Jump to content

Recommended Posts

I don't why my code is not inserting into the database, it does everything else just dosen't insert into the database.

 

<?php
if(!$_COOKIE['login'])
{
header("Location:login.php");
}
?>

<?php

if($_POST['apply']){

include 'db.php';
$login = $_COOKIE['login'];
$pwd = $_COOKIE['pwd'];
$fname = $_COOKIE['fname'];
$lname = $_COOKIE['lname'];

$connect = mysql_connect($db_host,$db_username,$db_password)
  or die("MySQL Said:".mysql_error());
  
$database = mysql_select_db($db_database,$connect)
  or die("MySQl Said:".mysql_error());


$link = mysql_query("SELECT * FROM `pilots` WHERE fname='$fname' and lname='$lname'")
  or die("MySQL Said:".mysql_error());
  
  $data=mysql_fetch_assoc($link);
  
  $ecd = $data['ed'];
  $bm = $data['bm'];
  $fname = $data['fname'];
  $lname = $data['lname'];
  $pic = $_POST['pic'];
  $title = $_POST['title'];
  $date = $_POST['date'];
  $time = $_POST['time'];
  $about = $_POST['about'];
  $picip = $_SERVER['REMOTE_ADDR'];
  $publish = $_POST['publish'];
  $now = date("j, n, Y");    
  

if($ecd=='1' or $bm=='1'){
  if((!$title) || (!$date) || (!$time)|| (!$about) || (!$publish)){
   
echo'<font color="#FF0000"><center>You did Not Submit The Following Information!</center></font>';

if(!$title){
echo"<br />You are Missing an Event Title<br /><br />";


}


if(!$date){
echo"<br /> Please file a date for this event!<br /><br />";


}


if(!$time){
echo"<br />Please file a date for this event<br /><br />";


}

if(!$about){
echo"<br />Please provide some information about this event<br /><br />";

}


if(!$publish){
echo"<br />You have forgotten to decide if you are ready to publish this event<br /><br />";

} else {

$events = "SELECT * FROM `events` WHERE title='$title'";
$eventsr = mysql_query($events);
$counte = mysql_num_rows($eventsr);

}

if($counte >'1'){
echo'Event is Already in database';
} else 



{

mysql_query("INSERT INTO events(id,pic,title,date,time,about,picip,publish,pdate) 
VALUES('','$pic','$title','$date','$time','$about','$picip','$publish','$now')");..



}  

}

}
}
?>

 

Thanks in advanced

Link to comment
https://forums.phpfreaks.com/topic/133355-not-inserting-into-database/
Share on other sites

Try running this:

mysql_query("INSERT INTO events(id,pic,title,date,time,about,picip,publish,pdate) 
VALUES('','$pic','$title','$date','$time','$about','$picip','$publish','$now')") or die(mysql_error());

 

But I can already tell you, the "date" column is a reserved column name and is throwing the error. I would suggest renaming that, and possible the time column. For a temp fix this would work:

 

mysql_query("INSERT INTO events(`id`,`pic`,`title`,`date`,`time`,`about`,`picip`,`publish`,`pdate`) 
VALUES('','$pic','$title','$date','$time','$about','$picip','$publish','$now')") or die(mysql_error());

 

Backticks (`) around the column names will take the columns literally and not as a function thus not throwing the error.

Date is not a reserved word.

 

Just echo your query to see what's missing (along with adding the mysql_error).

 

Weird man, I must have just made that up. Could have sworn but all manuals back to 3.x show it is allowed. Weirdness.

 

Anyhow I bet you query is throwing an error due to the id. If you are not going to use a column, do not define, especially an auto_increment column. IE:

 

mysql_query("INSERT INTO events(`pic`,`title`,`date`,`time`,`about`,`picip`,`publish`,`pdate`)
VALUES('$pic','$title','$date','$time','$about','$picip','$publish','$now')") or die(mysql_error());

 

But that could also be only part of it, I would definitely run the above and see if one of the strings has a single ' or other characters mysql does not do well without them being escaped.

Sorry for the late delay. But I have now changed the query to look like

 

mysql_query("INSERT INTO events(`pic`,`title`,`date`,`time`,`about`,`picip`,`publish`,`pdate`)

VALUES('$pic','$title','$date','$time','$about','$picip','$publish','$now')") or die(mysql_error());

 

 

and it is still no inserting into the database.

This is the code i use, it might help it might not.

 

<?php
$sql="INSERT INTO tblbasicform (name, email, buissnes_name, location, ct, website, telephone, longitude, latitude, type, approve)
VALUES
('$_POST[name]','$_POST[email]','$_POST[buissnes_name]','$_POST[location]','$_POST[ct]','$_POST[website]','$_POST[telephone]','$_POST[longitude]',
'$_POST[latitude]','$_POST[type]','$_POST[approve]')";

if (!mysql_query($sql,$connect))
  {
  die('Error: ' . mysql_error());
  }

?>

Now I am recceving this error message.

Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in C:\xampp\htdocs\addevent_phrase.php on line 95

 

With the following code:

 

<?php
$sql= mysql_query("INSERT INTO events(`pic`,`title`,`date`,`time`,`about`,`picip`,`publish`,`pdate`)
VALUES('$_POST[pic]','$_POST[title]','$_POST[date]','$_POST[time]','$_POST[about]','$picip','$_POST['publish']','$now')") or die(mysql_error());

if (!mysql_query($sql,$connect))
  {
  die('Error: ' . mysql_error());
  }
?>

 

that is line 94 - 100

This is the code i use, it might help it might not.

 

<?php
$sql="INSERT INTO tblbasicform (name, email, buissnes_name, location, ct, website, telephone, longitude, latitude, type, approve)
VALUES
('$_POST[name]','$_POST[email]','$_POST[buissnes_name]','$_POST[location]','$_POST[ct]','$_POST[website]','$_POST[telephone]','$_POST[longitude]',
'$_POST[latitude]','$_POST[type]','$_POST[approve]')";

if (!mysql_query($sql,$connect))
  {
  die('Error: ' . mysql_error());
  }

?>

 

That is just a bad way of doing that. Not recommended at all.

 

Here is an improved way.

<?php
$sql= mysql_query("INSERT INTO events(`pic`,`title`,`date`,`time`,`about`,`picip`,`publish`,`pdate`)
VALUES('" . $_POST['pic'] . "','" . $_POST['title'] . "','" . $_POST['date'] . "','" . $_POST['time'] . "','" . $_POST['about'] . "','" . $picip . "','" . $_POST['publish'] . "','" . $now. "')") or die(mysql_error());

if (!mysql_query($sql,$connect))
  {
  die('Error: ' . mysql_error());
  }
?>

 

I always like to concatenate strings just because it makes it easier to identify. And always use single quotes (') when access array elements via association, if you have any type of error reporting on it will throw and undefined constant error.

 

Now to protect yourself from SQL injection I would recommend doing this:

<?php
// note you can easily do this by defining each value instead of looping 
// but for demonstration purposes I will loop instead of writing the 5 if statements.
foreach ($_POST as $key => $val) {
    $_POST[$key] = mysql_real_escape_string($val);
}

$sql= mysql_query("INSERT INTO events(`pic`,`title`,`date`,`time`,`about`,`picip`,`publish`,`pdate`)
VALUES('" . $_POST['pic'] . "','" . $_POST['title'] . "','" . $_POST['date'] . "','" . $_POST['time'] . "','" . $_POST['about'] . "','" . $picip . "','" . $_POST['publish'] . "','" . $now. "')") or die(mysql_error());

if (!mysql_query($sql,$connect))
  {
  die('Error: ' . mysql_error());
  }
?>

 

Questions let me know.

 

For demonstration purposes you could also do this instead of using concatenation:

<?php
$sql= mysql_query("INSERT INTO events(`pic`,`title`,`date`,`time`,`about`,`picip`,`publish`,`pdate`)
VALUES('{$_POST['pic']}','{$_POST['title']}','{$_POST['date']}','{$_POST['time']}','{$_POST['about']}','$picip','{$_POST['publish']}','$now')") or die(mysql_error());

if (!mysql_query($sql,$connect))
  {
  die('Error: ' . mysql_error());
  }
?>

I have now modified my code to look like this

<?php
$sql= mysql_query("INSERT INTO events(`pic`,`title`,`date`,`time`,`about`,`picip`,`publish`,`pdate`)
VALUES('{$_POST['pic']}','{$_POST['title']}','{$_POST['date']}','{$_POST['time']}','{$_POST['about']}','$picip','{$_POST['publish']}','$now')") or die(mysql_error());

if (!mysql_query($sql,$connect))
  {
  die('Error: ' . mysql_error());
  }
?>

 

and nothing is still not inserting into the database. I don't know why this is really weird.

<?php

$sql= mysql_query("INSERT INTO events(`pic`,`title`,`date`,`time`,`about`,`picip`,`publish`,`pdate`)

VALUES('{$_POST['pic']}','{$_POST['title']}','{$_POST['date']}','{$_POST['time']}','{$_POST['about']}','$picip','{$_POST['publish']}','$now')") or die(mysql_error());

 

if (!mysql_query($sql,$connect))

  {

  die('Error: ' . mysql_error());

  }

?>

 

 

 

Why are you querying twice?

so just use 

 

$sql= mysql_query("INSERT INTO events(`pic`,`title`,`date`,`time`,`about`,`picip`,`publish`,`pdate`)

VALUES('{$_POST['pic']}','{$_POST['title']}','{$_POST['date']}','{$_POST['time']}','{$_POST['about']}','$picip','{$_POST['publish']}','$now')") or die(mysql_error());

 

and thats it?

Your form data is probably missing.

 

echo $sql here, what does it show?

 

$sql= "INSERT INTO events(`pic`,`title`,`date`,`time`,`about`,`picip`,`publish`,`pdate`)

VALUES('{$_POST['pic']}','{$_POST['title']}','{$_POST['date']}','{$_POST['time']}','{$_POST['about']}','$picip','{$_POST['publish']}',NOW())";

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.