Can't insert records mysql database...no error showing while php running

MySQL database
#1

image.php

<?php
include('config.php');
if(isset($_POST['upload'])){
    $name=$_POST['name'];
    $email=$_POST['email'];
    $image_name=$_FILES['image']['name'];
    $tmp_image=$_FILES['image']['tmp_image'];
    $folder="upload_image/".$image_name;
    move_upload_file($tmp_image,$folder);
    $sql="insert into 'image' ('name','email','image_name') values('$name','$email','$folder')";
    if(mysqli_query($conn,$sql))
    {
        echo "Data Inserted";
    }
    else
    {
        echo "connection error";
    }
}
?>
<!DOCTYPE html>
<html>
    <head>
        <title> Image Upload</title>
</head>
<body>
    <form action="" method="post"enctype="multipart/form-datas">
        <label for="fname">Name:</label><br>
        <input type="text" id="name" name="name" placeholder="Enter your Name"><br>
        <br>
        <label for="email">Email"</label><br>
        <input type="text" id="email" name="email" placeholder="Enter your Email"><br><br>
        <label for="image">Image:</label><br>
        <input type="file" id="image" name="image"><br><br>
        <input type="Submit" name="upload" value="Upload Image"
</form>
</body>
</html>

config.php

<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "staff";

// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (!$conn) {
  die("Connection failed: " . mysqli_connect_error());
}
?>
#2

Turn on error reporting will help you out → 

<?php
// Turn on error reporting
error_reporting(E_ALL);
ini_set('display_errors', 1);

$servername = "localhost";
$username = "root";
$password = "";
$dbname = "staff";

// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (!$conn) {
  die("Connection failed: " . mysqli_connect_error());
}
?>
#3

sir, i added error reporting on…but no error message showing…record not inserted also… sorry for my english

#4

You have a number of mistakes in the html markup (for one, the submit button isn’t being seen as a valid button and doesn’t actually do anything.) You need to validate your resulting web pages at validator.w3.org (this may not find all the mistakes that are preventing the form from working.)

You also have some mistakes in the php code, which adding the above suggested php error_reporting/display_errors settings will help you find.

Next, to see what data is being submitted, add the following lines of code near the top of your php code -

echo '<pre>Post:'; print_r($_POST); echo '</pre>';
echo '<pre>Files:'; print_r($_FILES); echo '</pre>';
#5

@antony_suba, there are a few issues in your image.php script that could be preventing the insertion of records into your MySQL database. Let me point out the issues and corrections:

  1. In your $sql statement, you have used single quotes around the table name and column names, which is incorrect. You should use backticks (`) for table and column names in SQL, or omit them if your names are not reserved words or contain special characters.

  2. The $_FILES['image']['tmp_image'] should be $_FILES['image']['tmp_name'].

  3. The move_upload_file function is incorrectly named; it should be move_uploaded_file.

  4. In your form tag, enctype is written as multipart/form-datas when it should be multipart/form-data.

  5. You should always escape the inputs before inserting them into the database to prevent SQL injection. Use prepared statements with bound parameters instead of directly inserting variables into your SQL string.

Here is the corrected version of your image.php:

<?php
include('config.php');

if (isset($_POST['upload'])) {
    $name = mysqli_real_escape_string($conn, $_POST['name']);
    $email = mysqli_real_escape_string($conn, $_POST['email']);
    $image_name = $_FILES['image']['name'];
    $tmp_image = $_FILES['image']['tmp_name'];
    $folder = "upload_image/" . $image_name;

    if (move_uploaded_file($tmp_image, $folder)) {
        // Prepared statement to insert data into the database
        $stmt = $conn->prepare("INSERT INTO `image` (`name`, `email`, `image_name`) VALUES (?, ?, ?)");
        $stmt->bind_param("sss", $name, $email, $folder);

        if ($stmt->execute()) {
            echo "Data Inserted";
        } else {
            echo "Error inserting data: " . $stmt->error;
        }

        $stmt->close();
    } else {
        echo "Failed to upload file.";
    }
}

?>
<!DOCTYPE html>
<html>
<head>
    <title>Image Upload</title>
</head>
<body>
    <form action="" method="post" enctype="multipart/form-data">
        <label for="name">Name:</label><br>
        <input type="text" id="name" name="name" placeholder="Enter your Name"><br><br>
        <label for="email">Email:</label><br>
        <input type="text" id="email" name="email" placeholder="Enter your Email"><br><br>
        <label for="image">Image:</label><br>
        <input type="file" id="image" name="image"><br><br>
        <input type="submit" name="upload" value="Upload Image">
    </form>
</body>
</html>

Note that mysqli_real_escape_string is a minimal protective measure, and prepared statements are much more secure against SQL injection. Always use prepared statements when inserting user input into a database.

Lastly, ensure that the directory upload_image exists on your server and has the correct write permissions to store the uploaded files.

Good luck, please.

#6

Um, no. The main point of using a prepared query is it separates the parsing of the sql query syntax from the data values, so that any sql special characters in a value cannot break the sql query syntax. This prevent sql injection for all data types, not just strings. You do not also escape the data values, when using a prepared query.

Sponsor our Newsletter | Privacy Policy | Terms of Service