PHP doesn't want to inserting to database

Question

What am I doing wrong with this code?

<?php

/*
 * Following code will create a new product row
 * All product details are read from HTTP Post Request
 */
 mysql_select_db("dataparkir");
 $con = mysql_connect("localhost","root","") or die("error connection");
 if($con)
 {
    echo "connection success";
 }

    // check for required fields
    $lantai = $_POST['lantai'];
    $waktu_masuk = $_POST['waktu_masuk'];
    $waktu_keluar= $_POST['waktu_keluar'];
    $id_user = $_POST['id_user'];
    $qr_code = $_POST['qr_code'];
    //echo "input data: " . $lantai." ".$waktu_masuk." ".$waktu_keluar." ".$id_user." ".$qr_code." ";

    // mysql inserting a new row
    $result = mysql_query($con,"INSERT INTO transaksi (lantai, waktu_masuk, waktu_keluar, id_user, qr_code) VALUES($lantai, $waktu_masuk, $waktu_keluar, $id_user,'$qr_code')");

    // check if row inserted or not
    if ($result) {
        echo mysql_insert_id();
    } else {
        echo '0';
    }

?>

Because yesterday, I was running this code and all fine, but this morning, I run this code and i got "connectionsuccess0" on my code, which means it isn’t do $result, why is that?

table schema :

1   id_transaksi    int(11)     
2   waktu_masuk int(11)     
3   waktu_keluar    int(11)     
4   lantai  varchar(40) 
5   tempat_parkir   varchar(40) 
6   qr_code varchar(40)     
7   id_user int(11)

Place `mysql_select_db("dataparkir");` after you connected. Plus quotes for `VALUES($lantai, $waktu_masuk,....` --- `VALUES('$lantai', '$waktu_masuk',....` and `mysql_query($con,"` `$con` goes at the end. — Funk Forty Niner, May 21 '14 at 02:10
Is this error on your local host or a remote server? Perhaps the PHP version changed to 5.5 and `mysql_*` extensions are broken? — Giacomo1968, May 21 '14 at 02:11
Add error reporting to the top of your file(s) `error_reporting(E_ALL); ini_set('display_errors', 1);` during development. — Funk Forty Niner, May 21 '14 at 02:11
Ref. http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1 (placeholders fix/prevent so many problems, and new code should *not* use the `mysql_` functions) — user2864740, May 21 '14 at 02:12
i already change it after and before i connected, but it's same. @Freed-ii — stevian12, May 21 '14 at 02:14
[Why shouldn't I use mysql_* functions in PHP?](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) — Phil, May 21 '14 at 02:19
You should probably check the return values of `mysql_query()` and use `mysql_error()` to report any errors. It's impossible to know what's wrong here without error information — Phil, May 21 '14 at 02:20
hey i already change it to mysql_error(), and it show no errors at all, it just "connection success" — stevian12, May 21 '14 at 02:22

Phil · Answer 1 · 2014-05-21T02:37:20.433

3

There's so many things wrong with this code...

Using the deprecated and unmaintained mysql extension
Calling mysql_select_db before you have a connection
SQL injection vulnerabilities
No error checking

Get with the times

// I'm going to assume you can add some verification around these POST params.
// Here's a simple check
if (!isset($POST['lantai'], $_POST['waktu_masuk'], $_POST['waktu_keluar'], $_POST['id_user'], $_POST['qr_code'])) {
    throw new Exception('Not all required POST parameters are set. ' . print_r($_POST, true));
}

$lantai = $_POST['lantai'];
$waktu_masuk = $_POST['waktu_masuk'];
$waktu_keluar= $_POST['waktu_keluar'];
$id_user = $_POST['id_user'];
$qr_code = $_POST['qr_code'];

$con = new mysqli('localhost', 'root', '', 'dataparkir');
if ($con->connect_errno) {
    throw new Exception($con->connect_error, $con->connect_errno);
}
$con->set_charset('utf8'); // change if not appropriate

if (!$stmt = $con->prepare('INSERT INTO transaksi (lantai, waktu_masuk, waktu_keluar, id_user, qr_code) VALUES (?, ?, ?, ?, ?)')) {
    throw new Exception($con->error, $con->errno);
}

$stmt->bind_param('siiis', $lantai, $waktu_masuk, $waktu_keluar, $id_user, $qr_code);

if (!$stmt->execute()) {
    throw new Exception($stmt->error, $stmt->errno);
}
echo $con->insert_id;

edited May 21 '14 at 02:37

answered May 21 '14 at 02:28

Phil

141,914
21
225
223

Finally someone picked up that OP is trying to select database before he's set a connection. – Darren May 21 '14 at 02:30
2

