Why does my insert giving my this result? Is it trying to tell me something?

Question

0.00/5 (No votes)

See more:

I am trying to insert and this is the result that i am getting.

has it trying to insert but hitting a snagg instead. how can i fix this. here is the error i am recieving

PHP

0){
    echo "";
}
else
{//insert data into table
    $sql = "INSERT INTO membersVALUES('$title', '$firstname', '$lastname', '$username', '$email', '$gender', '$services', '$address', md5('$mypwd'))";
    if(mysqli_query($conn,$sql)){echo "";
    $row=mysqli_fetch_array($result);
    mysqli_close($conn);
}
else
{
    echo "Error inserting values into database";
}//end of line
}
}
*/ ?>

and here it what i have tried. a third eye and any help will be much appreciated thanks

What I have tried:

PHP

<pre><?php<?php

		
		 if(isset($_POST['Enter']))
		{
			
			//Capture values from form and store in php variables
			$title=$_POST['title'];
			$firstname=$_POST['firstname'];
			$lastname=$_POST['lastname'];
			$username=$_POST['username'];
			$email=$_POST['email'];
			$gender =$_POST['gender'];
			$services=join(",", $_POST['services']);                                                                                                                                    
			$address=$_POST['address'];
			$mypwd=$_POST['mypwd'];
			
		

			//Create and check connection to the server
			include'db_server.php';
				
			
				
			//Query the database 
			$sql="SELECT * FROM members WHERE username='$username'";
			
			$result=mysqli_query($conn,$sql) or die("Error:" .mysqli_error());
			
			$rowcount=mysqli_num_rows($result);
			
				if($rowcount>=1)
				{
					echo "<script type=\"text/javascript\">
							alert('Username already exist');
							window.location=\"../xhtml/login_user.html\";
						</script>";
				}
				else
				{
					//insert data into table
					$sql="INSERT INTO members 
						  VALUES('$title', '$firstname', '$lastname', '$username', '$email', '$gender', '$services', '$address', md5('$mypwd'))";
					
					if(mysqli_query($conn, $sql))
					{
						 $row=mysqli_fetch_array($result);
						mysqli_close($conn);
					
						echo "<script type=\"text/javascript\">
								 alert('Welcome!! $firstname $lastname, you are now a member of the Caribbean Nature Seekers Institute TT(CNSITT)');
								window.location=\"../xhtml/congrats.html\";
							</script>";
					}
				
					else
					{
						echo "Error inserting data in the members table";
										
					}
				}	
		}

Posted 18-Apr-19 19:15pm

divinity02

Updated 18-Apr-19 21:17pm

Richard MacCutchan

v2

Add a Solution

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Patrice T · Answer 1 · 2019-04-18T19:35:00

Quote:
here is the error i am recieving

You don't show any error message, just a dump of code!
May be using the debugger will allow you to understand what is going on.

PHP

$sql="INSERT INTO members VALUES('$title', '$firstname', '$lastname', '$username', '$email', '$gender', '$services', '$address', md5('$mypwd'))";

Not a solution to your question, but another problem you have.
Never build an SQL query by concatenating strings. Sooner or later, you will do it with user inputs, and this opens door to a vulnerability named "SQL injection", it is dangerous for your database and error prone.
A single quote in a name and your program crash. If a user input a name like "Brian O'Conner" can crash your app, it is an SQL injection vulnerability, and the crash is the least of the problems, a malicious user input and it is promoted to SQL commands with all credentials.
SQL injection - Wikipedia[^]
SQL Injection[^]
SQL Injection Attacks by Example[^]
PHP: SQL Injection - Manual[^]
SQL Injection Prevention Cheat Sheet - OWASP[^]
How can I explain SQL injection without technical jargon? - Information Security Stack Exchange[^]

OriginalGriff · Answer 2 · 2019-04-18T19:44:00

We can't tell - we don't have access to your data, or to the DB you are trying to INSERT to - and both are needed in order to work out what is wrong.

So start by doing what Patrice sugestoes and converting your whole app to parameterised queries, then begin looking at the DB table and the order of columns.
I'd guess that you have an automatically generated ID column at the start - an IDENTITY column - and that is causing the problem.
If so, the solution is to ALWAYS list the columns you wish to insert data into, in the order you will provide data:

SQL

INSERT INTO MyTable (Column2, Column3) VALUES (Value2, Value3)

If you don't, SQL will start from the first column and just move on. If the first is an IDENTITY column, you can't specify it;'s value, and the INSERT will be rejected.

Why does my insert giving my this result? Is it trying to tell me something?

2 solutions

Solution 1

Solution 2

Add your solution here

Preview 0