1

I have made a simple php cms form with database but it does not work properly when I want to submit the form with some dummy data! I don't know why it happens & also I added the mysqli_error() to get the type of error that I'm facing with but I only got this:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '','','')' at line 2

<?php 
if (isset($_POST['submit'])){
    $post_title = $_POST['title'];
    $post_date = date('d-m-y');
    $post_author = $_POST['author'];
    $post_keywords = $_POST['keywords'];
    $post_content = $_POST['content'];
    $post_image = $_FILES['image']['name'];
    $image_tmp = $_FILES['image']['tmp_name'];

    if ($post_title=='' or $post_keywords='' or $post_content='' or $post_author=''){
        echo '<script>alert("Some fields are missing")</script>';
    }else{
        move_uploaded_file($image_tmp,"post_images/$post_image");
        $insert_query = "INSERT INTO posts 
        (post_title,post_date,post_author,post_image,post_keywords,post_content) VALUES ('$post_title','$post_date','$post_author',$post_image','$post_keywords','$post_content')";
        $insert_post = mysqli_query($con,$insert_query);
        if ($insert_post){
            echo '<h3 style="color:green">Post has been added successfully.</h3>';
        }else{
            echo mysqli_error($con);
        }
    }
}
?>
<form method="POST" action="" enctype="multipart/form-data">
    <table width="600" align="center" border="10">
        <tr>
            <td align="center"><h6>Insert Post Title</h6></td>
            <td align="center"><input type="text" name="title"/></td></br>
        </tr>
        <tr>
            <td align="center"><h6>Insert Post Author</h6></td>
            <td align="center"><input type="text" name="author"/></td></br>
        </tr>
        <tr>
            <td align="center"><h6>Insert Post Keywords</h6></td>
            <td align="center"><input type="text" name="keywords"/></td></br>
        </tr>
        <tr>
            <td align="center"><h6>Insert Post Image</h6></td>
            <td align="center"><input type="file" name="image"/></td></br>
        </tr>
        <tr>
            <td align="center"><h6>Insert Post Content</h6></td>
            <td align="center"><textarea name="content" cols="10" rows="10"></textarea></td></br>
        </tr>
        <tr>
            <td align="center"><input type="submit" name="submit" value="Submit"/></td>
        </tr>
    </table>
</form>

It would be very helpful to me if you share your solution for this problem... thanks!

Improve this question

3 Answers 3

Reset to default
1

You are missing a quote just before $post_image:

,$post_image'

Should be:

,'$post_image'

So the complete SQL statement becomes then:

$insert_query = "INSERT INTO posts 
    (post_title, post_date, post_author, post_image, post_keywords, post_content)
    VALUES ('$post_title', '$post_date', '$post_author', '$post_image', 
            '$post_keywords', '$post_content')";

Please note that you are doing assignments in this if:

if ($post_title=='' or $post_keywords='' or $post_content='' or $post_author=''){

You should be using double == instead of =.

Finally, your code is vulnerable to SQL injection. So please use prepared statements with parameters.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

writing if statement in this way is better 

// this not always works
if ($post_title=='' or $post_keywords='' or $post_content='' or $post_author=''){
        echo '<script>alert("Some fields are missing")</script>';
    }

// yeah much better 
 if (empty($post_title) || empty($post_keywords) || empty($post_content) || empty($post_author)){
            echo '<script>alert("Some fields are missing")</script>';
        }

and sql mistake most probably because of here

'$post_keywords','$post_content')";

$post_keywords and $post_content is null or empty

Improve this answer

Comments

0

Changes

  1. Use empty for check empty variable
  2. Use || instead of or
  3. Check validation for what you are doing. (move_uploaded_file)
  4. Be careful with quotes ($post_image') - This is the bug in your code
  5. Enhance mysqli_error (if (!$insert_post){)

Code

<?php 
    if (isset($_POST['submit']))
    {
        $post_title = $_POST['title'];
        $post_date = date('d-m-y');
        $post_author = $_POST['author'];
        $post_keywords = $_POST['keywords'];
        $post_content = $_POST['content'];
        $post_image = $_FILES['image']['name'];
        $image_tmp = $_FILES['image']['tmp_name'];

        if (empty($post_title) || empty($post_keywords) || empty($post_content) || empty($post_author))
        {
            echo '<script>alert("Some fields are missing")</script>';
        }
        else
        {
            if (!move_uploaded_file($image_tmp,"post_images/$post_image")) {
                echo "Move Failed";
            }
            else
            {
                $insert_query = "INSERT INTO posts (post_title,post_date,post_author,post_image,post_keywords,post_content) VALUES ('$post_title','$post_date','$post_author','$post_image','$post_keywords','$post_content')";
                $insert_post = mysqli_query($con,$insert_query);

                if (!$insert_post){
                    echo mysqli_error($con);
                }
                else
                {
                    echo '<h3 style="color:green">Post has been added successfully.</h3>';
                }
            }

        }
    }
?>
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.