@Darren First comment on the question indicates it too – Phil May 21 '14 at 02:31
2

@Darren Ahem... what do you call [`this`](http://stackoverflow.com/questions/23772891/php-doesnt-want-to-inserting-to-the-database#comment36557867_23772891)? Over 20 mins. ago ;-) – Funk Forty Niner May 21 '14 at 02:31
@Phil +1 I was going to suggest a similar answer, but after seeing that OP is using code in conjunction with java, I soon scrapped the idea, fearing it would only lead to something larger. (Not actual fear), you know what I mean ;-) – Funk Forty Niner May 21 '14 at 02:32
ok i changed my code to like yours and it show : Fatal error: Uncaught exception 'Exception' with message 'Column 'lantai' cannot be null' in C:\xampp\htdocs\skripsi\create_booking.php:28 Stack trace: #0 {main} thrown in C:\xampp\htdocs\skripsi\create_booking.php on line 28 – stevian12 May 21 '14 at 02:34
@Fred-ii- Looks like OP is calling this PHP API via a Java app over HTTP. Nothing wrong with that and the two are (and should be) mutually exclusive. – Phil May 21 '14 at 02:34
@Phil Indeed, but my instinct was bang on though. Not about the java, but about the error messages OP posted here and in the other answer. Just another can of worms. – Funk Forty Niner May 21 '14 at 02:35
@stevian12 Simple, you're not passing a value for the `lantai` key. – Phil May 21 '14 at 02:35
i know to select db after i got connected, i did that at the first time, but when error is exist, i edit the code, and i post edited code in here, so im sorry. – stevian12 May 21 '14 at 02:35
1

@Fred-ii- oh my god, Please forgive my blatant stupidity, Just throw a slap all the way over here and connect with my face! – Darren May 21 '14 at 02:36
is it possible because my java file got error? : Error: org.apache.http.conn.HttpHostConnectException: Connection to http://192.168.0.108 refused – stevian12 May 21 '14 at 02:37
@stevian12 I've updated my answer with some simple parameter checking. If you're seeing actual PHP exceptions (which you appear to be), I doubt you have a connection issue. – Phil May 21 '14 at 02:37
it shows : Fatal error: Uncaught exception 'Exception' with message 'Not all required POST parameters are set' in C:\xampp\htdocs\skripsi\create_booking.php:11 Stack trace: #0 {main} thrown in C:\xampp\htdocs\skripsi\create_booking.php on line 11 – stevian12 May 21 '14 at 02:40
so is it my ip is a problem ? – stevian12 May 21 '14 at 02:40
@stevian12 Like I said before, you aren't setting appropriate values for all your request parameters. See my latest update; I've added the `$_POST` array to the exception message – Phil May 21 '14 at 02:40
so, it isnt my ip is the problem ? – stevian12 May 21 '14 at 02:43

score 0 · Answer 2 · answered May 21 '14 at 02:11

0

Are you sure you're using mysql_query instead of mysqli_query. Try changing all of mysql_query into mysqli_query because example for this one:

$result = mysql_query($con,"INSERT INTO transaksi (lantai, waktu_masuk, waktu_keluar, id_user, qr_code) VALUES($lantai, $waktu_masuk, $waktu_keluar, $id_user,'$qr_code')");

it should be

$result = mysqli_query($con,"INSERT INTO transaksi (lantai, waktu_masuk, waktu_keluar, id_user, qr_code) VALUES($lantai, $waktu_masuk, $waktu_keluar, $id_user,'$qr_code')");

mysql_query takes 1st parameter as query and 2nd parameter as connection.

mysqli_query takes 1st parameter as the connection and 2nd parameter as query.

mysql_query is deprecated so it is advisable to use mysqli_query

answered May 21 '14 at 02:11

kimbarcelona

1,106
1
7
18

i already change it to mysqli_query, and now the error show : could not enter data: Unknown column '$lantai' in 'field list' – stevian12 May 21 '14 at 02:15
yes, this is my $lantai on my java file : String lantai_string=""; lantai_string = Integer.toString(lantai); , and i parse from here : params.add(new BasicNameValuePair("lantai", lantai_string)); – stevian12 May 21 '14 at 02:17
And are you sure you've passed $lantai in the file? $lantai = $_POST['lantai']; – kimbarcelona May 21 '14 at 02:22
yes, im sure, i already write this on my java file : HttpPost httppost = new HttpPost("http://192.168.0.108/skripsi/create_booking.php"); – stevian12 May 21 '14 at 02:28
Wrap all the inserted values in single quotes. VALUES('$lantai', '$waktu_masuk', '$waktu_keluar', '$id_user','$qr_code') – kimbarcelona May 21 '14 at 02:30

PHP doesn't want to inserting to database

2 Answers2