how to update foreign key in many to many relationship

Question

i'm new in php,i have 2 table with many to many relation and another table for relations:

each time i want update foreign table i'm give the error:

Cannot add or update a child row: a foreign key constraint fails (`wikiseda`.`genre_singer`, CONSTRAINT `genre_singer_ibfk_1` FOREIGN KEY (`f_singer_id`) REFERENCES `singers` (`singerid`) ON DELETE CASCADE ON UPDATE CASCADE);

this is my code:

<?php
include('../db_inc.php');
define("UPLOAD_DIR",realpath(dirname(__FILE__)));

$singer_name =$_POST['singer_name'];
$singer_gender=$_POST['singer_gender'];
$singer_des=$_POST['singer_description'];
$singer_genre=$_POST['genre_list'];

    $path = UPLOAD_DIR .'/musics/'.$singer_name;
    if(!file_exists($path)){
        mkdir($path,0777,true);
        }

$sql ="INSERT INTO singers(singer_name,singer_gender,singer_description) VALUES ('$singer_name','$singer_gender','$singer_des')" ;
 $singer_id = mysql_insert_id();
$sql2 =("INSERT INTO genre_singer(f_singer_id,f_genre_id) VALUES ('$singer_id','$singer_genre')");

$result=mysql_query($sql)or die(mysql_error());
$result2=mysql_query($sql2)or die(mysql_error());
if('$result'){
    echo "insert successfully"; 

    };
?>

Answer 1

SQL injection vulnerabilities and overly-loose directory permissions aside for a moment (though you really should pay heed to the comments about them). Try executing your first query before trying to get the id last inserted hence:

$sql ="INSERT INTO singers(singer_name,singer_gender,singer_description) VALUES ('$singer_name','$singer_gender','$singer_des')" ;    
$result=mysql_query($sql)or die(mysql_error());

$singer_id = mysql_insert_id();
$sql2 =("INSERT INTO genre_singer(f_singer_id,f_genre_id) VALUES ('$singer_id','$singer_genre')");
$result2=mysql_query($sql2)or die(mysql_error());

Answer 2

You are trying to get the id of the inserted record before actually inserting it.

You need to move your first query execution - $result=mysql_query($sql)or die(mysql_error()); before $singer_id = mysql_insert_id(); .

Also:

1. Your code is vulnerable to SQL injection (as others noted).

2. Creating a directory on your server with an arbitrary path/name which comes from the user is probably a bad idea. If you follow that up with creating a file in a similar way you will allow any user to execute arbitrary code on your server.

Answer 3

For the sake of being complete, here's the work done with PDO:

// note: untested code follows
$pdo = new PDO('mysql:host='.$host.';dbname='.$db_name, $username, $password);

$statement = $pdo->prepare('
    INSERT INTO `singers` (
        singer_name,
        singer_gender,
        singer_description
    ) VALUES (
        :singer_name,
        :singer_gender,
        :singer_des
    )
');

$statement->execute(array(
    'singer_name'=>$_POST['singer_name'],
    'singer_gender'=>$_POST['singer_gender'],
    'singer_des'=>$_POST['singer_description']
));
$singer_id = $pdo->lastInsertId();

if (!$singer_id) {
    // tip: do something nicer than die
    die('Error occurred:'.implode(":",$pdo->errorInfo()));
}


$statement = $pdo->prepare('
    INSERT INTO `genre_singer` (
        f_singer_id,
        f_genre_id
    ) VALUES (
        :singer_id,
        :singer_genre
    )
');
$result = $statement->execute(array(
    'singer_id'=>$singer_id,
    'singer_genre'=>$_POST['genre_list']
));

if (!result) {
    // tip: do something nicer than die
    die('Error occurred:'.implode(":",$pdo->errorInfo()));
}

Documentation

• PDO - http://us1.php.net/manual/en/pdo.errorinfo.php
• PDO::prepare - http://us1.php.net/manual/en/pdo.prepare.php
• PDOStatement::execute - http://php.net/manual/en/pdostatement.execute.php
• PDO::errorInfo - http://us1.php.net/manual/en/pdo.errorinfo.php
• PDO::lastInsertId - http://php.net/manual/en/pdo.lastinsertid.php