vonKristoff Posted October 4, 2011 Share Posted October 4, 2011 hiya im new to all this.. I am trying to INSERT into my Database. $id = $_POST['id']; $q = "INSERT INTO videos(src) VALUES ($id); $result = $mysqli->query($q) or die($mysqli_error($mysqli)); It just throws an error each time .. Any ideas ..? Link to comment https://forums.phpfreaks.com/topic/248401-sql-insert/ Share on other sites More sharing options...
awjudd Posted October 4, 2011 Share Posted October 4, 2011 You are missing an ending " after your $q line. As well as is $id numeric or a string? If it is a string, then you need it in quotes (''). Otherwise we need more information about the error. ~juddster Link to comment https://forums.phpfreaks.com/topic/248401-sql-insert/#findComment-1275605 Share on other sites More sharing options...
vonKristoff Posted October 4, 2011 Author Share Posted October 4, 2011 Hi .. thanks .. yes corrected - but that was my TYPO! I have it correct in in my code im using. I get a error 500 in my java console in firefox. In my error log - it says PHP Fatal error: Function name must be a string I cant see where its wrong. ..> anything else sticking out? - Otherwise it could be something to do with mySQL on my server? Link to comment https://forums.phpfreaks.com/topic/248401-sql-insert/#findComment-1275618 Share on other sites More sharing options...
vonKristoff Posted October 4, 2011 Author Share Posted October 4, 2011 Even if I push a non var through ie: $q = "INSERT INTO videos(src) VALUE("text")"; it still wont work and says unexpected T_STRING .. For the record - if i push the $var into my error_log it reads correct. Link to comment https://forums.phpfreaks.com/topic/248401-sql-insert/#findComment-1275627 Share on other sites More sharing options...
awjudd Posted October 4, 2011 Share Posted October 4, 2011 You used the wrong quotes inside your query. It should be ' not ". ~juddster Link to comment https://forums.phpfreaks.com/topic/248401-sql-insert/#findComment-1275629 Share on other sites More sharing options...
AltarofScience Posted October 4, 2011 Share Posted October 4, 2011 Even if I push a non var through ie: $q = "INSERT INTO videos(src) VALUE("text")"; it still wont work and says unexpected T_STRING .. For the record - if i push the $var into my error_log it reads correct. i use mysql not mysqli but: $q = "INSERT INTO videos(src) VALUES ('text')"; should be the proper way to write that query, or in the original query: $id=$_POST['id']; $q = "INSERT INTO videos(src) VALUES ('$id')"; Link to comment https://forums.phpfreaks.com/topic/248401-sql-insert/#findComment-1275642 Share on other sites More sharing options...
fenway Posted October 4, 2011 Share Posted October 4, 2011 Without a DB wrapper, they're both wrong. Link to comment https://forums.phpfreaks.com/topic/248401-sql-insert/#findComment-1275648 Share on other sites More sharing options...
vonKristoff Posted October 4, 2011 Author Share Posted October 4, 2011 Thanks..! $id=$_POST['id']; $q = "INSERT INTO videos(src) VALUES ('$id')"; was what I was after - I thought that was right - Alas with my final push with $result=$mysqli->query($q) or die($mysqli_error($mysqli)); It doesnt work and throws up an error "undefined variable" & Function must not be a string. - That I dont understand and have a feeling my server is playing up ... ? any hints to why this isnt going through. As said if I error log my $id - I get the correct var coming through in the log. Link to comment https://forums.phpfreaks.com/topic/248401-sql-insert/#findComment-1275649 Share on other sites More sharing options...
vonKristoff Posted October 4, 2011 Author Share Posted October 4, 2011 ok, just for you fenway <?php include 'database.php'; if(!mysqli_connect_errno()) { error_log("Connected"); $id=$_POST['id']; $q="INSERT INTO videos(src) VALUE('$id')"; $result=$mysqli->query($q) or die($mysqli_error($mysqli)); } else{ error_log("not connected"); } ?> Link to comment https://forums.phpfreaks.com/topic/248401-sql-insert/#findComment-1275652 Share on other sites More sharing options...
fenway Posted October 4, 2011 Share Posted October 4, 2011 That's not what I meant -- I meant you're not cleaning those input values to protect against SQL injection. Link to comment https://forums.phpfreaks.com/topic/248401-sql-insert/#findComment-1275678 Share on other sites More sharing options...
vonKristoff Posted October 4, 2011 Author Share Posted October 4, 2011 ok thanks - could you enlighten me? I've started looking into mysql_real_escape_string as a way to interpret the variable .. Link to comment https://forums.phpfreaks.com/topic/248401-sql-insert/#findComment-1275686 Share on other sites More sharing options...
vonKristoff Posted October 4, 2011 Author Share Posted October 4, 2011 My code is as follows - and throws no errors - but neither any javascript console messages - and does nada in general... So Im really stuck - is there no end!? /* modified */ OK - reset servers / cache / filled mug It now takes action...> with the following :::::: <?php require_once "database.php"; if(!mysqli_connect_errno()) { error_log("Connected"); $id=$_POST['id']; $mysqli->query("INSERT INTO videos(src) VALUES('".mysql_real_escape_string($id)."')"); } else{ error_log("not connected"); } ?> Great! However - still dont get why I had to "mysql_real_escape_string" because I havent seen that in ANY tutorials - or from advice given by other helpful people ... guess u gotta be a freak to get it.. Link to comment https://forums.phpfreaks.com/topic/248401-sql-insert/#findComment-1275692 Share on other sites More sharing options...
fenway Posted October 4, 2011 Share Posted October 4, 2011 Sorry, what dosen't work? Link to comment https://forums.phpfreaks.com/topic/248401-sql-insert/#findComment-1275696 Share on other sites More sharing options...
mikosiko Posted October 4, 2011 Share Posted October 4, 2011 in the original code that you posted... in this line: $result = $mysqli->query($q) or die($mysqli_error($mysqli)); you are mixing OO style ($mysqli->query()) with something like (but no close) to Procedural Style ($mysqli_error()) ... totally wrong maybe what you are trying to do is: $result = $mysqli->query($q) or die($mysqli->error); this is going to trow the error that you are getting ""undefined variable" & Function must not be a string"... if your query is wrong and die() is triggered and fenway post still valid. Link to comment https://forums.phpfreaks.com/topic/248401-sql-insert/#findComment-1275761 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.