Dati che non entrano nel database MySql

Question

Ho letto alcune domande relative al mio problema ma non riesco ancora a capirlo. Così ho deciso di chiedere ora.

Mi piacerebbe sapere se c'è qualcosa di sbagliato nel mio codice. Fondamentalmente, i dati nelle caselle di input dovrebbero entrare nel database (MYSQL) ma ogni volta che clicco sul pulsante di invio, non succede nulla.

Codice: insert_product.php < - pagina principale

<!DOCTYPE html> 
<?php 
include("includes/db.php"); 
?> 
<html> 
    <head> 

    </head> 
<script src="//cdn.tinymce.com/4/tinymce.min.js"></script> 
<script>tinymce.init({ selector:'textarea' });</script> 

<body bgcolor="#aad6bb"> 
    <form action="insert_product.php" method="post" enctype="multipart/form-data"> 
     <table align="center" width="600" border='1' bgcolor='#d6aac5'> 

      <tr align="center"> 
       <td colspan='8'><h2>Inser New Post Here</h2></td> 
      </tr> 

      <tr > 
       <td align="right"> <b>Product Name:<b></td> 
       <td><input type='text'name="product_name" size='50'/></td> 
      </tr> 

      <tr> 
       <td align="right"><b> Product Description</b></td> 
       <td><textarea name="product_desc" cols='20' rows='10'></textarea></td> 
      </tr> 

      <tr> 
       <td align="right"> <b>Product Price:</b></td> 
       <td><input type='text'name="product_price"/></td> 
      </tr> 

      <tr> 
       <td align="right"><b> Product Quantity:</b></td> 
       <td><input type='text'name="product_quantity"/></td> 
      </tr> 

      <tr> 
       <td align="right"> <b>Product Category:</b></td> 
       <td><select name="product_cat"> 
         <option>Select Category</option> 
         <?php 
          $get_cats = "Select * from categories"; 
          $run_cat = mysqli_query($con, $get_cats); 
          while ($row_cats=mysqli_fetch_array($run_cat)){ 
          $cat_id = $row_cats['cat_id']; 
          $cat_title = $row_cats['cat_title']; 
          echo"<option value='$cat_id'>$cat_title</option>"; 
          } 
         ?> 
       </select> 
       </td> 
      </tr> 


      <tr> 
       <td align="right"> <b>Product Image:</b></td> 
       <td><input type='file' name="product_img"/></td> 
      </tr> 

      <tr> 
       <td align="right"> <b>Product Keywords:</b></td> 
       <td><input type='text' size="40" name="product_kw"/></td> 
      </tr> 
      <tr align='center'> 
       <td colspan='8'><input type='submit'name="insert_post" value="Insert Product"/></td> 
      </tr> 

     </table> 


    </form> 
</body> 
</html> 
<?php 
    if(isset($_POST['insert_post'])){ 
//GETTING DATA FROM THE FIELD 
     $product_name= $_POST['product_name']; 
     $product_desc= $_POST['product_desc']; 
     $product_price= $_POST['product_price']; 
     $product_quantity= $_POST['product_quantity']; 
     $product_cat= $_POST['product_cat']; 
     $product_kw= $_POST['product_kw']; 
//GETTING IMAGE FROM THE FIELD 
     $product_img = $_FILES['product_img']['name']; 
     $product_img_tmp = $_FILES['product_img']['tmp_name']; 

     move_uploaded_file($product_img_tmp, "product_images/$product_img"); 

     $insert_product = "insert into item (product_name,product_desc,product_price,product_quantity,product_cat,product_img,keywords) 
     values ('ItemName','ItemDesc',ItemPrice,ItemQty,'ItemCat','ItemImg','keywords')" OR die(mysql_error()); 


     $insert_prod = mysqli_query($con, $insert_product); 
     if($insert_prod){ 

      echo "<script>alert('SUCCESS')</script>"; 
      echo "<script>window.open('insert_product.php','self')</script>"; 
     }//END OF IF(INSERT_PROD) 
} 
?> 

db.php < - Per il collegamento

<?php 
$con = mysqli_connect("localhost","root","","ecommerce"); 
?> 

tabella dal database (nome è ecommerce) è item Nella mia tabella item: ItemID primaria e AI ItemName ItemDesc ItemPrice ItemQty ItemCat ItemImg keywords

NOTA: Sono consapevole che il mio codice è vulnerabile per attacchi di SQL Injection. Ma sono ancora un principiante e mi concentro sulla connessione con materiale HTML e PHP :)

Answer 1

Semplicemente non inserire le variabili.

Mentre hai dichiarato che stai solo esercitando, ignorerò la vulnerabilità di SQL-injection.

$insert_product = "insert into item (product_name,product_desc,product_price,product_quantity,product_cat,product_img,keywords) 
     values ('$product_name', '$product_desc', $product_price, $product_quantity, '$product_cat', '$product_img', '$product_kw')" OR die(mysql_error()); 

Answer 2

si può fare in questo modo

JavaScript:

function callPHP() { 
    var httpc = new XMLHttpRequest(); // simplified for clarity 
    var url = "insert.php"; 
    httpc.open("POST", url, true); // sending as POST 

    httpc.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); 
    MUST have a Content-Length header (as per HTTP/1.1) 

    httpc.onreadystatechange = function() { //Call a function when the state changes. 
    if(httpc.readyState == 4 && httpc.status == 200) { // complete and no errors 
     alert(httpc.responseText); 

     // some processing here, or whatever you want to do with the response 
     } 
    } 

    var z = document.getElementById('Textbox1').value ; 
    httpc.send('data=' + z); 
} 

insert.php

<?php 

$servername = "localhost"; 
$username = "username"; 
$password = "password"; 

$temp = $_POST['data']; 





try { 
$dbh = new PDO("mysql:host=$hostname;dbname=test",$username,$password); 

$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); // <== add this line 
$sql = "INSERT INTO item (product_name) 
VALUES ('".$temp."')"; 
if ($dbh->query($sql)) { 
echo "success"; 
} 
else{ 
echo "fail"; 
} 

$dbh = null; 
} 
catch(PDOException $e) 
{ 
echo $e->getMessage(); 
} 
?>