The database does not save the data when sending them

ShiroAky · August 16, 2021, 2:53am

My account is: epiz_29329685 and my page is: https://shiro-galery.epizy.com/api/admin

for some reason when I try to save the form data in the database it just doesn’t insert it probe in various ways and to make sure everything worked fine I did several tests locally with phpmyadmin and everything worked correctly.

My code is the following:

<?php 

$db_host = 'localhost';
$db_user = 'root';
$db_password = '';
$db_name = 'rules';    
$con = new mysqli($db_host, $db_user, $db_password, $db_name) or die('Connection failed'.mysqli_connect_error());

// if ($con) {
//     echo 'Ready';
// } else {
//     echo 'Failed';
// }

$name = (isset($_POST['name']))?$_POST['name']:"";
$description = (isset($_POST['description']))?$_POST['description']:"";
$date = (isset($_POST['date']))?$_POST['date']:"";
$image = (isset($_FILES['image']['name']))?$_FILES['image']['name']:"";

$action = (isset($_POST['action']))?$_POST['action']:"";

switch ($action) {

    case 'save':

        $sql = "INSERT INTO `sistema` (nombre, descripcion, portada, date) VALUES ('$name', '$description', '$image', '$date');";
        $query = mysqli_query($con, $sql);

        break;

    case 'update':
        
        $sql_update = "UPDATE `sistema` SET `nombre` = '$nombre', `descripcion` = '$descripcion', `date`='$date' WHERE `sistema`.`id` = $id;";
        $update = mysqli_query($con, $sql_update);

        break;

    case 'delete':
        
        $sql_delete = "DELETE FROM `sistema` WHERE `id` = $id;";
        $delete = mysqli_query($con, $sql_delete);
    
        break;

} ?>

Where clearly the values of $ db_host, $ db_user, $ db_password, $ db_name are replaced by the data from the hosting database.

Greenreader9 · August 16, 2021, 12:38pm

You are using the credentials under the “Database” tab in the client area right? They are different from your account information.

Admin · August 16, 2021, 4:31pm

A few things to note:

Can you please check/dump/debug the value of $query? It will return true or false depending on whether the query was successful or not.
If mysqli_query returns false, you can use the function mysqli_error to retrieve the error associated with the last query.
You’re dumping input values into the query text with no content checks whatsoever. This means your website is wide open to SQL Injection Attacks. You should always validate or sanitize your input, or make use of parameterized queries to prevent people from running their own queries in your database.

system · August 23, 2021, 4:31pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.