Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
hello everyone, i am using php i try to insert the record but record does not insert please anyone tell me what is issue? this is the code
public function create() {
$sql = "INSERT INTO bicycles (";
$sql .= "brand, model, year, category, color, gender, price, weight_kg, condition_id, description";
$sql .= ") VALUES (";
$sql .= "'" . $this->brand . "', ";
$sql .= "'" . $this->model . "', ";
$sql .= "'" . $this->year . "', ";
$sql .= "'" . $this->category . "', ";
$sql .= "'" . $this->color . "', ";
$sql .= "'" . $this->gender . "', ";
$sql .= "'" . $this->price . "', ";
$sql .= "'" . $this->weight_kg . "', ";
$sql .= "'" . $this->condition_id . "', ";
$sql .= "'" . $this->description . "'";
$sql .= ")";
$result = self::$database->query($sql);
if($result) {
$this->id = self::$database->insert_id;
}
return $result;
}
this is my new.php file
<?php
require_once('../../../private/initialize.php');
if(is_post_request()) {
// Create record using post parameters
$args = [];
$args['brand'] = $_POST['brand'] ?? NULL;
$args['model'] = $_POST['model'] ?? NULL;
$args['year'] = $_POST['year'] ?? NULL;
$args['category'] = $_POST['category'] ?? NULL;
$args['color'] = $_POST['color'] ?? NULL;
$args['gender'] = $_POST['gender'] ?? NULL;
$args['price'] = $_POST['price'] ?? NULL;
$args['weight_kg'] = $_POST['weight_kg'] ?? NULL;
$args['condition_id'] = $_POST['condition_id'] ?? NULL;
$args['description'] = $_POST['description'] ?? NULL;
// automatically send a construct method
$bicycle = new Bicycle($args);
$result= $bicycle->create();
if($result === true) {
$new_id = $bicycle->id;
$_SESSION['message'] = 'The bicycle was created successfully.';
redirect_to(url_for('/staff/bicycles/show.php?id=' . $new_id));
} else {
// show errors
}
} else {
// display the form
$bicycle = [];
}
?>
<?php $page_title = 'Create Bicycle'; ?>
<?php include(SHARED_PATH . '/staff_header.php'); ?>
<div id="content">
<a class="back-link" href="<?php echo url_for('/staff/bicycles/index.php'); ?>">« Back to List</a>
<div class="bicycle new">
<h1>Create Bicycle</h1>
<?php // echo display_errors($errors); ?>
<form action="<?php echo url_for('/staff/bicycles/new.php'); ?>" method="post">
<?php include('form_fields.php'); ?>
<div id="operations">
<input type="submit" value="Create Bicycle" />
</div>
</form>
</div>
</div>
<?php include(SHARED_PATH . '/staff_footer.php'); ?>
Try query builder, just example:
$postdata = array(
'dogpic' => $dogpic,
'dogname' => $dogname,
'sex' => $sex,
'comments' => $comments,
'adopted' => $adopted,
'lastedit' => $lastedit
);
DB::table('dc_dogs')->insert($postdata);
But validate data.
Have you check you log for an error?
Have you test your db connection?
if ($database->connect_error) die("Connection failed: " . $databse->connect_error);
It is hard to help you when we don't know where your code stops. Use echo to debug how far your code execution goes
And maybe set the tag to something other than laravel, as this clearly isn't laravel
i see the problem, your code is from 2003
Have you ever heard the story of little "Jimmy;DROP TABLES;". aka sql injection?
@Snapey what do you mean i never read story of little jimmy
@Sinnbeck ok what is the link between little jimmy and my code ??
@asadali007 You trust the input that is sent in.
$args['brand'] = $_POST['brand'] ?? NULL;
//goes to
$sql .= "'" . $this->brand . "', ";
and if I send in something, like this I can escape your query and delete stuff in your database
brand: '\'); DROP table users;
@asadali007 your database is vulnerable because are taking no measures against SQL injection
What is this code; I haven't seen anything like this in the wild for more than a decade?!?!
Please or to participate in this conversation.