PHP - SQL create entry

Question

So Im working on a small inventory management system based on php and sql. The create.php does not work as expected.

Here is the code:

    <?php
// Include config file
require_once "config.php";

// Define variables and initialize with empty values
$SKU = $Bezeichnung = $EK = $VK = $Beschreibung = "";
$SKU_err = $Bezeichnung_err = $EK_err = $VK_err = $Beschreibung_err = "";

// Processing form data when form is submitted
if($_SERVER["REQUEST_METHOD"] == "POST"){

    // Validate SKU
    $input_SKU = trim($_POST["SKU"]);
    if(empty($input_SKU)){
        $SKU_err = "Hier die Artikelnummer eintragen";
    } else{
        $SKU = $input_SKU;
    }

    // Validate Bezeichnung
    $input_Bezeichnung = trim($_POST["Bezeichnung"]);
    if(empty($input_Bezeichnung)){
        $Bezeichnung_err = "Bezeichnung";     
    } else{
        $Bezeichnung = $input_Bezeichnung;
    }

    // Validate EK
    $input_EK = trim($_POST["EK"]);
    if(empty($input_EK)){
        $EK_err = "EK";     
    } else{
        $EK = $input_EK;
    }

    // Validate VK
    $input_VK = trim($_POST["VK"]);
    if(empty($input_VK)){
        $EK_err = "VK";     
    } else{
        $EK = $input_VK;
    }

    // Validate Beschreibung
    $input_Beschreibung = trim($_POST["Beschreibung"]);
    if(empty($input_Beschreibung)){
        $EK_err = "Beschreibung";     
    } else{
        $EK = $input_Beschreibung;
    }

    // Check input errors before inserting in database
    if(empty($SKU_err) && empty($Bezeichnung_err) && empty($EK_err) && empty($VK_err) && empty($Beschreibung_err)){
        // Prepare an insert statement
        $sql = "INSERT INTO mytable (SKU, Bezeichnung, EK, VK, Beschreibung) VALUES (?, ?, ?, ?, ?)";

        if($stmt = mysqli_prepare($link, $sql)){
            // Bind variables to the prepared statement as parameters
            mysqli_stmt_bind_param($stmt, "sssss", $param_SKU, $param_Bezeichnung, $param_EK, $param_VK, $param_Beschreibung);

            // Set parameters

            $param_SKU = $SKU;
            $param_Bezeichnung = $Bezeichnung;
            $param_EK = $EK;
            $param_VK = $VK;
            $param_Beschreibung = $Beschreibung;

            // Attempt to execute the prepared statement
            if(mysqli_stmt_execute($stmt)){
                // Records created successfully. Redirect to landing page
                header("location: index.php");
                exit();
            } else{
                echo "Something went wrong. Please try again later.";
            }
        }

        // Close statement
        mysqli_stmt_close($stmt);
    }

    // Close connection
    mysqli_close($link);
}
?>

<!DOCTYPE html>
<html lang="de">
<head>
    <meta charset="UTF-8">
    <title>Create Record</title>
    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.css">
    <style type="text/css">
        .wrapper{
            width: 100%;
            margin: 0 auto;
        }
    </style>
</head>
<body>
    <div class="wrapper">
        <div class="container-fluid">
            <div class="row">
                <div class="col-md-12">
                    <div class="page-header">
                        <h2>Create Record</h2>
                    </div>
                    <p>Please fill this form and submit to add employee record to the database.</p>
                    <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">

