Insert into database with mysqli

Question:

Insert into database with mysqli_query problem?

Zyzagy

2010-05-23 18:35:23 UTC

I can't figure out what the problem is. It does not insert the information into the table.

require "connect_to_mysql.php";

$category = $_POST['category'];
$title = $_POST['title'];
$price = $_POST['price'];
$description = $_POST['description'];
$personname = $_POST['personname'];
$email = $_POST['email'];
$url = $_POST['url'];
$date = date('js');

$sqlCommand = "INSERT INTO information (ctgy, title, price, desc, personname, email, url)
VALUES ($category', '$title', '$price', '$desc', '$personname', '$email', '$url')";

$query = mysqli_multi_query($link, $sqlCommand) or die;

Four answers:

justanotherdick57

2010-05-23 18:37:54 UTC

Look at the line of values

VALUES ($category', '$title', '$price', '$desc', '$personname', '$email', '$url')";

Notice you have a ' after $category, but not at the start of it.

Need to add a the quote.

Philip Wayne Rollins

2010-05-23 18:55:13 UTC

You whole code is a bad idea, SQL injection risk. correct this issue and turn on error reporting so you can provide that information.

Here is my rewrite

error_reporting( E_ALL );

require "connect_to_mysql.php";

$category = mysqli_real_escape_string( $_POST['category'] );

$title = mysqli_real_escape_string( $_POST['title'] );

$price = mysqli_real_escape_string( $_POST['price'] );

$description = mysqli_real_escape_string( mysqli_real_escape_string( $_POST['description'] );

$personname = mysqli_real_escape_string( $_POST['personname'] );

$email = mysqli_real_escape_string( $_POST['email'] );

$url = mysqli_real_escape_string( $_POST['url'] );

$date = date('js');

$sqlCommand = "INSERT INTO `information` (`ctgy`, `title`, `price`, `desc`, `personname`, `email`, `url`)VALUES ('{$category}', '{$title}', '{$price}', '{$description}', '{$personname}', '{$email}', '{$url}')";

$query = mysqli_multi_query($link, $sqlCommand) or die;

Note you had a typo you used $desc rather then $description as you named it before that should be it.

heintz

2016-10-25 10:29:35 UTC

hi guy, it really is demanding to parent out the placement including your database because your Hypertext Preprocessor truth do 2 projects (a million) connect with the MYSQL Server with account ($consumer) and pwd ($password) (2) elect to the database ($database). it really is going to be more suitable suited by replacing --------------------------------------... $cxn = mysqli_connect ($host, $consumer, $password, $database) or die ( "ought to no longer connect with server" ); --------------------------------------... by 2 declarations: ------------------------------- $cnx=@mysql_connect($host, $consumer, $password); if (!$cnx) //If can't connect with MySQL Server go out('ought to no longer connect with server'); //in a position to connect to MySQL Server and commence to elect //database if (!@mysql_select_db($database)) //If some thing //incorrect with the database go out('Please verify back database'); and adjust the most suitable truth to: mysqli_query($cnx,"INSERT INTO popular (user_name, zip, month, day, email_address, password, question, answer, comments) VALUES ('$user_name', '$zip', '$month', '$day', '$email_address', '$password', '$question', '$answer', '$comments')"); because mysqli_query calls for 2 parameters: first one is the connect with the database (by $cnx). on your truth, you do not supply it.

betker

2016-10-06 08:07:09 UTC

Mysqli_query

ⓘ

This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.

about - legalese