-3

I want to insert the values of a form into the database table called company. But this program again and again tells me that my query did not get executed. May I know why this is so??

I have stored all the values of the form into an array called insert and than I implode the array and name it as newarray so that it is in a form which can be inserted into the database.

But this does not seem to work for me. Please tell me what's the problem in here?? 

<?php
$host = "localhost";
$name = "root";
$password = "";
$db = "shopinz";
$con = mysqli_connect($host,$name,$password,$db);
$insert = array();
$newarray = array();
if(mysqli_connect_errno()){
    echo("Cannot connect to the databse".mysqli_connect_errno());
    exit();
}
else{
    if($_SERVER['REQUEST_METHOD'] == 'POST'){
        foreach($_POST as $value){
            if($value == $_POST['submit']){
                break;
            } 
            else{
                    array_push($GLOBALS['insert'],$value);
            }
        }
         $newarray = implode(',',$insert);
         $result = mysqli_query($con,"INSERT INTO company (company_name,company_number,company_address) VALUES($newarray)");
         if($result){
             echo("1 row added");
         }
         else{
             echo("Query not executed");
         }
     }
 }
 ?>
trainoasis
  • 5,531
  • 10
  • 43
  • 74
user3542577
  • 25
  • 1
  • 6
  • 1
    **Danger**: You are **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that you need to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. – Quentin Oct 08 '14 at 12:48
  • 2
    Why don't you look at the query you are actually running? Why don't you use `mysqli_error()` to find out what the database is saying about your attempt to run the code? – Quentin Oct 08 '14 at 12:49
  • Output all errors. Your values are not encapsulated with `"` in `$newarray` and that produces wrong SQL code – ljacqu Oct 08 '14 at 12:49
  • print_r the $newarray var and see what is returned. I ssupect it is empty as a result of the break statement when the submit button is bresent. – Len_D Oct 08 '14 at 12:51
  • 1
    `array_push($GLOBALS['insert'],$value);` permission to cry. – NDM Oct 08 '14 at 12:57
  • 1
    somehow php always attracts people to write code that way – Royal Bg Oct 08 '14 at 12:58
  • I used mysqli_error() and it gives me error mysqli_query() expects at least 2 parameters – user3542577 Oct 08 '14 at 13:42

2 Answers2

1

This line has no significance:

array_push($GLOBALS['insert'],$value);

Push your values to the one that you need which is $insert

unset($_POST['submit']);
foreach($_POST as $value){
    $insert[] = "'".$con->real_escape_string($value)."'";
}
$newarray = implode(',',$insert);

Note: I suggest use prepared statements instead.

$insert = $con->prepare('INSERT INTO company (company_name,company_number,company_address) VALUES(?, ?, ?)');
$insert->bind_param('sss', $_POST['company_name'], $_POST['company_number'], $_POST['company_address']);
$insert->execute();
Kevin
  • 40,904
  • 12
  • 48
  • 67
-3

Looking at your code the problem I can see is here:

 foreach($_POST as $value){

In your foreach you have $_POST but you dont define what posit it si it should be $_POST['something']

Ziomek Ziomski
  • 63
  • 6