Good afternoon, I dont get to see any error in my code and i have been getting Mysql Errors along the line.
My code looks like this
<?php
include 'account_numgen.php';
require_once('inc/config.php');
$con = mysqli_connect($host,$user,$pass, $db)or die ('Cannot Connect :'.mysqli_error());
$account_number = mysqli_real_escape_string($con,$_POST['account_number']);
$first_name = mysqli_real_escape_string($con,$_POST['first_name']);
$mi = mysqli_real_escape_string($con,$_POST['mi']);
$last_name = mysqli_real_escape_string($con,$_POST['last_name']);
$address = mysqli_real_escape_string($con,$_POST['address']);
$address2 = mysqli_real_escape_string($con,$_POST['address2']);
$city = mysqli_real_escape_string($con,$_POST['city']);
$tel = mysqli_real_escape_string($con,$_POST['tel']);
$email = mysqli_real_escape_string($con,$_POST['email']);
$nok_1 = mysqli_real_escape_string($con,$_POST['nok_1']);
$nok1_address = mysqli_real_escape_string($con,$_POST['nok1_address']);
$nok1_address2 = mysqli_real_escape_string($con,$_POST['nok1_address2']);
$nok1_city = mysqli_real_escape_string($con,$_POST['nok1_city']);
$nok_2 = mysqli_real_escape_string($con,$_POST['nok_2']);
$nok2_address = mysqli_real_escape_string($con,$_POST['nok2_address']);
$nok2_address2 = mysqli_real_escape_string($con,$_POST['nok2_address2']);
$nok2_city = mysqli_real_escape_string($con,$_POST['nok2_city']);
$id_type = mysqli_real_escape_string($con,$_POST['id_type']);
$id_number = mysqli_real_escape_string($con,$_POST['id_number']);
$open_bal = mysqli_real_escape_string($con,$_POST['open_bal']);
$passport_name = $_FILES['passport']['name'];
$passport_size = $_FILES['passport']['size'];
$passport_type = $_FILES['passport']['type'];
$passporttmp_name = $_FILES['passport']['tmp_name'];
$signature_name = $_FILES['signature']['name'];
$signature_size = $_FILES['signature']['size'];
$signature_type = $_FILES['signature']['type'];
$signaturetmp_name = $_FILES['signature']['tmp_name'];
$sql = "insert into bank_details(account_number,first_name,mi,last_name,address,address2,city,tel,email,nok_1,nok1_address,nok1_address2,nok1_city,nok_2,nok2_address,nok2_address2,nok2_city,id_type,id_number,open_bal,passport_name,passport_size,passport_type,passporttmp_name,signature_name,signature_size,signature_type,signaturetmp_name) values ('".$account_number."','".$first_name."','".$mi."','".$last_name."','".$address."','".$address2."','".$city."','".$tel."','".$email."','".$nok_1."','".$nok1_address."','".$nok1_address2."','".$nok1_city."','".$nok_2."','".$nok2_address."','".$nok2_address2."','".$nok2_city."','".$id_type."','".$id_number."','".$open_bal."','".$passport_name."','".$passport_size."','".$passport_type."','".$passporttmp_name."','".$signature_name."','".$signature_size."','".$signature_type."','".$signaturetmp_name."')";
mysqli_query($con,$sql) or die ('Failed Query: '.mysqli_error($con));
$passport_dir = 'passport/';
$signature_dir = 'signature/';
$filePath1 = $passport_dir . $passport_name;
$filePath2 = $signature_dir . $signature_name;
$result1 = move_uploaded_file($passporttmp_name,$filePath1);
$result2 = move_uploaded_file($signaturetmp_name,$filePath2);
echo ('
<SCRIPT LANGUAGE="JavaScript">
window.alert("Account Information
Account Number: '.$account_number.'
First Name: '.$first_name.'
Last Name: '.$last_name.'
Last Name: '.$open_bal.'")
window.location.href="index.html";
</SCRIPT>
');
?>
Now i get this Error
Failed Query: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 's_Signature.png','78716','image/png','C:\xampp\tmp\phpD784.tmp')' at line 1
Why is this so? i dont get to see any errors in My code, How ever it has stopped posting to the database on My Local host.
Edit
When i add mysqli_real_escape_string($con, $_FILES[....]) it works fine, but it doesnt send the images from the application to the localhost server what exactly can be the case?
Use mysqli_real_escape_string on all the fields, including what you get in $_FILES
Apparently there is a quote in the name... And the way you used it the path would be wrong, because it should be \\ instead of every \, otherwise \t is a tab.
$signature_name has an apostrophe ('). You need to escape it too with mysqli_real_escape_string.
I recommend to escape all parameters of a query besides use prepared statements. Check this out https://www.w3schools.com/php/php_mysql_prepared_statements.asp
Edit: As sugested by Accountant
Escape all parameters OR use prepared statements. In fact, you should always use prepared statements, they escape the parameters for you, amongst other things.
Use mysqli_real_escape_string on '$signature_name ' - it has an apostrophe in it.
$signature_name = mysqli_real_escape_string($con,$_FILES['signature']['name']);