0

I have problem getting the correct code for inserting the data into database. And I don't know how to upload image onto the database as well. Below is my code for FashionAddResult.php, 

$userid=$_SESSION['userid'];
//check for blanks
if(!empty($_POST['fashionname'])) {
    $fashionname = $_POST['fashionname'];
} else {
    $fashionname = null;
    echo '<p><font color="red">Please enter the Fashion Name!</font></p>';
}
if(!empty($_POST['description'])) {
    $description = $_POST['description'];
} else {
    $description = null;
    echo '<p><font color="red">Please enter the Fashion Description!</font></p>';
}
if(!empty($_POST['imagefile'])) {
    $imagefile = $_POST['imagefile'];
} else {
    $imagefile = null;
    echo '<p><font color="red">Please enter the Fashion Image!</font></p>';
}
if($fashionname != null && $description != null && $imagefile != null){
    //TODO 1: Connect to forumdb database
    $stmt = new mysqli("localhost", "root", null, "fashiondb");


    //TODO 2: Prepare the statement to update subject and message in forummessage  
    $stmt = $mysqli->prepare("insert into fashion(fashionname,description,imagefile) values (?,?,?)");

    if (!$stmt = $mysqli->prepare($sql))
    {
    die('Query failed: (' . $mysqli->errno . ') ' . $mysqli->error);
    }

    //TODO 3: Bind the values   
    $stmt->bind_param('sss', $fashionname, $description, $imagefile);
    if (!$stmt->bind_param('sss', $fashionname, $description, $imagefile))
    {
    die('Binding parameters failed: (' . $stmt->errno . ') ' . $stmt->error);
    }
    //TODO 4: Execute the statement
    $result = $stmt->execute();
    if (!$stmt->execute())
    {
    die('Execute failed: (' . $stmt->errno . ') ' . $stmt->error);
    }
    //TODO 5: If execute is successful, display update successful message
    //else display error message
    if($result == true && $stmt->affected_rows>0){
        echo '<p>Your fashion name has been added!</p>';
    }
    else{
        echo '<p>Fashion information is not adeed!</p>';
        //echo "result=$result<br/>row=$stmt->row_affected<br/>";
    }
    //TODO 6: close the statement
    $stmt->close();

    //TODO 7: close $mysqli
    $mysqli->close();
}
?>

The FashionAdd.php code is below,

<form enctype="multipart/form-data" action="FashionAddResult.php" method="post">
<p>Fashion Name: <input type="text" name="fashionname"></p>
<p>Fashion Description:<br/></p>
<textarea name="description" rows="10" cols="75">
</textarea><br>
Please choose a file: <input name="imagefile" type="file" /><br/>
<br/>
<input type="submit" value="Upload Fashion!" />
</form>

It displays that the image is not uploaded when I have already an image into the the form. Please help me with the error and how to upload the image into the database :) !! thanks!

