0

I am trying to make a product spec form add to a table called ProductSpecs on post, however despite the same synatx working fine for SELECT does not work for INSERT. The permissions to the MySQL account used allow full read/write, and I am able to insert into the database via console input using the same request.

Any ideas will be most appreicative.

 $sql = " INSERT INTO ProductSpecs (SpecID, Code, ProductName, Barcode, ProductDescription, SKU, CYear, HeaderStyle, Certification, InnerQTY, OuterQTY, PackagingDescription, Comments) VALUES (NULL, '$Code', '$ProductName', '$Barcode', '$ProductDescription', '$SKU', '$CYear', '$HeaderStyle', '$Certification', '$InnerQTY', '$OuterQTY', '$PackagingDescription', '$Comments')"; 
$result = $conn->query($sql);

Thanks

Improve this question
3
  • 1
    Done any basic debugging, like checking if the query actually succeeded? You don't say WHICH db library you're using, but probably $result will be a boolean FALSE indicating failure. Commented Nov 20, 2014 at 16:29
  • Check for the last error... What does it say? Commented Nov 20, 2014 at 16:29
  • WARNING: This looks terrifyingly insecure and for your sake I hope this is not on the public internet. You need to ensure any and all user parameters are properly escaped or you are at serious risk of an application compromise. What database layer are you using? If it supports prepared statements with placeholders, make a point to use those whenever possible. Commented Nov 20, 2014 at 16:33

4 Answers 4

Reset to default
1

You don't have to regard SpecID in your query. It should be auto increment not null value, so don't regard it and it will work fine.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

it's not necessary, but it's also not WRONG to have it in the query. inserting null directly into an auto_increment field is a perfectly valid method of getting an auto-inc id generated.
I think this is applied in the mysql console well, but what about other sql executing extensions that may deal with the Null string in different or not standard ways.
no. php doesn't know what sql is. it has no idea what "null" in a string means. $foo = 'null' and $foo = null are two ENTIRELY different things. doesn't matter WHERE the sql comes from. it's sql.
1

You want to try and write your code with prepared statements and you can choose PDO or MySQLI. Here is an example how to do it with PDO. Also I would look at this link it might help you. http://prash.me/php-pdo-and-prepared-statements/ along with these videos https://www.youtube.com/watch?v=bvxid3DoLjE. 

<?php
$db_host = "localhost";
$db_username = "root";
$db_pass = "test123";
$db_name = "test_db";

$dbh = new PDO('mysql:host='.$db_host.';dbname='.$db_name,$db_username,$db_pass);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING);

$stmt= $dbh->prepare("INSERT INTO tests(name1, name2, name3, name4,name5,name6, name7, name8, name9, name10) Values (?,?,?,?,?,?,?,?,?,?)");

$stmt->bindParam(1, $_POST["name1"]);
$stmt->bindParam(2, $_POST["name2"]);
$stmt->bindParam(3, $_POST["name3"]);
$stmt->bindParam(4, $_POST["name4"]);
$stmt->bindParam(5, $_POST["name5"]);
$stmt->bindParam(6, $_POST["name6"]);
$stmt->bindParam(7, $_POST["name7"]);
$stmt->bindParam(8, $_POST["name8"]);
$stmt->bindParam(9, $_POST["name9"]);
$stmt->bindParam(10, $_POST["name10"]);

$stmt->execute();

?>
Improve this answer

1 Comment

This example is if you have a form with these field names and you want the form to insert the data into the database. Not sure if this will help. I am new to PHP with PDO, so I can only pass along what I have learned so far.
0

Try putting columns names inside ``

$sql = "INSERT INTO ProductSpecs (`SpecID`, `Code`, `ProductName`, `Barcode`, `ProductDescription`, `SKU`, `CYear`, `HeaderStyle`, `Certification`, `InnerQTY`, `OuterQTY`, `PackagingDescription`, `Comments`) VALUES (NULL, '$Code', '$ProductName', '$Barcode', '$ProductDescription', '$SKU', '$CYear', '$HeaderStyle', '$Certification', '$InnerQTY', '$OuterQTY', '$PackagingDescription', '$Comments');"; 
$result = $conn->query($sql);

if fails echo last error message and comment. the SepcID may have been set as not null which may cause the problem.

Improve this answer

1 Comment

None of the field names are reserved words, so this is not the answer.
0

Try not referencing your ID column?

$sql = " INSERT INTO ProductSpecs (Code, ProductName, Barcode, ProductDescription, SKU, CYear, HeaderStyle, Certification, InnerQTY, OuterQTY, PackagingDescription, Comments) VALUES ('$Code', '$ProductName', '$Barcode', '$ProductDescription', '$SKU', '$CYear', '$HeaderStyle', '$Certification', '$InnerQTY', '$OuterQTY', '$PackagingDescription', '$Comments')"; 
$result = $conn->query($sql)
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.