My database won't insert my record when i submit my form

Question

I am currently doing my fyp. I am new to PHP coding. I have no idea on why the data would not being insert into my database when I submit my form.The photo I added in the form can be stored to the target file. Please help me.

This is my form restaurant-add.php

<form action="php/addmenu.php" method="POST" enctype="multipart/form-data">
    <div class="box-body">
        <div class="form-group">
            <label>Restaurant Name</label>
            <input class="form-control" type="text" name="restaurant_name">
        </div>
        <div class="form-group">
            <label>Password</label>
            <input class="form-control" type="text" name="restaurant_password">
        </div>
        <div class="form-group">
            <label for="exampleInputFile">Restaurant Logo</label>
            <input id="exampleInputFile" type="file" name="restaurant_logo">
        </div>
        <div class="form-group">
            <label>Contact Number</label>
            <input class="form-control" type="text" name="restaurant_contactnum">
        </div>
        <div class="form-group">
            <label>Address</label>
            <input class="form-control" type="text" name="restaurant_address" >
        </div>

        <div class="box-footer">
            <button class="btn btn-primary" type="submit" name="submit">Submit</button>
            <button class="btn btn-primary" type="reset">Reset</button>
        </div>
</form>

My php file when I submit my form addmenu.php

<?php
include 'db.php';
//define other variables with submitted values from $_POST
$name = $_POST['restaurant_name'];
$contactnum = $_POST['restaurant_contactnum'];
$address = $_POST['restaurant_address'];

//md5 hash password for security
$password = md5($_POST['restaurant_password']);

$uploadedfile = $_FILES["restaurant_logo"]["tmp_name"];
$allowedExts = array("png","jpg","jpeg"); /* ACCEPTED FILE FORMAT */
$filename = $_FILES["restaurant_logo"]["name"]; /* NAME OF THE FILE */
$extension = pathinfo($filename, PATHINFO_EXTENSION); /* GET THE FILE EXTENSION */
$extension = strtolower($extension); /* LOWER THE STRINGS OF THE EXTENSION */

if (in_array($extension,$allowedExts)) { /* IF FILE IS INDEED AN IMAGE */

    $path = "restaurantlogo/".$filename; /* DIRECTORY WHERE YOU WANT TO STORE THE IMAGE ALONG WITH THE FILE NAME */
    move_uploaded_file($uploadedfile,$path);

    //set session variables to display on welcome page
    $_SESSION['username'] = $name;
    $_SESSION['restaurant_logo'] = $uploadedfile;

    //insert user data into database
    $sql = "INSERT INTO testingrestaurant (Logo, Name, Password, Contact Number, Address) VALUES ('$uploadedfile', '$name', '$password', '$contactnum', '$address')";

    //check if mysql query is successful
    if (($conn->query($sql) === TRUE) {
        $_SESSION['message'] = "Registration successful!"
        echo "Added ".$name." to the database!";
        echo $message;
        //redirect the user to welcome.php
        header("location: restaurant-add.php");
    }
}

The php file to connect to database db.php

<?php
$dbServername = "localhost";
$dbUsername = "root";
$dbPassword = "";
$dbName="food delivery";

// Create connection
$conn = new mysqli($dbServername, $dbUsername, $dbPassword,$dbName);

// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
} 
echo "Connected successfully";

**Danger**: You are using [an unsuitable hashing algorithm](http://php.net/manual/en/faq.passwords.php) and need to [take better care](https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet) of your users' passwords. — Quentin, Dec 10 '17 at 10:44
**Danger**: You are **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that you need to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. — Quentin, Dec 10 '17 at 10:44
`if (($conn->query($sql) === TRUE){` — and is it TRUE? I'm guessing not. There's an error function that will tell you what errors the database server reported. Use it! — Quentin, Dec 10 '17 at 10:46

score 2 · Answer 1 · edited Dec 10 '17 at 14:38

2

In the line:

$sql = "INSERT INTO testingrestaurant (Logo, Name, Password, Contact Number, Address) VALUES ('$uploadedfile', '$name', '$password', '$contactnum', '$address')";

replace testingrestaurant with 'testingrestaurant'. PHP if you put variable instead, Still PHP requires dash..

edited Dec 10 '17 at 14:38

1stthomas

683
2
13
19

answered Dec 10 '17 at 11:13

Kunjesh Virani

84
4

score 1 · Answer 2 · edited Dec 10 '17 at 13:53

1

$sql = "INSERT INTO testingrestaurant (Logo, Name, Password, Contact Number, Address) VALUES ('$uploadedfile', '$name', '$password', '$contactnum', '$address')";

You have a space within "Contact Number", this is not right in SQL, use the exact column name in your database.

