This is the php program I created to insert data into the database.
<?php
include '../includes/config.php';
//Input Data Process
$row = mysqli_fetch_array($query);
if (isset($_POST["post"])) {
$title = $_POST["title"];
$description = $_POST["description"];
$article = $_POST["article"];
mysqli_query($conn, "INSERT INTO post VALUES('','$title','$description','$article')");
header("location:index.php?article");
}
$query = mysqli_query($conn, "SELECT * FROM post");
?>
But when I hit the post button nothing happens in the database.
This is config.php file.
<?php
//Database Connection
global $conn;
$servername = "localhost";
$username = "root";
$password = "";
$db = "my_blog";
$conn = mysqli_connect($servername, $username, $password, $db);
//Check Connection
if (!$conn) {
die("Connection Failed : ".mysqli_connect_error());
}
?>
You are missing the column names in your INSERT. For example:
INSERT INTO post (column1, column2, column3, column4) VALUES ('', '$title', '$description', '$article')
Note: Technically, you can skip the column names if you are adding values for all the columns of the table. In this case, you also need to make sure that the order of the values is in the same order as the columns in the table.
Related
This question already has answers here:
How to include a PHP variable inside a MySQL statement
(5 answers)
Closed 2 years ago.
All I want is to get the var1 from the input into my SQL table. It always creates a new ID, so this is working, but it leaves an empty field in row Email. I never worked with SQL before and couldn't find something similar here. I thought the problem could also be in the settings of the table, but couldn't find anything wrong there.
<input name="var1" id="contact-email2" class="contact-input abo-email" type="text" placeholder="Email *" required="required"/>
<form class="newsletter-form" action="newsletter.php" method="POST">
<button class="contact-submit" id="abo-button" type="submit" value="Abonnieren">Absenden
</button>
</form>
<?php
$user = "user";
$password = "password";
$host = "localhost:0000";
$dbase = "base";
$table = "table";
// Connection to DBase
$con = new mysqli($host, $user, $password, $dbase) or die("Can't connect");
$var1 = $_POST['var1'];
$sql = "INSERT INTO table (id, Email) VALUES ('?', '_POST[var1]')";
$result = mysqli_query($con, $sql) or die("Not working");
echo 'You are in!' . '<br>';
mysqli_close($con);
is the id a unique id? that's auto-incremented??
if so you should do something like this
<?php
$user = "user";
$password = "password";
$host = "localhost:0000";
$dbase = "base";
$table = "table";
$mysqli = new mysqli($host,$user,$password,$dbase);
$email = $_POST['var1'];
// you might want to make sure the string is safe this is escaping any special characters
$statment = $mysqli->prepare("INSERT INTO table (Email) VALUES (?)");
$statment->bind_param("s", $email);
if(isset($_POST['var1'])) {
$statment->execute();
}
$mysqli->close();
$statment->close();
Simple answer
There are a few things wrong here; but the simple answer is that:
$sql = "INSERT INTO table (id, Email) VALUES ('?', '_POST[var1]')";
...should be:
$sql = "INSERT INTO {$table} (id, Email) VALUES ('?', '{$var1}')";
...OR assuming id is set to auto-increment etc. etc.
$sql = "INSERT INTO {$table} (Email) VALUES ('{$var1}')";
More involved answer
You should really take the time to use prepared statements with SQL that has user inputs. At the very least you should escape the strings yourself before using them in a query.
mysqli
$user = "user";
$password = "password";
$host = "localhost:0000";
$dbase = "base";
$table = "table";
$mysqli = new mysqli($host, $user, $password, $dbase); // Make connection to DB
if($mysqli->connect_error) {
die("Error: Could not connect to database.");
}
$email = $_POST["var1"]; // User input from form
$sql = "INSERT INTO {$table} (Email) VALUES(?)"; // SQL query using ? as a place holder for our value
$query = $mysqli->prepare($sql); // Prepare the statement
$query->bind_param("s", $email); // Bind $email {s = data type string} to the ? in the SQL
$query->execute(); // Execute the query
PDO
$user = "user";
$password = "password";
$host = "localhost:0000";
$dbase = "base";
$table = "table";
try {
$pdo = new pdo( "mysql:host={$host};dbname={$dbase}", $user, $password); // Make connection to DB
}
catch(PDOexception $e){
die("Error: Could not connect to database.");
}
$email = $_POST["var1"]; // User input from form
$sql = "INSERT INTO {$table} (Email) VALUES(?)"; // SQL query using ? as a place holder for our value
$query = $pdo->prepare($sql); // Prepare the statement
$query->execute([$email]); // Execute the query binding `(array)0=>$email` to place holder in SQL
This is my etaNavServer.php file. These are the values I have to insert into database. My table name is user and database name is srilanka, and these are the values I have to insert.
