0

I am trying to create a simple catalog. I have a sqlConnect.php file that contains the following

<?php

$host = 'localhost';
$db = 'books';
$user = 'root';
$pass = 'password';

$con = mysqli_connect($host, $user, $pass, $db);

if ($con) {
  echo 'Successfully connected to database!';
} else{
  die('Did not connect');
}

?>

I then have the actual book.php (index page) that contains the following code:

<?php

  include_once 'sqlConnect.php';

 ?>

<!doctype html>
<html lang="en">

<head>

  <title> Library Catalog </title>

</head>

  <style>

    h1 {
      color: #08298A;
    }

  </style>

  <body>

    <h1> <center> Library Catalog </center> </h1>


<h4> <center> Add a New Book </center> </h4>

<center>
<form method="POST">
    <input type="text" name="title" placeholder="Title" id="title">
    <input type="text" name="author" placeholder="Author" id="author">
    <input type="text" name="genre" placeholder="Genre" id="genre">
    <input type="text" name="quantity" placeholder="Quantity" id="quantity">
  <input type="submit" name="submit" value="Submit"/>
    <!-- <button type="submit" name="submit"> Submit</button> -->

</form>
</center>

<?php
$title = $_POST['title'];
$author = $_POST['author'];
$genre = $_POST['genre'];
$quantity = (int)$_POST['quantity'];
$submit = $_POST['submit'];

if ($submit) {
  $sql = "INSERT INTO catalog (id, title, author, genre, quantity) VALUES (NULL, '$title', '$author', '$genre', '10');";
  mysqli_query($con, $sql);
}

?>

</body>
</html>

When I enter in values on the page and hit submit, nothing happens. I have tested to make sure the query is acceptable. I ran into the issue that "quantity" is actually set to a string not an int like it wants in database so i just hard coded in a 10 for now. I can get the query code to work if I place it in sqlConnect.php but it will not work inside of book.php. Am I not connecting to the database correctly by including the sqlConnect.php class?

Any help would be greatly appreciated!

Improve this question
24
  • Add ini_set('display_errors', 1); ini_set('log_errors',1); error_reporting(E_ALL); mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT); to the top of your script. This will force any mysqli_ errors to generate an Exception that you can see on the browser and other errors will also be visible on your browser. Commented Jan 20, 2018 at 22:33
  • Your script is wide open to SQL Injection Attack Even if you are escaping inputs, its not safe! Use prepared parameterized statements Commented Jan 20, 2018 at 22:34
  • Change if ($submit) { to if (isset($_POST['submit']) { Commented Jan 20, 2018 at 22:36
  • 1
    Can you post your table definition. Commented Jan 20, 2018 at 22:55
  • 1
    You do not have any classes. You have PHP files. Commented Jan 20, 2018 at 23:14

3 Answers 3

Reset to default
1

I took your code and added some enhancements for my own purposes. I tested this on my own system. If it does not work for you then there is some system issue on your side.

Triple check your database credentials and permissions.

This code is going to write to debug.log.

book.php

<?php
include_once 'Log.php';
include_once 'sqlConnect.php';
?>
<!doctype html>
<html lang="en">

<head>

<title> Library Catalog </title>

</head>

<style>

    h1 {
    color: #08298A;
    }

</style>

<body>

    <h1> <center> Library Catalog </center> </h1>


<h4> <center> Add a New Book </center> </h4>

<center>
<form method="POST">
    <input type="text" name="title" placeholder="Title" id="title">
    <input type="text" name="author" placeholder="Author" id="author">
    <input type="text" name="genre" placeholder="Genre" id="genre">
    <input type="text" name="quantity" placeholder="Quantity" id="quantity">
    <input type="submit" name="submit" value="Submit"/>
    <!-- <button type="submit" name="submit"> Submit</button> -->

</form>
</center>

<?php
\Log\Log::debug('_POST ' . print_r($_POST, true));

$title = $_POST['title'] ?? null;
$author = $_POST['author'] ?? null;
$genre = $_POST['genre'] ?? null;
$quantity = (int) ($_POST['quantity'] ?? 0);
$submit = $_POST['submit'] ?? null;

if ( $submit ) {
    $sql = "INSERT INTO catalog (title, author, genre, quantity) VALUES ('$title', '$author', '$genre', $quantity);";
    \Log\Log::debug($sql);

    if ( ! mysqli_query($con, $sql) ) {
        \Log\Log::debug(mysqli_error ( $con ));  
    }
}

?>

</body>
</html>

Log.php

<?php
namespace Log;
class Log {
    static function debug($msg) {
        $file = 'debug.log';
        file_put_contents($file, strftime('%Y-%m-%d %T ') . $msg . "\n", FILE_APPEND);
    }
}
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I used this code and still nothing is happening. Nothing is being output to Log.php when I run this code either. I am running on Ubuntu 16.04 with apache 2. I am using firefox quantum as my browser. My credentials are correct because if I run that query in my sqlConnect.php file and run php sqlConnect.php the query adds to the database with no problem. Not sure why my books.php file is having such a hard time with this.
You need some devops help. Check permissions, logs etc.
0

Change this code: 

<?php
$title = $_POST['title'];
$author = $_POST['author'];
$genre = $_POST['genre'];
$quantity = (int)$_POST['quantity'];
$submit = $_POST['submit'];

if ($submit) {
  $sql = "INSERT INTO catalog (id, title, author, genre, quantity) VALUES 
(NULL, '$title', '$author', '$genre', '10');";
  mysqli_query($con, $sql);
}

?>

to this:

<?php
$title = $author = $genre = $quantity = $submit = '';   

if ($_SERVER["REQUEST_METHOD"] == "POST") {
$title = $_POST["title"];
$author = $_POST["author"];
$genre = $_POST["genre"];   
$quantity =  $_POST["quantity"];

  $sql = "INSERT INTO catalog (id, title, author, genre, quantity) VALUES 
(NULL, '$title', '$author', '$genre', '10');";
  mysqli_query($con, $sql);
}

?>

After that works, you should use run some kind of security function on your input like this:

// handles form input security
function test_input($data) {
  $data = trim($data);
  $data = stripslashes($data);
  $data = htmlspecialchars($data);
  return $data;
}

You can run test_input() on each $_POST[] data to prevent security problems

Improve this answer

Comments

0

Try this

If (isset($_POST('submit')){

$title = mysqli_real_escape_string($con,$_POST('title'));

$author = mysqli_real_escape_string($con, $_POST('author'));

$genre = mysqli_real_escape_string($con,$_POST('genre'));

$quantity = mysqli_real_escape_string($con, $_POST('quantity'));

$query = "INSERT INTO catalog (title, author, genre, quantity) VALUES ('$title', '$author', '$genre', '$quantity');

$ret = mysqli_query($con, $query);

If(!$ret){

die( mysqli_error($con));

}

else{

 echo 'query was successful ';

}

else{

     echo 'post is not set);

}

I hope this helps.

Improve this answer

2 Comments

Thanks for this, tried with these new changes and still am not able to update database.
Fix your if statement. If (isset($_POST('submit'){ should be If (isset($_POST['submit'])){

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.