I am not able to insert the data into database mysql

Question

I am trying to input these values into database but everytime there is an error. I think the error is in this part of code but i am not able to find it plzz help.

<?php

    if ($roomtype == "DeluxeRoom")
        {
        $rom = "SELECT room_id FROM room WHERE room_id NOT IN ( SELECT room_id 
        FROM reservation WHERE start_date <= '2016-02-27' AND end_date >= '2016-02-
        24')";
        }
?>

---

<?php
session_start();
include_once 'database.php';

if (isset($_POST['signup']))
    {
    $checkin = mysqli_real_escape_string($con, $_POST['checkin']);
    $checkout = mysqli_real_escape_string($con, $_POST['checkout']);
    $numroom = mysqli_real_escape_string($con, $_POST['numroom']);
    $roomtype = mysqli_real_escape_string($con, $_POST['roomtype']);
    $cid = $_SESSION['usr_id'];
    if ($roomtype == "DeluxeRoom")
        {
        $rom = "SELECT room_id FROM room WHERE room_id NOT IN ( SELECT room_id 
    FROM reservation WHERE start_date <= '2016-02-27' AND end_date >= '2016-02-
    24')";
        }

    $sql = "INSERT INTO reservation (customer_id,room_id,start_date, end_date) 
    VALUES('" . $cid . "','" . $rom . "','" . $checkin . "','" . $checkout . "')";
    if (mysqli_query($con, $sql))
        {
        echo "New record created successfully";
        }
      else
        {
        echo "Error";
        }
    }

?>

Answer 1

You can not insert $rom in INSERT query. You must serialize it value to string:

<?php
session_start();
include_once 'database.php';
?>
<?php


if (isset($_POST['signup'])) {
$checkin  = mysqli_real_escape_string($con,$_POST['checkin']);
$checkout = mysqli_real_escape_string($con,$_POST['checkout']);
$numroom = mysqli_real_escape_string($con,$_POST['numroom']);
$roomtype = mysqli_real_escape_string($con,$_POST['roomtype']);
$cid=$_SESSION['usr_id'];

if($roomtype=="DeluxeRoom")
{
    $rom="SELECT room_id FROM room WHERE room_id NOT IN ( SELECT room_id 
FROM reservation WHERE start_date <= '2016-02-27' AND end_date >= '2016-02-
24')";
}
$q = mysqli_query($con, $rom);
$row = json_encode($q->fetch_array(MYSQLI_NUM));


$sql="INSERT INTO reservation (customer_id,room_id,start_date, end_date) 
VALUES('" . $cid . "','" . $rom . "','" . $checkin . "','" . $checkout . 
"')";
if(mysqli_query($con, $sql)) {
echo "New record created successfully";
} else {
echo "Error";
}
}

Answer 2

You're not executing the query built in $rom. Also, as Sami Kuhmonen pointed out, you really should use prepared statements instead of string concatenation.

Try this:

<?php
session_start();
include_once 'database.php';

if (isset($_POST['signup'])) {
    $checkin = $_POST['checkin'];
    $checkout = $_POST['checkout'];
    $numroom = $_POST['numroom'];
    $roomtype = $_POST['roomtype'];
    $cid = $_SESSION['usr_id'];

    if ($roomtype == "DeluxeRoom") {
        if (($res = mysqli_query(
                $con,
                "SELECT room_id FROM room WHERE room_id NOT IN ( SELECT room_id
FROM reservation WHERE start_date <= '2016-02-27' AND end_date >= '2016-02-
24')"
            )) !== false) {
            list($rom) = mysqli_fetch_row($res);
        }
    }

    $statement = mysqli_prepare(
        $con,
        "INSERT INTO reservation (customer_id,room_id,start_date, end_date)
VALUES(?,?,?,?)"
    );
    if ($statement === false) {
        die(mysqli_error($con));
    }
    $statement->bind_param('ssss', $cid, $rom, $checkin, $checkout);
    if ($statement->execute()) {
        echo "New record created successfully";
    } else {
        echo "Error";
    }
}

?>

Answer 3

I have been able to do the select and i am getting 5 values(row) and i want to insert only the first value. How to do it?

if (isset($_POST['signup'])) {
$checkin  = mysqli_real_escape_string($con,$_POST['checkin']);
$checkout = mysqli_real_escape_string($con,$_POST['checkout']);
$numroom = mysqli_real_escape_string($con,$_POST['numroom']);
$roomtype = mysqli_real_escape_string($con,$_POST['roomtype']);
$cid=$_SESSION['usr_id'];

if($roomtype=="DeluxeRoom")
{
    $rom="SELECT room_id FROM room WHERE roomtype='DeluxeRoom' AND room_id 
 NOT IN ( SELECT room_id FROM reservation WHERE start_date <= '2016-02-27' 
 AND 
 end_date >= '2016-02-24')";
 }

$result = mysqli_query($con, $rom);
if (mysqli_num_rows($result) > 0) {
// output data of each row
while($row = mysqli_fetch_assoc($result)) {
    echo "id: " . $row["room_id"]. " <br>"; 
}
} else {
echo "0 results";
    }


$sql="INSERT INTO reservation (customer_id,room_id,start_date, end_date) 
VALUES('" . $cid . "','" . $row["room_id"] . "','" . $checkin . "','" . 
$checkout . "')";
if(mysqli_query($con, $sql)) {
echo "New record created successfully";
} else {
 echo "Error";
}
}