Data not inserting into mysql Database in php

Question

i am trying to insert data into mysql database but all thing going fine no error occur but when i browse data so it is not inserted into database here my coding kindly check it out.

here my html codes:

<html> <head>

<title>Insert Latest News</title>

</head>

<body>

<form action="insert_post.php" method="POST" enctype="multipart/form-data">

<table align="center" border="10" width="800">

<tr> <td align="center" colspan="5" bgcolor="yellow"><h1>Insert Latest News</h1></td> </tr>

<tr> <td>Post Title</td> <td><input type="text" name="title" size="30" /></td> </tr>

<tr> <td>Post Author</td> <td><input type="text" name="author" /></td> </tr>

<tr> <td>Post Image</td> <td><input type="file" name="image" /></td> </tr>

<tr> <td>Post Content</td> <td><textarea name="content" cols="50" rows="20"></textarea></td> </tr>

<tr> <td colspan="5" align="center"><input type="submit" name="submit" value="Publish" /></td> </tr> </table>

</form> </body> </html>

Here is my connection script

$connect = mysql_connect("localhost","root",""); 
$con = mysql_select_db("express", $connect); 
if ($con){ 
    echo ""; 
} else { 
    echo "databse not connected"; 
} 

here my php codes:

<?php require("connect.php");

if (isset($_POST['submit'])){

    $title = $_POST['title'];
    $author = $_POST['author'];
    $content = $_POST['content'];
    $image_name = $_FILES['image']['name'];
    $image_type = $_FILES['image']['type'];
    $image_size = $_FILES['image']['size'];
    $image_tmp = $_FILES['image']['tmp_name'];
    $date = Date('y/m/d');

    if ($title=='' or $author=='' or $content=='' or $image_name==''){

        echo "<script>alert('Any feild is empty')</script>";
        exit();
    }
    if ($image_type=='image/jpeg' or $image_type=='image/png' 
    or $image_type=='image/gif' or $image_type=='image/jpg'){

        echo "";
    } else {
        echo "<script>alert('your image type is not allowed')</script>";
    }
    if ($image_size<=1000000){
        move_uploaded_file ($image_tmp, "images/$image_name");  
        exit();
    } else {

      echo "<script>alert('Image is larger, not allowed by admin ')</script>";
    }

    $query = "INSERT INTO news
             (news_title, news_author, news_content, news_image, news_date) 
             values($title,$author, $content, $image_name, $date,)";

    if ($query){
        echo "<center><h1>Your News has Been Published</h1></center>";
    } 
} 
?>

Answer 1

You code is basically horrible:

1) Vulnerable to SQL injection attacks
2) No upload validation at all
3) Simply assumes success on all operations

and your main problem, ignoring the rest:

4) Syntax errors due to your lack of quotes and extra commas in your query string::

$query = "INSERT INTO news
(news_title, news_author, news_content, news_image, news_date) 
values('$title','$author', '$content', '$image_name', '$date',)";
       ^------^-^-------^--^--------^--^-----------^--^-----^---missing
                                                             ^---wrong

If you'd done ANY kind of defensive programming, eg checking for errors, you'd have been told about your sql syntax problems... Never EVER assume success. Always assume failure, check for failure, and treat success as a pleasant surprise.

Answer 2

($title,$author, $content, $image_name, $date,) is failing you for a few reasons.

String literals require them to be quoted and you have a trailing comma.

('$title','$author', '$content', '$image_name', '$date')

Reference:

• http://dev.mysql.com/doc/refman/5.7/en/string-literals.html

You also are not querying and the MySQL API you are using to connect with is unknown.

• connect.php is a Pandora's box .

Consult: http://php.net/manual/en/mysqlinfo.api.choosing.php

Query methods for you to read up on, when querying a MySQL database in PHP.

• http://php.net/manual/en/mysqli.query.php - MySQLi_
• http://php.net/manual/en/function.mysql-query.php - MySQL_
• http://php.net/manual/en/pdo.query.php - PDO

and make sure you are not mixing those.

Consult: Can I mix MySQL APIs in PHP?

Add error reporting to the top of your file(s) which will help find errors.

<?php 
error_reporting(E_ALL);
ini_set('display_errors', 1);

// Then the rest of your code

Sidenote: Displaying errors should only be done in staging, and never production.

Also check for errors against your query. I cannot provide the link for it, since I do not know which MySQL you are using to connect with.

• mysql_ ?
• mysqli_ ?
• PDO ?

• other ?

• Only you know that.

Your present code is open to SQL injection . Use prepared statements , or PDO with prepared statements .

---

Footnotes:

Also make sure that the folder you are wanting to upload to, has the right permissions set for it.

Error reporting will tell you if there's something wrong with it.

---

Edit: and a final attempt to help out.

I will assume a MySQLi_ connection here. If it's MySQL_ or PDO, you'll need to look at the manuals.

• I believe I have done enough to help you solve this.

Sidenote: I used $connection as the connection variable. Only you know what's used inside your connect.php file.

$query = mysqli_query($connection, "INSERT INTO news
            (news_title, news_author, news_content, news_image, news_date) 
            values('$title','$author', '$content', '$image_name', '$date')");

if ($query){

    echo "<center><h1>Your News has Been Published</h1></center>";
}

else{
    echo "Error: " . mysqli_error($connection);
    }

---

Additional edit:

Seeing this comment you placed:

"here my connect.php file codes: $connect = mysql_connect("localhost","root",""); $con = mysql_select_db("express", $connect); if ($con){ echo ""; } else { echo "databse not connected"; }"

You need to check for the real error here, using mysql_error() .

Then my above edit will need to be changed to mysql_query() and if a connection is required, it needs to be the last parameter.

What I suggest you do is to switch over to either the MySQLi_ or PDO API.

Those links have been provided here in my answer.

MySQL_ method.

$query = mysql_query("INSERT INTO news
            (news_title, news_author, news_content, news_image, news_date) 
            values('$title','$author', '$content', '$image_name', '$date')");

if ($query){

    echo "<center><h1>Your News has Been Published</h1></center>";
}

else{
    echo "Error: " . mysql_error();
    }

Sidenote: If a connection is required, do if ($query, $connection)

If that still fails you, then you most likely will need to switch over to either MySQLi_ or PDO.

• Good luck.

Answer 3

You forgot to execute the query: $result = mysql_query($query);

And you forgot to establish a connection:

$connection = mysql_connect(DB_HOST, DB_USER , DB_PASS) 
or die("Could not connect to the database."); 
mysql_select_db(DB_NAME) or die ("Database could not be selected."); 

I would - by the way - use 1048576 instead of 1000000 as your maximum image size.

Answer 4

For some, who like me found most of the answers did not cure the problem, try

if (!mysqli_commit($link)) print("<p>Transaction commit failed</p>\n");

it appears that some mysql (or Mariadb) distributions may have auto commit turned off. the key was in the fact that when I pasted my query directly into mysql I found that the ID was incrementing, just no data in the table.

Answer 5

You forgot to put quotes in mysql values insert

$query = "INSERT INTO news
             (news_title, news_author, news_content, news_image, news_date) 
             values($title,$author, $content, $image_name, $date,)";

You must put quotes then save

$query = "INSERT INTO news
             (news_title, news_author, news_content, news_image, news_date) 
             values('$title', '$author', '$content', '$image_name', '$date',)";