Why input data cannot save into database?
Kulliyah
:
Session/Semester
:
<?php
mysql_connect("localhost","root","");
mysql_select_db("kuin_sql");
if(isset($_POST['btnsearch']))
{
$searchKul=$_POST['txtkul'];
$searchSem=$_POST['txtsem'];
if( $searchKul && $searchSem!= NULL)
{
$queryKul = "SELECT DISTINCT _kursus.namakur_bm, _kursus.kodkursus, _kulliyah.kod_kul, kur_twr.sesi_sem, exm_penilaian.kod_skema
FROM _kulliyah
JOIN _program ON _kulliyah.kod_kul = _program.kod_kul
JOIN kur_twr ON _program.kod_prog = kur_twr.kod_prog
JOIN _kursus ON kur_twr.kodkursus = _kursus.kodkursus
JOIN exm_penilaian ON _kursus.kodkursus = exm_penilaian.kodkursus
WHERE _kulliyah.kod_kul LIKE '%$searchKul%'
AND kur_twr.sesi_sem LIKE '%$searchSem%'
ORDER BY kodkursus";
$rsKul = mysql_query($queryKul);
$row_rsKul = mysql_fetch_assoc($rsKul);
$totalRows_rsKul = mysql_num_rows($rsKul);
if($rsKul==false)
{
echo ("Query cannot be executed!<br>");
echo ("SQL Error : ".mysql_error());
}
if($totalRows_rsKul==0)
{
echo ("<script language='JavaScript'>alert('SORRY, NO RECORD FOUND!');</script>
<script language='JavaScript'>window.location='kul2.php';</script>");
}
else
{
echo "Result for Kulliyah : <b>".$searchKul."</b> ";
echo "and Session/Semester : <b>".$searchSem."</b><br>";
echo "Total : <b>".$totalRows_rsKul."</b>";
echo "<center>
<table border='1'>
<tr>
<th>COURSE CODE</th>
<th>COURSE NAME</th>
<th>CARRYMARK/FULLMARK</th>
<th>NOTE</th>
</tr>
";
do
{
echo "<tr>";
echo "<td>" .$row_rsKul['kodkursus'] . "</td>";
echo "<td>" .$row_rsKul['namakur_bm'] . "</td>";
echo "<td>" .$row_rsKul['kod_skema'] . "</td>";
echo "<td>"
?>
<?php
if(isset($_POST['btnsave']))
{
$txtadd = $_POST['txtadd'];
$result=mysql_query("INSERT INTO _kursus(remark) VALUES('$txtadd')");
if($result)
{
echo ("<script language='JavaScript'>alert('Succesfully INSERT data!');</script>
<script language='JavaScript'>window.location='kul7.php';</script>");
}
else
{
echo 'PLEASE ENTER AGAIN';
}
}
"</td>";
echo "</tr>";
}
while($row_rsKul = mysql_fetch_assoc($rsKul));
{
echo "</table></center>";
}
mysql_close();
}
}
?>* the INSERT query does not function. Can anyone help me to resolve this problem. Please
Greg K posted this at 11:22 — 30th September 2012.
He has: 2,145 posts
Joined: Nov 2003
Well, first, are the top section of code and the bottom section supposed to be the same script?? This is confusing as to what you are trying to accomplish
Best guess with limited information:
$_POST['txtadd'] contains a single quote, which is breaking the query. (Any variables to be using in a query for data should be wrapped with mysql_real_escape_string() to protect it from breaking due to this (and to minimize SQL injection. Think if for $_POST['txtadd'] someone put my remark'); drop table _kursus; // you would loose your table!)
If it is not an issue with the slashes, then time to track what is wrong. You say "the INSERT query does not function". Have you verified that no data has actually be added to the database. (some people just don't "see" in the web page what they expect, and say it doesn't work")
If there is no record even added to the database, modify it to:
$sql = 'INSERT INTO `_kursus` (`remark`) VALUES ("'.mysql_real_escape_string($txtadd).'")';$result = mysql_query($sql) or die ('SQL FAILED:<br>'.$sql."<br>Error: 'mysql_error());
is it generating an error? How does the SQL statement look? (sometimes in code it is difficult to see a typo, but when you look at the final SQL statement you can see it easier).
Need more exact answer that what mysql_error() gave? Try manually executing the query on the database.
Don't forget, when you are done debugging, take out the die() statement that displays the actual SQL statement. On a production environment, you never want to show your SQL to the user on an error, (honestly, you shouldn't directly echo out mysql_error() either, why give a hacker "inside information" on how the site is set up)
-Greg
Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.