php - cant insert data to just one of my mysql table -

-

i developing website , funny thing can insert data table except 1 of table.

php part

function newproperty(){     global $link;     if(isset($_post['sendprop']) && $_post['agree'] == 'yes'){         $name=mysqli_real_escape_string($link,$_post['name']);         $owner=mysqli_real_escape_string($link,$_post['owner']);         $tel=mysqli_real_escape_string($link,$_post['tel']);         $email=$_session['cust_user'];         $type=$_post['type'];         $loc=$_post['location'];         $address=mysqli_real_escape_string($link,$_post['address']);         $bed=$_post['bed'];         $price=$_post['price'];         $descrip=mysqli_real_escape_string($link,$_post['desc']);              $temp = explode(".", $_files["pic"]["name"]);         $thumb = round(microtime(true)) . '.' . end($temp);         move_uploaded_file($_files["pic"]["tmp_name"], 'assets/propthumb/'.$thumb);          $query="insert property                  (prop_name, prop_email, prop_owner,                   prop_tel, prop_type, prop_location,                   prop_bed, prop_price, prop_thumb,                   prop_desc, prop_address)                  values                    ('$name','$email','$owner',                    '$tel','$type','$loc',                    '$bed','$price','$thumb',                    '$descrip','$address')";         $run=mysqli_query($link,$query);         if($run){             echo"<script>alert('property has been inserted successfully');</script>";             echo"<script>window.open('list.php','_self');</script>";         }    } }

html part

<form action="submit.php" method="post" enctype="multipart/form-data"> <div class="container bgsearch shadow">     <div class="container-fluid ">         <br>         <div class="row">             <div class="col-lg-10 col-lg-offset-1">                 <img src="assets/images/hero1.png" class=" img-responsive">             </div>         </div>         <div class="row">             <div class="col-lg-8 col-lg-offset-2">                 <h3 class="wtxt text-center">submit property</h3>                 <br>                 <hr id="hr">             </div>         </div>         <div class="row">             <div class="col-lg-6 col-lg-offset-3">                 <a href="list.php" class="form-control btn btn-success btn-block">list of properties</a>                 <br>             </div>         </div>         <div class="row">             <div class="col-lg-2"></div>             <div class="col-lg-4">                 <input type="text" class="form-control btn-block" name="name" placeholder="property name">                 <input type="text" class="form-control btn-block" name="owner" placeholder="owner name">                 <input type="tel" class="form-control btn-block" name="tel" placeholder="owner telephone number">                 <select class=" btn-block form-control" name="type" required>                     <option value='...'>...</option>                 </select>                 <select class=" btn-block form-control" name="location" required>                     <option value='...'>...</option>                      .                  </select>                 <input type="text" class="form-control btn-block" name="address" placeholder="address">                 <input type="number" name="bed" class=" btn-block form-control" placeholder="bedroom" min="0">             </div>             <div class="col-lg-4">                 <input type="number" name="price" class=" btn-block form-control" placeholder="price (tl)" step="25" min="200">                 <lable class="wtxt"><h5><b>property thumbnail image</b></h5></lable>                     <input type="file" class="form-control btn-block" name="pic" accept="image/*">                 <textarea class="form-control btn-block" name="desc" rows="6" required></textarea>                 <div class="checkbox">                     <label>                         <input type="checkbox" name="agree" value="yes"> agree terms &amp; conditions                      </label>                 </div>             </div>             <div class="col-lg-2"></div>         </div>         <div class="row">             <div class="col-lg-8 col-lg-offset-2">                 <input type="submit" class="form-control btn btn-warning btn-block" name="sendprop" value="submit">             </div>         </div>         <br><br>     </div> </div> </form> <?php newproperty(); ?>

what have tried , still not work are: 1. drop table , make new 1 2. change name of table 3. change insert into... values insert into.. set... 4. ....

please me can.

handle error condition, e.g.

    if($run){         // whatever     } else {         echo "<script>alert('sql error: "             . htmlspecialchars(mysqli_error($link))            . "');</script>"     }

as figuring out why statement isn't working, debugging, emit sql text , test in different client.

you're calling mysqli_real_escape_string function on values, not on others. so, sql insert statement still vulnerable sql injection.

a better pattern use prepared statement bind placeholders. it's not hard.


Comments

Post a Comment

Popular posts from this blog

c - Bitwise operation with (signed) enum value -

-
i using enumerator values flags: typedef enum { = 0x00, b = 0x01u, // u has no influence, expected c = 0x02u, // u has no influence, expected ... } enum_name; volatile unsigned char* reg = someaddress; *reg |= b; according misra-c:2004 bitwise operations shall not done signed type. unfortunately, compiler iar use signed int (or short or char) underlying type of enums, , option can find relates size, not signedness ("--enum-is-int"). according iar c/c++ development guide arm , pages 169 , 211, can define type of enum s if enable iar language extensions ( -e command-line option, or project > options > c/c++ compiler > language > allow iar extensions in ide). in particular, should define "sentinel" value, make sure compiler chooses correct type. prefers signed types, , uses smallest possible integer type, sentinel should largest positive integer corresponding unsigned integer type can describe. example, typedef enum
Read more

xslt - Unnest parent nodes by child node -

-
in xml there items 0-n attributes , item should copied each attribute new item 1 attribute. given xml this: <?xml version="1.0" encoding="utf-8" ?> <items> <item> <name>a</name> <attributes> <attribute> <key>attribute1</key> <value>1</value> </attribute> </attributes> </item> <item> <name>b</name> </item> <item> <name>c</name> <attributes> <attribute> <key>attribute1</key> <value>5</value> </attribute> <attribute> <key>attribute2</key> <value>2</value> </attribute> <attribute> <key>attri
Read more

YouTubePlayerFragment cannot be cast to android.support.v4.app.Fragment -

-
im stuck on 3 days , have tried have come across after lots of searching ,this post last resort, im trying open youtubeplayerfragment using navigation drawer youtubeplayerfragment cannot cast android.support.v4.app.fragment problem edit question : have updated code have used youtubeplayersupportfragment instead of youtubeplayerfragment ,i error in displayview method (case 4: fragment = new youtube(); break;) in main activity saying cannot convert youtube fragment , cannot logcat since cant run it edit question 2: code updated again have runtime problem ,heres logcat 07-22 22:15:09.782: e/androidruntime(20603): fatal exception: main 07-22 22:15:09.782: e/androidruntime(20603): process: net.frankandwalters, pid: 20603 07-22 22:15:09.782: e/androidruntime(20603): java.lang.nullpointerexception: attempt invoke virtual method 'void com.google.android.youtube.player.youtubeplayerview.a()' on null object reference 07-22 22:15:09.782: e/androidruntime(20603): @ com.goog
Read more