PHP/Mysql / IIS / Windows 10

[rbvinc]

Below is my code, I am able to upload my image to folder, but records not inserting into table. No error trips. Please fix my code why it is not inserting into table. Thank you in advance.

 

++++++++++++++++++ +++++++++++++++++++++

 

<?php 

 

 

// Connects to your database 

mysql_connect("localhost", "root", "password1234") or die(mysql_error()) ; 

mysql_select_db("teluguclicks") or die(mysql_error()) ; 

 

 

//This is the directory where images will be saved 

$target = "product-images/"; 

$target = $target . basename( $_FILES['image']['name']); 

 

//This retrieves all the other information from the form 

$name=$_POST['name']; 

$code=$_POST['code']; 

$price=$_POST['price']; 

$pic=($_FILES['image']['name']); 

 

 

 

//Writes the information to the database 

mysql_query("INSERT INTO 'tblproduct' (name,code,price,image) VALUES ('$name', '$code',$price, '$pic')") ; 

 

 

//echo $name;

echo "<br>";

echo "<br>";

 

//echo $mysql_query;

 

echo "<br>";

 

//Writes the image to the server 

if(move_uploaded_file($_FILES['image']['tmp_name'], $target)) 

{ 

 

//Tells you if it is all ok 

echo "The file ". basename( $_FILES['image']['name']). " has been uploaded, and your information has been added to the directory"; 

} 

else { 

 

//Gives an error if it is not ok 

echo "Sorry, there was a problem uploading your file."; 

} 

?> 

 

[Jacques1]

Read the forum rules.

 

None of us has magical powers. If you want help with a problem, you need to provide specific information. Posting a wall of unformatted code and telling us to fix it doesn't work.

 

If there's no error message, make sure your error reporting is turned all the way up and learn how to do basic debugging with the var_dump() function. Then come back with your results.

[rbvinc]

Yes sir, I am trying to read code flow, and trying to learn. Sorry. I meant 'fix' is, requesting for help to check the code, and advise with corrections. 

From form, data is coming to insert file, but with some missing execution code, my data is not inserting into table. I spent much time in learning, seeing the code. Could not figured out, hence asked for help here. Once again Thank you.

[Jacques1]

Like I said, we're not sitting in front of your screen. We cannot tell you what's happening on your machine just by looking at the code.

 

If you want general advice: Throw the code away and start over. You have SQL syntax errors, security vulnerabilities, obsolete functions, wrong error handling and missing error checks all over the place. This code doesn't need a debugger. It needs an exorcist.

 

Given that you've been working with PHP and other languages for at least 10 years, the quality of your code is worrying. You need to fundamentally change your attitude and learn the basics of safe and correct programming.

• Never trust user input. Never. You cannot just take form parameters and insert them straight into a query string or let people upload arbitrary files. This will be abused sooner or later to attack you and your users. Maybe it has already happened.
• Keep your code up to date. PHP changes. You cannot take stuff you learned 10 years ago and assume it's still fine today. All mysql_* functions have been deprecated for a long time and don't even exist in modern PHP versions. Didn't you see the big red warning signs in the manual? Nowadays, we use PDO.
• You need to handle all possible errors. Uploads can fail. Queries can fail. You have to either manually check those cases or see if you can enable automatic exceptions (PDO supports that). How exactly this works is explained in the manual.
• Do not show internal error messages on your website. What on earth are your users supposed to do with a MySQL error? This only helps attackers and makes your website look unprofessional.