Noob
  • 5
  • 1
  • 6
  • Help us to help you add error handling to your queries so we can see where the issue is at form the current MySQL error, [see this link for the MySQLi commands used for that.](http://stackoverflow.com/questions/18971570/simple-php-sql-login-troubleshooting/18971788#18971788) In addition your code is missing a `)` before values on the line `insert into fashion(fashionname,description,imagefile values (?,?,?)where userid=?`. Also at `$stmt->bind_param('sss', $fashionname, $description, $imagefile,$userid);` you have 3 `s` while u need 4 letters as u have 4 variables. – Prix Feb 12 '14 at 16:55
  • @Prix After I have changed the code, however, there is no error appear in the web page itself. But its appeared as: Add Fashion Please enter the Fashion Name! Please enter the Fashion Description! Please enter the Fashion Image! – Noob Feb 12 '14 at 17:11
  • Because you have 2 FORMS on your HTML with different fields, replace the first line with `
    ` and remove the later as well as the middle `
    ` otherwise it will only send the file     – Prix Feb 12 '14 at 17:16
  • @Prix OMG OMG OMG !!!! NOW THAT'S WORK!!!! THANK YOU :) but how can I upload the image file ? And Is the insert statement correct? Because I'm not sure what I am doing ... T__T – Noob Feb 12 '14 at 17:23
  • read my first comment and check everything for errors and post where you're not doing it right with the proper error message – Prix Feb 12 '14 at 17:25
  • @prix I tried my best to understand. This is what you need me to do ? //TODO 2: Prepare the statement to update subject and message in forummessage $stmt = $mysqli->prepare("insert into fashion(fashionname,description,imagefile) values (?,?,?)where userid=?"); if (!$result = $con->prepare($sql)) { die('Query failed: (' . $con->errno . ') ' . $con->error); } – Noob Feb 12 '14 at 17:48
  • [Here is a sample on how it would look like on your code starting from the `TODO 2` part.](http://pastebin.com/FNrdP9xR) Also there was NO reason to use `WHERE` on your `INSERT` SQL query and you would get an error from it, if u do. – Prix Feb 12 '14 at 18:20
  • I did that already. There is not error but when I upload an image, The message said I didnt upload @_@" @prix – Noob Feb 12 '14 at 19:11
  • Update your question with the current code you're using and with the new message it goes to. – Prix Feb 12 '14 at 19:14
  • You forgot to post the error you're currently getting...with out the message I wont know where it stops at or why. – Prix Feb 12 '14 at 21:37
  • [**Also u need to use `$_FILES['imagefile']['tmp_name']`**](http://www.php.net/manual/en/features.file-upload.php) – Prix Feb 12 '14 at 21:45

2 Answers2

0

You have an SQL error.

This:

insert into fashion(fashionname,description,imagefile values (?,?,?)where userid=?

Should be:

insert into fashion (fashionname, description, imagefile, userid) values (?,?,?,?)

You also should be binding 4 parameters, not just 3.

This:

$stmt->bind_param('sss', $fashionname, $description, $imagefile,$userid);

Should be:

$stmt->bind_param('sssi', $fashionname, $description, $imagefile, $userid);

To see this you should really do something like:

try
{

  //TODO 2: Prepare the statement to update subject and message in forummessage  
  if (!$stmt = $mysqli->prepare("insert into fashion (fashionname,description,imagefile,userid) values (?,?,?,?)"))
  {
    throw new Exception($mysqli->error);
  }

  //TODO 3: Bind the values   
  if (!$stmt->bind_param('sssi', $fashionname, $description, $imagefile,$userid))
  {
    throw new Exception($stmt->error);
  }

  //TODO 4: Execute the statement
  if (!$result = $stmt->execute())
  {
    throw new Exception($stmt->error);
  }

}

catch (Exception $e)
{
  echo $e->getMessage();
}
Michael
  • 11,912
  • 6
  • 49
  • 64
  • Is the insert code correctly used? I'm very new with database :( – Noob Feb 12 '14 at 17:15
  • As I said, there was an error. `imagefile values (?,?,?)` should be `imagefile) values (?,?,?)` – Michael Feb 12 '14 at 17:17
  • I mean, how about the userid=?, is it suppose to be there ? my database for the fashion has 5 columns which consists of 1) fashionid, 2)fashionname, 3) description, 4) imagefile, 5)userid. Do I need to add fashionid into the insert statement? The primary key is the fashionid. thanks – Noob Feb 12 '14 at 17:52
  • Ah, sorry, no `WHERE userid = ?` shouldn't be there. It should be as my edit shows. You won't need to state the `fashionid` if it's an `auto increment`. – Michael Feb 12 '14 at 18:50
0

Your TODO 2 is missing a ")"

$stmt = $mysqli->prepare("insert into fashion(fashionname,description,imagefile values (?,?,?)where userid=?");

It should be - notice the closing ) after imagefile:

$stmt = $mysqli->prepare("insert into fashion(fashionname,description,imagefile) values (?,?,?)where userid=?");
rrtx2000
  • 626
  • 4
  • 13