Insert query not doing anything

Question

As the title suggests I'm trying to create a mysqli insert query to insert data from a form into a table.The table structure is split into 4 columns as follows:

1) PO (auto incrementing int primary key )

2) Job Name (VARCHAR)

3) Date (VARCHAR)

4) Address (VARCHAR)

With the current code I am getting no errors when i submit, but rather just no results whatsoever. I'm rather confused as to what part of this doesn't work and looking for some insight into it.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<?php
require 'classes/Mysql.php';
$conn = new mysqli(DB_SERVER, DB_USER, DB_PASSWORD, DB_NAME) or die('There was a problem        connecting to the database');


if($_POST && !empty($jobname) && !empty($date)){
    $jobname = $_POST['jobname'];
$date = $_POST['date'];
$address = $_POST['address'];
$query = "INSERT INTO 'po_10152796'('Job Name', 'Date', 'Address') VALUES ('$jobname',' $date',' $address')";
mysqli_query($conn,$query);

}

?>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>New Job - Tradeflow</title>
<link href="css/style.css" rel="stylesheet" type="text/css" />

</head>

<body>
<h2>Your PO will be provided when the form is completed, fields marked with an asterix (*) are required and must be filled out in order to submit.</h2>
<form id="newJobForm" method="post" class="form-newJob" role="form" action="">
<div class = "relative">
  <label>Job Name: </label>
  <input class="blueinput" name="jobname" input type="text" placeholder="Job Name"/>
  </div>
  <div class="relative">
  <label>Date: </label>
  <input class="blueinput" name="date" input type="datetime" placeholder="" />
  </div>
  <div class="relative">
  <label>Address: </label>
  <input class="blueinput" name="address" input type="text" placeholder="Address" />
  </div>
  <input type="submit" class="bluebutton" aligh="left"  value="Submit" />



</body>
</html>

Answer 1

Remove those quotes from your query with backticks

"INSERT INTO `po_10152796` (`Job Name`, `Date`, `Address`) VALUES ('$jobname',' $date',' $address')";

Table names and column names are enclosed within backticks and its not compulsory unless and until the table name or column name is not Reserve Keyword

And you need to update your if condition too

if(!empty($_POST['jobname']) && !empty($_POST['date'])){

Answer 2

Your if condition of checking submit forms is wrong. Your if condition would return error. Try this:

if(!empty($_POST["jobname"]) && !empty($_POST["date"])){

For your query, don't use single tick( ' ) for your table name and column name, and use backticks (`) instead.

"INSERT INTO `po_10152796` (`Job Name`, `Date`, `Address`) VALUES ('$jobname',' $date',' $address')";

Your query is also prone to SQL injections , so I would recommend using mysqli_real_escape_string() function atleast.

$jobname = mysqli_real_escape_string($conn,$_POST["jobname"]);

For better security, use mysqli_* prepared statement or PDO. Here is an example of mysqli_* prepared statement:

if($stmt = $conn->prepare("INSERT INTO po_10152796 (Job_Name, Date, Address) VALUES(?,?,?)")){
  $stmt->bind_param("sss",$_POST["jobname"],$_POST["date"],$_POST["address"]);
  $stmt->execute();
  $stmt->close();
}

Answer 3

You use single quotes for escaping column and table names. That is wrong. For escaping table names you have to use backticks. single quotes is only for string literals

$query = "INSERT INTO `po_10152796`(`Job Name`, `Date`, `Address`) VALUES ('$jobname',' $date',' $address')";

And also you have to check for errors after every sql statement. Do not use blanks in column names. You should learn about prepared statement for preventing sql injection.