                        <div class="form-group <?php echo (!empty($SKU_err)) ? 'has-error' : ''; ?>">
                            <label>Artikelnummer</label>
                            <input type="text" name="SKU" class="form-control" value="<?php echo $SKU; ?>">
                            <span class="help-block"><?php echo $SKU_err;?></span>
                        </div>
                        <div class="form-group <?php echo (!empty($Bezeichnung_err)) ? 'has-error' : ''; ?>">
                            <label>Bezeichnung</label>
                            <input type="text" name="Bezeichnung" class="form-control" value="<?php echo $Bezeichnung; ?>">
                            <span class="help-block"><?php echo $Bezeichnung_err;?></span>
                        </div>
                        <div class="form-group <?php echo (!empty($EK_err)) ? 'has-error' : ''; ?>">
                            <label>EK</label>
                            <input type="text" name="EK" class="form-control" value="<?php echo $EK; ?>">
                            <span class="help-block"><?php echo $EK_err;?></span>
                        </div>
                        <div class="form-group <?php echo (!empty($VK_err)) ? 'has-error' : ''; ?>">
                            <label>VK</label>
                            <input type="text" name="VK" class="form-control" value="<?php echo $VK; ?>">
                            <span class="help-block"><?php echo $VK_err;?></span>
                        </div>
                        <div class="form-group <?php echo (!empty($Beschreibung_err)) ? 'has-error' : ''; ?>">
                            <label>Beschreibung</label>
                            <input type="text" name="Beschreibung" class="form-control" value="<?php echo $Beschreibung; ?>">
                            <span class="help-block"><?php echo $Beschreibung_err;?></span>
                        </div>
                        <input type="submit" class="btn btn-primary" value="Submit">
                        <a href="index.php" class="btn btn-default">Cancel</a>
                    </form>
                </div>
            </div>        
        </div>
    </div>
</body>
</html>

Database connection is ok, I can read and delete entrys. Only when I want to create a entry i get an error. Because im new to php its hard for me to understand which part making trouble

your insert has 5 columns you write "sss" that 3 and add 7 Variables. that doesn't head up — nbk, May 15 '20 at 16:25
You should modify the parameter binding and set **mysqli_stmt_bind_param($stmt, "sssss", $param_SKU, $param_Bezeichnung, $param_EK, $param_VK, $param_Beschreibung);** — nacho, May 15 '20 at 16:26
Ive edited the CODE - I can create a new "product" but the EK and VK dont get written — Tom tom, May 15 '20 at 16:34

Murad Ali · Accepted Answer · 2020-05-28T17:40:32.117

I have fixed your code. Let explain it to you, the error is in this line:

mysqli_stmt_bind_param($stmt, "sss", $param_SKU, $param_Bezeichnung, $param_EK, $param_, $param_VK, $param_Beschreibung);

You are passing 6 parameters, while the query need only 5, you have to change this to

mysqli_stmt_bind_param($stmt, "sssss", $param_SKU, $param_Bezeichnung, $param_EK, $param_VK, $param_Beschreibung);

Here is the full code.

<?php
// Include config file
require_once "config.php";

// Define variables and initialize with empty values
$SKU = $Bezeichnung = $EK = $VK = $Beschreibung = "";
$SKU_err = $Bezeichnung_err = $EK_err = $VK_err = $Beschreibung_err = "";

// Processing form data when form is submitted
if($_SERVER["REQUEST_METHOD"] == "POST"){

    // Validate SKU
    $input_SKU = trim($_POST["SKU"]);
    if(empty($input_SKU)){
        $SKU_err = "Hier die Artikelnummer eintragen";
    } else{
        $SKU = $input_SKU;
    }

    // Validate Bezeichnung
    $input_Bezeichnung = trim($_POST["Bezeichnung"]);
    if(empty($input_Bezeichnung)){
        $Bezeichnung_err = "Bezeichnung";     
    } else{
        $Bezeichnung = $input_Bezeichnung;
    }

    // Validate EK
    $input_EK = trim($_POST["EK"]);
    if(empty($input_EK)){
        $EK_err = "EK";     
    } else{
        $EK = $input_EK;
    }

    // Validate VK
    $input_VK = trim($_POST["VK"]);
    if(empty($input_VK)){
        $EK_err = "VK";     
    } else{
        $EK = $input_VK;
    }

    // Validate Beschreibung
    $input_Beschreibung = trim($_POST["Beschreibung"]);
    if(empty($input_Beschreibung)){
        $EK_err = "Beschreibung";     
    } else{
        $EK = $input_Beschreibung;
    }

