Jump to content

Recommended Posts

Hi all,

 

Up until recently I have been using Dreamweaver to generate all of the MYSQL code that has been needed. I am now starting to write my own and I have a an insert query that looks like it should work but for some reason it doesn't. Any help would be appreciated.

 

Here is the code:

 

<?php

// Check if add button is clicked

if ($_POST['insert'] == "userdetails") {

// Check that username field is not blank

if ($_POST['UserName'] <> "") {

// Check that password field is not blank

if ($_POST['Password'] <> "") {

//Collect Data

$InsertUserName = $_POST['UserName'];

$InsertPassword = $_POST['Password'];

$InsertAccess = $_POST['Access'];

 

//Insert into database

mysql_query("INSERT INTO users (UserName, Password, Access) VALUES ($InsertUserName, $InsertPassword, $InsertAccess)");

 

//Go to users page

header('LOCATION: users.php');

} else {

$InsertFailed = "Password";

}

} else {

$InsertFailed = "Username";

}

}

?>

 

I know the connection to the DB is working fine.

 

Thank you in advance for any help.

Link to comment
https://forums.phpfreaks.com/topic/264070-insert-does-not-work/
Share on other sites

strings need to be surrounded by single quotes in a query.

 

Next step, google SQL injection. Your code is very insecure.

You also need to learn how to capture mysql errors, I'd find an actual tutorial rather than trying to learn from Dreamweaver code.

You've tried this?

 

       

mysql_query("INSERT INTO users (UserName, Password, Access) VALUES ('{$InsertUserName}', '{$InsertPassword}', '{$InsertAccess}')");

 

Also, you need to use mysql_real_escape_string around all these variables.

 

It's also a good idea to actually check and handle error messages for queries (which you're not doing).

 

And finally, you must die() directly after a header() call.

 

The individual string values within the query string need to be quoted. Also, it's not good practice to form the query string within the call to the mysql_query() function. As you can see, it precludes the ability to echo the query string for debugging.

 

$query = "INSERT INTO table (text1, text2, numeric1) VALUES ('$string1', '$string2' $number)";
$result = mysql_query($query);

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.