My connection to database works properly, but when I Send some information it does not update.
$name = mysql_escape_string($_POST['name']);
$mail = mysql_escape_string($_POST['mail1']);
$pass = mysql_escape_string($_POST['pass1']);
mysql_query("INSERT INTO `usrs` (`id`, `username`, `email`, `password`) VALUES (`NULL`, `$name`, `$mail`, `$pass`)");
I use to check data tables by:
MariaDB [BattleShip]> SELECT * FROM usrs;
output from this:
EMPTY set (0.00sec)
If your id is auto increment, don't include this column in query
...and replace value quote by '
mysql_query("INSERT INTO `usrs` (`username`, `email`, `password`) VALUES ('$name', '$mail', '$pass')");
Related
PHP form sending data but SQL shows zeros in all columns.
I checked my code is correct and it prints the result but when I am sending this data to database all the column shows 0 in result. Date of birth is just showing year not complete date.
This is the result of the SQL:
This is my PHP code:
<?php
include('../dbcon.php'); //database included
if (isset($_POST['signup'])) {
$uname = $_POST['uname'];
$email = $_POST['email'];
$fname = $_POST['firstname'];
$lastName = $_POST['lastname'];
$dob = $_POST['dob'];
$gender = $_POST['gender'];
$password = $_POST['password'];
$qry = "INSERT INTO `registration`(`uname`, `email`, `fname`, `lname`, `dob`, `gender`, `password`) VALUES ('$uname','$email','$fname','$lastName','$dob','$gender','$password')" ; //query taken from the select section of sql form registration.
$run = mysqli_query($dbcon, $qry); //run variable for running the query. $dbcon is database variable
if ($run == true) {
echo "data inserted";
}
else
{
echo "error occurred in registration";
}
}
?>
As others pointed out, you are not escaping your code, so when anyone uses a name or password with a single quote, that person has full control of your database. So don't use PHP-variables in SQL-commands and don't use mysqli. Use PDO and prepared statements. They automatically escape everything and even check for the correct datatype (at least a bit).
TO answer your question, what is the structure of the table (which columns are varchar, int, date,... any unique constrains,...) and can you post one example dataset, which you can't insert with your code?
try
$qry = "INSERT INTO `registration`(`uname`, `email`, `fname`, `lname`, `dob`, `gender`, `password`) VALUES (".$uname.",".$email.",".$fname.",".$lastName.",".$dob.",".$gender.",".$password.")" ;
if no work check before send query
$qry = "INSERT INTO `registration`(`uname`, `email`, `fname`, `lname`, `dob`, `gender`, `password`) VALUES (".$uname.",".$email.",".$fname.",".$lastName.",".$dob.",".$gender.",".$password.")" ;
dd($qry);
$name = mysqli_real_escape_string($connection, $_POST["name"]);
$surname = mysqli_real_escape_string($connection, $_POST["surname"]);
$username = mysqli_real_escape_string($connection, $_POST["username"]);
$email = mysqli_real_escape_string($connection, $_POST["email"]);
$pw1 = mysqli_real_escape_string($connection, $_POST["pw1"]);
$query = "INSERT INTO 'users' ('id','name', 'surname', 'username', 'email', 'password') VALUES (NULL,'$name', '$surname', '$username', '$email', '$pw1')";
$result = mysqli_query($connection, $query);
if(!$result){
echo ("fail");
}
I test if the query has worked using if(!$result){ echo ("fail");} and it echoes fail every time and no data is inserted into the database every time! I have checked the syntax and i believe it is correct... could this be because of the database "collation"?
You should not use the single quote at the table or field name. You have to use a Backtick (like ``) which is located in under Esc key or left side of 1 Key or upper side of Tab key. It should looks like:
$query = "INSERT INTO `users` (`id`, `name`, `surname`, `username`, `email`,
`password`) VALUES ('null', '$name', '$surname', '$username', '$email', '$pw1')";
or
$query = "INSERT INTO users (id, name, surname, username, email,
password) VALUES ('null', '$name', '$surname', '$username', '$email', '$pw1')";
Note: If your id field is already set auto increment then you can remove id and value null. Because id value will automatically increment.
Hope it will helpful.
Using Variable in MySQL
I have tried many possibilities and consulted a number of sources but still not have been
able to insert a string into a MySQL command in php.
Code below works well
$SQL = 'INSERT INTO tb_addressbook (`ID`, `First_Name`, `Last_Name`, `Address`) VALUES (\'24\', \'JJ\', \'Gates\', \'Microsoft\');';
Code below does not work
$SQL = 'INSERT INTO tb_addressbook (`ID`, `First_Name`, `Last_Name`, `Address`) VALUES (\'27\', \''.'"$first"'.'\''.', \'Gates\', \'Microsoft\');';
Can you help?
P.S. Is there a special way to insert a string for numbers?
Hugh
hugh#hahaggerty.com
Try like this :
$SQL = "INSERT INTO tb_addressbook (ID, First_Name, Last_Name, Address) VALUES ('27', '".$first."', 'Gates', 'Microsoft')";
I'm trying to add $_SESSION['user_id'] into a database and, when I echo it in this function, it works fine. However, when I try to push it into my MySQL database, it adds the value 0. Really confused as to why. Thanks for any help!
function fill_team() {
$i = 1;
while ($i < 24) {
$first_name = first_name();
$last_name = second_name();
echo "<br>";
$add_names = mysql_query("INSERT INTO `players` (`first_name`, `last_name`, `user_id`) VALUES ('$first_name', '$last_name', '.$_SESSION['user_id']'.)");
$i++;
}
}
Replace echo $row2['first_name']; with return $row2['first_name'];.
If you want to get some value from the function, you should use return operator to pass the value back. It has nothing to do with printing the value with print or echo.
There's some messy mixed quoting inside the SQL statement:
mysql_query("INSERT INTO `players` (`first_name`, `last_name`, `user_id`)
VALUES ('$first_name', '$last_name', '.$_SESSION['user_id']'.)");
Off the top of my head, I have no idea what SQL this will produce, but this should be written as:
mysql_query("INSERT INTO `players` (`first_name`, `last_name`, `user_id`)
VALUES ('$first_name', '$last_name', '$_SESSION[user_id]')");
or
mysql_query("INSERT INTO `players` (`first_name`, `last_name`, `user_id`)
VALUES ('$first_name', '$last_name', '".$_SESSION['user_id']."')");
i have a db query in php that is not inserting into database. Have used this format lots of times but for some reason its not working now. any ideas please
$query = "INSERT INTO `databasename`.`member_users` (`id`, `first_name`, `last_name`, `username`, `password`, `address1`, `address2`, `postcode`, `access`, `expires`) VALUES (NULL, '$fname', '$lname', '$email', '', '$add1', '$add2', '$postcode', '0', '')";
$result = mysql_query($query);
if($result){
echo"query inserted";
}else{
echo "nope";
}
Instead of echo "nope"; I suggest something like :
echo 'error while inserting : ['.mysql_errno().'] '.mysql_error();
echo 'query : '.$query;
This way you will be able to see the exact error and the query that was executed.
It can be a lot of things :
Constraint error with a foreign key
Data type error
Non-existent field
Wrong database or table name
Instead of...
$query = "INSERT INTO `databasename`.`member_users` ..."
do
$query = "INSERT INTO member_users ..."
Hope it works. :)
If databasename and member_users are variables then,
Instead of
$query = "INSERT INTO databasename.member_users...
do
$query = "INSERT INTO $databasename.$member_users...