= mysqli_real_escape_string($db_cxn, trim(strip_tags($_POST['dateDay'])));
	
	$query_add = "INSERT INTO tblequipmentmasterlist (equipname, manufacturer, serno,
					modelno, capacity, curlocation, equipcode, seqno, adddate) 
					VALUES ('{$equipname}','{$manufacturer}','{$serno}','{$modelno}',
					'{$capacity}','{$curloc}','{$equipcode}','{$seqno}','{$addDate}')";
					
	if ($query_add != null) {
		mysqli_query($db_cxn, $query_add);
		echo "<pre>";
		echo "<h4>You have successfully added the following records to the database : </h4>";
		echo "<hr>";
		echo "<br />";
		echo "Equipment Name : <b>{$equipname}</b><br />";
		echo "Manufacturer : <b>{$manufacturer}</b><br />";
		echo "Serial No. : <b>{$serno}</b><br />";
		echo "Model No. : <b>{$modelno}</b><br />";
		echo "Capacity/Range : <b>{$capacity}</b><br />";
		echo "Current Location : <b>{$curloc}</b><br />";
		echo "Equipment Code : <b>{$equipcode}</b><br />";
		echo "Sequence No. : <b>{$seqno}</b><br />";
		echo "Date Added : <b>{$addDate}</b>";
		//echo print_r($_POST);
		//echo var_dump($_POST);
		echo "</pre>";
		echo "<hr>";
		echo "<form action='newequipment.php' method='POST'>";
		echo "<input type='submit' name='submit' id='submit' value='Continue' /></form>";
		//header ("Location: processform_old.php");
		//exit;
		} else {
			echo "<p>Record was not added : ". $query_add.  " Please contact the site administrator.</p>";
			echo "<p>" . mysqli_error($db_cxn) . "</p>";
		}				
?>

<?php 
	if (isset($db_cxn)) {
		mysqli_close($db_cxn); 
	}
?>

                    Comment

                    Previous template Next
                    Working...