    // Check input errors before inserting in database
    if(empty($SKU_err) && empty($Bezeichnung_err) && empty($EK_err) && empty($VK_err) && empty($Beschreibung_err)){
        // Prepare an insert statement
        $sql = "INSERT INTO mytable (SKU, Bezeichnung, EK, VK, Beschreibung) VALUES (?, ?, ?, ?, ?)";

        if($stmt = mysqli_prepare($link, $sql)){

            // Set parameters
            $param_SKU = $SKU;
            $param_Bezeichnung = $Bezeichnung;
            $param_EK = $EK;
            $param_VK = $VK;
            $param_Beschreibung = $Beschreibung;

            // Bind variables to the prepared statement as parameters
            mysqli_stmt_bind_param($stmt, "sssss", $param_SKU, $param_Bezeichnung, $param_EK, $param_VK, $param_Beschreibung);


            // Attempt to execute the prepared statement
            if(mysqli_stmt_execute($stmt)){
                // Records created successfully. Redirect to landing page
                header("location: index.php");
                exit();
            } else{
                echo "Something went wrong. Please try again later.";
            }
        }

        // Close statement
        mysqli_stmt_close($stmt);
    }

    // Close connection
    mysqli_close($link);
}
?>

<!DOCTYPE html>
<html lang="de">
<head>
    <meta charset="UTF-8">
    <title>Create Record</title>
    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.css">
    <style type="text/css">
        .wrapper{
            width: 100%;
            margin: 0 auto;
        }
    </style>
</head>
<body>
    <div class="wrapper">
        <div class="container-fluid">
            <div class="row">
                <div class="col-md-12">
                    <div class="page-header">
                        <h2>Create Record</h2>
                    </div>
                    <p>Please fill this form and submit to add employee record to the database.</p>
                    <form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post">

                        <div class="form-group <?php echo (!empty($SKU_err)) ? 'has-error' : ''; ?>">
                            <label>Artikelnummer</label>
                            <input type="text" name="SKU" class="form-control" value="<?php echo $SKU; ?>">
                            <span class="help-block"><?php echo $SKU_err;?></span>
                        </div>
                        <div class="form-group <?php echo (!empty($Bezeichnung_err)) ? 'has-error' : ''; ?>">
                            <label>Bezeichnung</label>
                            <input type="text" name="Bezeichnung" class="form-control" value="<?php echo $Bezeichnung; ?>">
                            <span class="help-block"><?php echo $Bezeichnung_err;?></span>
                        </div>
                        <div class="form-group <?php echo (!empty($EK_err)) ? 'has-error' : ''; ?>">
                            <label>EK</label>
                            <input type="text" name="EK" class="form-control" value="<?php echo $EK; ?>">
                            <span class="help-block"><?php echo $EK_err;?></span>
                        </div>
                        <div class="form-group <?php echo (!empty($VK_err)) ? 'has-error' : ''; ?>">
                            <label>VK</label>
                            <input type="text" name="VK" class="form-control" value="<?php echo $VK; ?>">
                            <span class="help-block"><?php echo $VK_err;?></span>
                        </div>
                        <div class="form-group <?php echo (!empty($Beschreibung_err)) ? 'has-error' : ''; ?>">
                            <label>Beschreibung</label>
                            <input type="text" name="Beschreibung" class="form-control" value="<?php echo $Beschreibung; ?>">
                            <span class="help-block"><?php echo $Beschreibung_err;?></span>
                        </div>
                        <input type="submit" class="btn btn-primary" value="Submit">
                        <a href="index.php" class="btn btn-default">Cancel</a>
                    </form>
                </div>
            </div>        
        </div>
    </div>
</body>
</html>

thank you! But there is one more issue -the EK and the VK gets not written into to database — Tom tom, May 15 '20 at 16:42
It is because you have set the parameter below mysqli_stmt_bind_param(). Please check the above code I have update that. — Murad Ali, May 28 '20 at 17:37

PHP - SQL create entry

1 Answers1