FraanXT Posted May 21, 2014 Share Posted May 21, 2014 Hey guys, this is my first post here(not going to be the last one, Im sure), im trying to insert in mysql from session array, i don't know where is my error, I leave the code below, if someone can help me please . $conn = mysql_connect("localhost","root","Password"); $err_db = mysql_select_db('bd_amics'); $sql = ('INSERT INTO `'.$_SESSION["use"][0].'` (ID,Amic) VALUES (`'.$_SESSION["person"][0].'`, `"1"`)'); mysql_query("SET NAMES utf8"); mysql_query($sql, $conn); mysql_close(); Im trying to insert in table $_SESSION["use"][0] the values $_SESSION["person"][0] and 1. Thank you guys. Quote Link to comment Share on other sites More sharing options...
jazzman1 Posted May 22, 2014 Share Posted May 22, 2014 (edited) As for mysql error(s) - http://dev.mysql.com/doc/refman/5.0/en/user-resources.html I strongly recommend you to read up the warning inside the pink box. EDIT: wrong link I've posted - http://www.php.net/manual/en/function.mysql-error.php Edited May 22, 2014 by jazzman1 Quote Link to comment Share on other sites More sharing options...
bsmither Posted May 22, 2014 Share Posted May 22, 2014 $sql = ('INSERT INTO `'.$_SESSION["use"][0].'` (ID,Amic) VALUES (`'.$_SESSION["person"][0].'`, `"1"`)'); 1. I believe surrounding the entire right side of the equal sign is not necessary. 2. Backticks are used only to "quote" (bad term) database names, table names, and column names - never values. Quote Link to comment Share on other sites More sharing options...
joallen Posted May 23, 2014 Share Posted May 23, 2014 (edited) Try the following: $conn = mysql_connect("localhost","root","Password"); $err_db = mysql_select_db('bd_amics',$conn); //You want your select_db statement to contain the connection $sql = "INSERT INTO ".$_SESSION["use"][0]." (ID,Amic) VALUES ('".$_SESSION['person'][0]."', '1')"; mysql_query($sql); You do not necessarily need to close the database connection, it will automatically close at the end of the script. If your script was massive and required various functions, procedures, etc, then closing a connection may be necessary. Also I am not sure why you were doing: mysql_query("SET NAMES utf8"); Is your server default not set to utf8? Lastly, in you mysql_query() statement you do not necessarily need to provide the connection information since you are only working with a single connection. If you were using mysqli it would be a different story. Since it is clear you are just starting out with PHP, please get yourself set up with mysqli instead of mysql. I would hate for you to do what I did and program 6 months worth the PHP to realize mysql has been deprecated and will not receive anymore updates or new features. It is pretty hefty task to go back and modify all your mysql statements to mysqli. Hope that works for you! Josh Edited May 23, 2014 by joallen Quote Link to comment Share on other sites More sharing options...
mogosselin Posted May 23, 2014 Share Posted May 23, 2014 (edited) Hi, you could try something like that with mysqli. I used mysqli prepared statements to prevent SQL injections. As for the dynamic table name, you should check it against a white list of allowed tables, again to prevent SQL injections. <?php define('DB_SERVER', "localhost"); define('DB_USER', "root"); define('DB_PASSWORD', "123"); define('DB_TABLE', "db_test"); $conn = mysqli_connect(DB_SERVER, DB_USER, DB_PASSWORD, DB_TABLE); // check valid tables where you could insert something. You want to prevent SQL injections somehow... $tables = array("table1", "table2", "table3"); $table = $_SESSION["use"][0]; if (!in_array($table, $tables)) { trigger_error('Invalid table from session: ' .$table, E_USER_ERROR); } // The 2 ? will be replace by actual values, we call this a prepared statement. It will prevent SQL injections $query = 'INSERT INTO `'.$table . '` (ID,Amic) VALUES (?, ?)'; if (mysqli_connect_errno($conn)) { trigger_error('Database connection failed: ' . mysqli_connect_error(), E_USER_ERROR); } if ($stmt = mysqli_prepare($conn, $query)) { $value1 = $_SESSION["person"][0]; $value2 = "1"; mysqli_stmt_bind_param($stmt, "ss", $value1, $value2); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); } else { trigger_error('Error with SQL query' . $query, E_USER_ERROR); } mysqli_close($conn); ?> Edited May 23, 2014 by mogosselin Quote Link to comment Share on other sites More sharing options...
FraanXT Posted May 23, 2014 Author Share Posted May 23, 2014 Thank you all, finally It's working, the error was `'$_SESSION["use"][0]'`, the right one: `$_SESSION["use"][0]`. Im using set names to utf-8 because I got some problems with database, no problems now since I use that. I have another problem and I made a new post, please check that guys: http://forums.phpfreaks.com/topic/288728-php-my-sql-concade-problem/ Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.