1

I can insert data into the database for the several time before this. I'm using web matrix and XAMPP to develop. I have problem while dealing with ports but then after altering something it become okay, but the database does not receive data anymore. My other system using PHP that was been develop is running good but the problem is with the jQuery mobile.

This is the index.html file 

<!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1" />
    <meta name="apple-mobile-web-app-capable" content="yes" />
    <meta name="apple-mobile-web-app-status-bar-style" content="black" />
    <title>
    </title>
    <link rel="stylesheet" href="http://code.jquery.com/mobile/1.2.0/jquery.mobile-1.2.0.min.css" />
    <link rel="stylesheet" href="my.css" />
    <script src="http://code.jquery.com/jquery-1.7.2.min.js">
    </script>
    <script src="http://code.jquery.com/mobile/1.2.0/jquery.mobile-1.2.0.min.js">
    </script>
    <script src="my.js">
    </script>
    <!-- User-generated css -->
    <style>
    </style>
    <!-- User-generated js -->
    <script>
        try {

  $(function() {

});

} catch (error) {
  console.error("Your javascript has an error: " + error);
 }
     </script>
 </head>
 <body>
    <!-- Home -->
    <div data-role="page" id="page1">
        <div data-theme="a" data-role="header" data-position="fixed">
            <h3>
               Student Uitm
            </h3>
        </div>
        <div data-role="content">
            <form action="http://localhost/student/save2db.php" method="post">
                <label>Nama</label><input type="text" name="Nama">
                <label>No Kad Pengenalan</label><input type="text" maxlength="12" name="icno">
                <label>Jantina</label><select name="jantina">
                <option value="L">Lelaki</option>
                <option value="P">Perempuan</option>
            </select>
                <input name="sbt" type="submit" value="save" data-inline="true">
            </form>
        </div>
        <div data-theme="a" data-role="footer" data-position="fixed">
            <h3>
                Footer
            </h3>
        </div>
    </div>
</body>
</html>

and this is the save2db.php file:

 <?php
 $con=mysqli_connect("localhost","root"," ","student");
    // Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}

$sql="INSERT INTO student1 (Nama, icno, jantina)
VALUES
('$_POST[Nama]','$_POST[icno]','$_POST[jantina]')";

 if (!mysqli_query($con,$sql))
 {
  die('Error: ' . mysqli_error($con));
  }
 echo "1 record added";

mysqli_close($con);  
?>
Improve this question
3
  • 1
    You are vulnerable to SQL injection attacks. Before you try to fix this code, you'd better learn about preventing the attacks. Commented Apr 21, 2013 at 17:03
  • $_POST[Nama] should be $_POST["Nama"] etc + you should sanitize inputs before using them in queries... Commented Apr 21, 2013 at 17:03
  • @rafh: -1. no. array keys cannot be quoted in double-quoted strings UNLESS you surround the array reference with {}. e.g. "$arr[x]" is ok. "{$arr['x']}" is ok, but "$arr['x']" is NOT. Commented Apr 21, 2013 at 17:06

1 Answer 1

Reset to default
1

The problems:

  • you check for the db connection, but you let the script run through even when it's failed
  • you are not being cautious enough with the received data
  • you don't log errors
  • internal problem symptoms leak out to users

Here's a possible alternative to your script taking care of these issues:

<?php
$con = mysqli_connect("localhost","root"," ","student");
 // Check connection
if (mysqli_connect_errno()) {
    trigger_error("Failed to connect to MySQL: " . mysqli_connect_error(), 
                   E_USER_ERROR);
    die("unable to complete request");
} else if (!(isset($_POST['Nama']) &&
         isset($_POST['icno']) && isset($_POST['jantina'])) {
    trigger_error( "incomplete POST data", E_USER_ERROR);
    die("unable to complete request");
} else {
    $nama = mysqli_real_escape_string($con, $_POST['Nama']);
    $icno = mysqli_real_escape_string($con $_POST['icno']);
    $jantina = mysqli_real_escape_string($con,$_POST['jantina']);
    $sql = "INSERT INTO student1 (Nama, icno, jantina) VALUES ('$nama','$icno','$jantina')";
    if (!mysqli_query($con,$sql)) {
        trigger_error("query failed :" . mysqli_error($con), E_USER_ERROR);
        die("unable to complete request");
    }
    echo "1 record added";
    mysqli_close($con);  
}

With the above modification done, check the php logs after unsuccessful updates to know the possible reasons of the failure.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

thank you for giving the correct script and when checking the php_error_log it list this error PHP Parse error: syntax error, unexpected '{' in C:\xampp\htdocs\student\save2db.php on line 8
sorry I can't seem to find the issue reported (though I spotted a few mistakes of my own).

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.