vonKristoff Posted October 4, 2011 Share Posted October 4, 2011 hiya im new to all this.. I am trying to INSERT into my Database. $id = $_POST['id']; $q = "INSERT INTO videos(src) VALUES ($id); $result = $mysqli->query($q) or die($mysqli_error($mysqli)); It just throws an error each time .. Any ideas ..? Quote Link to comment https://forums.phpfreaks.com/topic/248401-sql-insert/ Share on other sites More sharing options...
awjudd Posted October 4, 2011 Share Posted October 4, 2011 You are missing an ending " after your $q line. As well as is $id numeric or a string? If it is a string, then you need it in quotes (''). Otherwise we need more information about the error. ~juddster Quote Link to comment https://forums.phpfreaks.com/topic/248401-sql-insert/#findComment-1275605 Share on other sites More sharing options...
vonKristoff Posted October 4, 2011 Author Share Posted October 4, 2011 Hi .. thanks .. yes corrected - but that was my TYPO! I have it correct in in my code im using. I get a error 500 in my java console in firefox. In my error log - it says PHP Fatal error: Function name must be a string I cant see where its wrong. ..> anything else sticking out? - Otherwise it could be something to do with mySQL on my server? Quote Link to comment https://forums.phpfreaks.com/topic/248401-sql-insert/#findComment-1275618 Share on other sites More sharing options...
vonKristoff Posted October 4, 2011 Author Share Posted October 4, 2011 Even if I push a non var through ie: $q = "INSERT INTO videos(src) VALUE("text")"; it still wont work and says unexpected T_STRING .. For the record - if i push the $var into my error_log it reads correct. Quote Link to comment https://forums.phpfreaks.com/topic/248401-sql-insert/#findComment-1275627 Share on other sites More sharing options...
awjudd Posted October 4, 2011 Share Posted October 4, 2011 You used the wrong quotes inside your query. It should be ' not ". ~juddster Quote Link to comment https://forums.phpfreaks.com/topic/248401-sql-insert/#findComment-1275629 Share on other sites More sharing options...
AltarofScience Posted October 4, 2011 Share Posted October 4, 2011 Even if I push a non var through ie: $q = "INSERT INTO videos(src) VALUE("text")"; it still wont work and says unexpected T_STRING .. For the record - if i push the $var into my error_log it reads correct. i use mysql not mysqli but: $q = "INSERT INTO videos(src) VALUES ('text')"; should be the proper way to write that query, or in the original query: $id=$_POST['id']; $q = "INSERT INTO videos(src) VALUES ('$id')"; Quote Link to comment https://forums.phpfreaks.com/topic/248401-sql-insert/#findComment-1275642 Share on other sites More sharing options...
fenway Posted October 4, 2011 Share Posted October 4, 2011 Without a DB wrapper, they're both wrong. Quote Link to comment https://forums.phpfreaks.com/topic/248401-sql-insert/#findComment-1275648 Share on other sites More sharing options...
vonKristoff Posted October 4, 2011 Author Share Posted October 4, 2011 Thanks..! $id=$_POST['id']; $q = "INSERT INTO videos(src) VALUES ('$id')"; was what I was after - I thought that was right - Alas with my final push with $result=$mysqli->query($q) or die($mysqli_error($mysqli)); It doesnt work and throws up an error "undefined variable" & Function must not be a string. - That I dont understand and have a feeling my server is playing up ... ? any hints to why this isnt going through. As said if I error log my $id - I get the correct var coming through in the log. Quote Link to comment https://forums.phpfreaks.com/topic/248401-sql-insert/#findComment-1275649 Share on other sites More sharing options...
vonKristoff Posted October 4, 2011 Author Share Posted October 4, 2011 ok, just for you fenway <?php include 'database.php'; if(!mysqli_connect_errno()) { error_log("Connected"); $id=$_POST['id']; $q="INSERT INTO videos(src) VALUE('$id')"; $result=$mysqli->query($q) or die($mysqli_error($mysqli)); } else{ error_log("not connected"); } ?> Quote Link to comment https://forums.phpfreaks.com/topic/248401-sql-insert/#findComment-1275652 Share on other sites More sharing options...
fenway Posted October 4, 2011 Share Posted October 4, 2011 That's not what I meant -- I meant you're not cleaning those input values to protect against SQL injection. Quote Link to comment https://forums.phpfreaks.com/topic/248401-sql-insert/#findComment-1275678 Share on other sites More sharing options...
vonKristoff Posted October 4, 2011 Author Share Posted October 4, 2011 ok thanks - could you enlighten me? I've started looking into mysql_real_escape_string as a way to interpret the variable .. Quote Link to comment https://forums.phpfreaks.com/topic/248401-sql-insert/#findComment-1275686 Share on other sites More sharing options...
vonKristoff Posted October 4, 2011 Author Share Posted October 4, 2011 My code is as follows - and throws no errors - but neither any javascript console messages - and does nada in general... So Im really stuck - is there no end!? /* modified */ OK - reset servers / cache / filled mug It now takes action...> with the following :::::: <?php require_once "database.php"; if(!mysqli_connect_errno()) { error_log("Connected"); $id=$_POST['id']; $mysqli->query("INSERT INTO videos(src) VALUES('".mysql_real_escape_string($id)."')"); } else{ error_log("not connected"); } ?> Great! However - still dont get why I had to "mysql_real_escape_string" because I havent seen that in ANY tutorials - or from advice given by other helpful people ... guess u gotta be a freak to get it.. Quote Link to comment https://forums.phpfreaks.com/topic/248401-sql-insert/#findComment-1275692 Share on other sites More sharing options...
fenway Posted October 4, 2011 Share Posted October 4, 2011 Sorry, what dosen't work? Quote Link to comment https://forums.phpfreaks.com/topic/248401-sql-insert/#findComment-1275696 Share on other sites More sharing options...
mikosiko Posted October 4, 2011 Share Posted October 4, 2011 in the original code that you posted... in this line: $result = $mysqli->query($q) or die($mysqli_error($mysqli)); you are mixing OO style ($mysqli->query()) with something like (but no close) to Procedural Style ($mysqli_error()) ... totally wrong maybe what you are trying to do is: $result = $mysqli->query($q) or die($mysqli->error); this is going to trow the error that you are getting ""undefined variable" & Function must not be a string"... if your query is wrong and die() is triggered and fenway post still valid. Quote Link to comment https://forums.phpfreaks.com/topic/248401-sql-insert/#findComment-1275761 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.