I'm trying to insert some values into a database, however, it's always unsuccessful and I'm not sure what the problem is. Could I get some assistance please
$query1 = "INSERT INTO `incidenceoffire`(`locationOfFire`, `dateFireOccurred`, `timeFireOccurred`, `classOfFire`, `originOfFire`, `noOfWounded`,
`noOfFatalities`,`occupancy`,`noOfFirePersonnelOnScene`,`noOfFireTrucks`,`backupUsed`)
VALUES('$locationoffire', '$datefireoccurred', '$timefireoccurred', '$classoffire', '$originoffire', '$occupancy', '$noofwounded', '$nooffatalities',
'$noofpersonnel', '$nooftrucks', '$backuptrucks')";
$incidenceoffire_id = mysql_insert_id();
$query2 = "INSERT INTO `backuptrucks` (`unitName`) VALUES ('$unitname')";
$query2 .=" WHERE `IncidenceOfFire_incidentID` = '".$incidenceoffire_id."'";
$result = false;
if(mysql_query('BEGIN')){
if(mysql_query($query1) && mysql_query($query2))
{
$result = mysql_query('COMMIT');
echo '<script type="text/javascript">
alert("Insert Successful!");
</script>';
}
else
{
mysql_query('ROLLBACK');
echo '<script type="text/javascript">
alert("Insert Unsuccessful!");
</script>';
}
}
For the purpose of clarity, here's what you need. I'm not going to optimize it or anything but it's a baseline for where you should start.
$mysqli = new mysqli('host', 'name', 'user', 'database');
$query1 = $mysqli->prepare('INSERT INTO
`incidenceoffire`(
`locationOfFire`,
`dateFireOccurred`,
`timeFireOccurred`,
`classOfFire`,
`originOfFire`,
`noOfWounded`,
`noOfFatalities`,
`occupancy`,
`noOfFirePersonnelOnScene`,
`noOfFireTrucks`,
`backupUsed`
)
VALUES(?,?,?,?,?,?,?,?,?,?,?));
In the above we're using mysqli's prepare. This function will allow us to safely escape the data that is being passed into the query. This is for security purposes. the ? represents the value that we're inserting associated with the field's we've identified above.
$query1->bind_param('sssssssssss',
$locationoffire,
$datefireoccurred,
$timefireoccurred,
$classoffire,
$originoffire,
$occupancy,
$noofwounded,
$nooffatalities,
$noofpersonnel,
$nooftrucks,
$backuptrucks);
Here, we've used bind_param to bind the variable to the ?'s that we've used in the prepared statement. This allows us to safely escape the data. the s in the first argument stands for string as the data we expect to receive from that variable should be a string. You can also use i for integer - when expecting only numbers, and d for double, if you expect to have .'s and ,'s. Lastly, you can use b if you expect a blob to be transferred over time to the statement.
Now, because you have two statements, repeat the above and use $query2, then you can perform your conditional. We will use execute() to execute the prepared statement we built earlier.
if($query1->execute() && $query2->execute()):
$result[] = $query1->commit();
$result[] = $query2->commit();
echo '<script type="text/javascript">alert("Insert Successful!");</script>';
else:
$result[] = $query1->rollback();
$result[] = $query2->rollback();
echo '<script type="text/javascript">alert("Insert Unsuccessful!");</script>';
endif;
This should all function for you from the get go, but please read and understand what's being relayed. Always use documentation and examples provided at http://php.net, and please follow best practices for security less you create a site that becomes hacked and I end up repairing it one day