<?php if(isset($_POST['continue']))
{
$eta_type = $_POST['eta_type'];
$lastname = $_POST['lastname'];
$firstname = $_POST['firstname'];
$title1=$_POST['title1'];
$sql="INSERT INTO user(applicationtype,surname,givenname,title,) VALUES
('$eta_type','$lastname','$firstname','$title1')";
$query = mysqli_query($con, $sql);
if($query){
echo "<h4 style='color:green'>Services Added Successfully.</h4>";
}
else
{
echo "Failed";
}
}
connection.php
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "srilanka";
$con = new mysqli($servername, $username, $password, $dbname);
?>
You have syntax error in
$sql="INSERT INTO user(applicationtype,surname,givenname,title,) VALUES
('$eta_type','$lastname','$firstname','$title1')";
remove extra , after title
$sql="INSERT INTO user(applicationtype,surname,givenname,title) VALUES
('$eta_type','$lastname','$firstname','$title1')";
Note: You have only closing brace } in connection, assuming this is just a typo
EDIT
$query = mysqli_query($con, $sql) or die(mysqli_error($con));
I've got error
when i fill the form and click the submit
the result was error "Data Gagal Di tambahkan"
Here the code
<?php
include 'koneksi/koneksi.php';
if ($_SERVER['REQUEST_METHOD'] == "POST"){
$nis = $_POST['nis'];
$nama = $_POST['nama'];
$kelas = $_POST['kelas'];
$nilai_ulangan_teori = $_POST['nilai_ulangan_teori'];
$nilai_ulangan_praktek = $_POST['nilai_ulangan_praktek'];
$sql = "INSERT INTO t_siswa VALUES ('$nis',
'$nama',
'$kelas',
'$nilai_ulangan_teori',
'$nilai_ulangan_praktek'
)";
$nilai ="($nilai_ulangan_teori + $nilai_ulangan_praktek)/2";
if (mysql_query($sql)){
header("location:index.php");
} else {
echo'<script type="text/javascript">alert("Data gagal ditambahkan");</script>';
}
}
here the connection
<?php
$host = "localhost";
$username = "root";
$password = "";
$db = "db_uas_pwd_2017";
mysql_connect($host, $username, $password) or die (mysql_error());
mysql_select_db($db);
$mysqli = mysql_connect($host, $username, $password, $db);
Your SQL code is wrong. You need to specify the column names in the SQL code. For example, the SQL should look something like this
INSERT INTO table_name (column1, column2, column3,...) VALUES (value1, value2, value3,...)
And, mysql_ has been depreciated and now PHP recommends either using mysqli_ or PDO. For more references, visit the links below :
https://www.w3schools.com/php/php_mysql_insert.asp
https://www.w3schools.com/php/php_mysql_connect.asp
Answer from xXAlphaManXx, 15yr old
I am connected to the database, a page has lots of content so I'll only share the part that doesnt return a value in php, but it returns a value in MySQL
Here is the code;
$query = "SELECT firstname FROM users WHERE id = '17'";
$query_run = mysql_query($query);
$row = mysql_fetch_row($query_run);
echo $row[0];
Changing the code I shared first to this, solved the problem. Thanks to anyone who tried to help.
$query = "SELECT firstname FROM users WHERE id = '17'";
$query_run = mysqli_query($conn, $query);
$row = mysqli_fetch_row($query_run);
echo $row[0];
And made bit changes to the connect.inc.php which I also shared in comment.
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "notsitesi";
$conn = new mysqli($servername, $username, $password, $dbname);
if($conn->connect_error) {
die("Connection failed");
}
?>
This program is meant to delete a record when given the id.
php:
if ($_GET['type']=="file"){
$servername = "localhost";
$username = "****";
$password = "****";
$dbname = "****";
// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (mysqli_connect_error($conn)) {
die("Connection failed: " . mysqli_connect_error($conn));
}
$sql = "SELECT id,user, FROM CreationsAndFiles WHERE id =".$_GET['id']." LIMIT 1";
$result = mysqli_query($conn,$sql);
$row = mysqli_fetch_assoc($result);
if ($row['user'] == $login_session){
$sql = "DELETE FROM CreationsAndFiles WHERE id=".$_GET['id'];
if(mysqli_query($conn, $sql)){echo "deleted";}
}
mysqli_close($conn);
//header("location: index.php?page=CreationsAndFiles");
}
the header is type=file&id=9
there is a record where id=9
It for no apparent reason will not work.
Your SQL syntax is wrong;
SELECT id,user, FROM CreationsAndFiles...
^ extra comma
should be simply
SELECT id,user FROM CreationsAndFiles...
You may want to sanitize your input though, for example simply entering type=file&id=id will most likely do bad things.