0

I need help on my code. When data is entered on my site, it does not show up in the mySQL data table. The insert function that I used might be the problem, but I cannot figure out how to get it to actually insert and show up in my table in my database. Can someone please guide me in the right direction with my code? 

<?php
   session_start();
   include("db_connect.php");

if(isset($_POST['submit'])){
$item = $_POST['item'];
if(empty($item)) {
  $errors = "you must enter something";
}
else{
  mysqli_query("INSERT INTO a4_todolist (item) VALUES ('$item')");
  header('location: index.php');
}
}

$a4_todolist = mysqli_query("SELECT * FROM a4_todolist");
?>



<!DOCTYPE html>
<html>
<head>
<title> Assignment 4 - To Do List </title>
<link rel ="stylesheet" type ="text/css" href="style.css">
</head>
<body>
<div class "head">
  <h2> To Do </h2>
</div>

<form method= "POST" action = "index.php">
<?php if (isset($errors)) { ?>
 <p><?php echo $errors; ?></p>
  <?php } ?>



 Item <input type = "text" name= "item" class="item_input">
  Author <input type = "text" name= "author" class="author_input">
  <button type = "submit" class="add-btn" name="submit"> Add Task 
  </button>
  </form>
  <table>

 <tbody>
    <?php while ($row = mysqli_fetch_array($a4_todolist)) { ?>
    <tr>
      <td class="id"> <?php print  $row['id']; ?> </td>
      <td class="item"> <?php echo $row['item']; ?> </td>
    </tr>
   <?php } ?>

</tbody>
</table>
</thread>


</body>
</html>
Improve this question
4
  • 1
    Hi, welcome to Stack Overflow. It's good to see you've included part of the code. But make sure it was a Minimal, Complete, and Verifiable Example (MCVE), note that asking for SQL Query need to have Minimal, Complete, and Verifiable Example (MCVE) too. Commented Mar 28, 2019 at 2:01
  • 1
    You need to use error reporting. If used mysqli_query would have thrown an error about parameter 1 being a string and not a mysqli connection. Additional you are open to SQL injections and need to check the result of that query call. Commented Mar 28, 2019 at 2:37
  • Where is connection variable in mysqli_query("INSERT INTO a4_todolist (item) VALUES ('$item')");? Commented Mar 28, 2019 at 4:54
  • Warning: Your code is vulnerable to SQL Injection attacks. You should use parameterised queries and prepared statements to help prevent attackers from compromising your database by using malicious input values. bobby-tables.com gives an explanation of the risks, as well as some examples of how to write your queries safely using PHP / mysqli. Never insert unsanitised data directly into your SQL. The way your code is written now, someone could easily steal, incorrectly change, or even delete your data. Commented Mar 28, 2019 at 9:44

2 Answers 2

Reset to default
1

You have missed the sql connection variable which is coming from db_connect.php file inside your mysqli_query. Your mysqli_query() should be like this

mysqli_query($connection,"INSERT INTO a4_todolist (item) VALUES ('$item')");

Also this

$a4_todolist = mysqli_query($connection,"SELECT * FROM a4_todolist");

It seems that you are a beginner so I recommend you to learn Prepared statements which is more efficient and safe to use.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

You should pass the connection link identifier as well as you can check for errors.

$con = mysqli_connect("localhost","my_user","my_password","my_db");

// Check connection
if (mysqli_connect_errno())
{
    echo "Failed to connect to MySQL: " . mysqli_connect_error();
}

Also after executing query you can again check for error.

if (!mysqli_query($con,"INSERT INTO a4_todolist (item) VALUES ('$item')")) {
    echo("Error description: " . mysqli_error($con));
}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.