This should help.

edited Dec 10 '17 at 13:53

Zoli Szabó

3,313
1
9
18

answered Dec 10 '17 at 09:29

Taiwo Aiyerin

46
2

Thanks for the reply but in my database i have a space between them – Dlayz Dec 10 '17 at 09:42
This is not best practice, if you can change the name in database, please do. You also forgot to include mysqli_query($conn, $sql); after your query. This the line that post your query($sql) into the database – Taiwo Aiyerin Dec 10 '17 at 09:45
Parse error: syntax error, unexpected 'echo' (T_ECHO) in C:\xampp\htdocs\FYP\php\addmenu.php on line 34 which is referring to this line echo "Added " . $name . " to the database!"; I tried to google yet their condition is different with me – Dlayz Dec 10 '17 at 10:11
Can you post the current addmenu.php script – Taiwo Aiyerin Dec 10 '17 at 10:21
The code is too long until i cant post in the comment box so i post in another answer – Dlayz Dec 10 '17 at 10:26
Check the new answer, i changed mysqli method in code and connection details as well – Taiwo Aiyerin Dec 10 '17 at 10:42

score 1 · Accepted Answer · edited Dec 10 '17 at 15:45

<?php
$dbServername = "localhost";
$dbUsername = "root";
$dbPassword = "";
$dbName="food delivery";

// Create connection
$conn = mysqli_connect($dbServername, $dbUsername, $dbPassword,$dbName);

// Check connection
if (mysqli_connect_errno()) {
    $result  = 'error';
    $message = 'Failed to connect to database: ' . mysqli_connect_error();

}

echo "Connected successfully";

//define other variables with submitted values from $_POST
$name = $_POST['restaurant_name'];
$contactnum = $_POST['restaurant_contactnum'];
$address = $_POST['restaurant_address'];

//md5 hash password for security
$password = md5($_POST['restaurant_password']);

$uploadedfile = $_FILES["restaurant_logo"]["tmp_name"];
$allowedExts = array("png","jpg","jpeg"); /* ACCEPTED FILE FORMAT */
$filename = $_FILES["restaurant_logo"]["name"]; /* NAME OF THE FILE */
$extension = pathinfo($filename, PATHINFO_EXTENSION); /* GET THE FILE EXTENSION */
$extension = strtolower($extension); /* LOWER THE STRINGS OF THE EXTENSION */

if (in_array($extension,$allowedExts)) { /* IF FILE IS INDEED AN IMAGE */

    $path = "restaurantlogo/".$filename; /* DIRECTORY WHERE YOU WANT TO STORE THE IMAGE ALONG WITH THE FILE NAME */
    move_uploaded_file($uploadedfile,$path);

    //set session variables to display on welcome page
    $_SESSION['username'] = $name;
    $_SESSION['restaurant_logo'] = $uploadedfile;

    //insert user data into database
    $sql = "INSERT INTO testingrestaurant (Logo, Name, Password, ContactNumber, Address) VALUES ('$uploadedfile', '$name', '$password', '$contactnum', '$address')";

    $insert = mysqli_query($conn, $sql) or die(mysqli_error($conn));

    //check if mysql query is successful
    if ($sql) {
        $_SESSION['message'] = "Registration successful!";
        echo "Added " . $name . " to the database!";
        echo $message;
        //redirect the user to welcome.php
        header("location: restaurant-add.php");
    }

}
?>

Well. That's a lump of code. It doesn't really look like an answer though. What did you change? Why should it solve the problem? — Quentin, Dec 10 '17 at 10:43
This is another way to use mysqli. The difference between this format and your forma is that it call each mysqli function in a different way. e.g For connection, i changed from new mysqli to mysqli_connect. If you may want to stick to your method, you will have to look for the right way to use to call mysqli_query using your method. — Taiwo Aiyerin, Dec 10 '17 at 10:54
"This is another way to use mysqli" — Why will it fix the problem? What is wrong with the way the OP is calling `->query`? — Quentin, Dec 10 '17 at 10:56

My database won't insert my record when i submit my form

3 Answers3