Jump to content

Inserting Session Variables Into Mysql

wright67uk

By wright67uk
in PHP Coding Help

 Share

Recommended Posts

wright67uk Advanced Member

wright67uk

Posted
Posted

I'm trying to insert some form results into a table. I've tested my connection, and the query echos out fine.

 

I understand that, I need to sanitize my variables, but for now I'm trying to figure out why nothing gets inserted into my database.

 

Does my code seem to be ok, or is this most likely down to the way my table has been setup?

 

<?php session_start();

include 'connection.php';

$insert_query = ("insert into users(name, email, phone, postcode, type, start, user, password, tac) values ( " . $_SESSION['name'] . ", " . $_SESSION['email'] . ", " . $_SESSION['phone'] . ", " . $_SESSION['postcode'] . ", " . $_SESSION['type'] . ", " . $_SESSION['start'] . ", " . $_POST ['user'] . ", " . $_POST ['password'] . ", " . $_POST ['tac'] . " ) ") or die(mysql_error());

echo "Data Inserted!"; echo $insert_query;

mysql_query($insert_query);

?>

Link to comment
https://forums.phpfreaks.com/topic/271332-inserting-session-variables-into-mysql/
Share on other sites
wright67uk Advanced Member

wright67uk

Posted
  • Author
Posted

So more like the below?

<?php
   session_start();

include 'connection.php';

$insert_query = ("insert into users('name', 'email', 'phone', 'postcode', 'type', 'start', 'user', 'password', 'tac')
values (
               " . $_SESSION['name']     . ",
               " . $_SESSION['email']    . ",
               " . $_SESSION['phone']    . ",
               " . $_SESSION['postcode'] . ",
			" . $_SESSION['type']     . ",
			" . $_SESSION['start']    . ",
               " . $_POST   ['user']     . ",
               " . $_POST   ['password'] . ",
               " . $_POST   ['tac']      . "   )
                                                ") or die(mysql_error());

echo "Data Inserted!";
echo $insert_query;

mysql_query($insert_query); 		

?>

requinix Prolific Member

requinix

Posted
Posted

Right idea, wrong place. Quotes around the strings you're inserting. The list of fields you're inserting into don't always have to be quoted, but if you do then use backticks ` for them. Regular double " and single ' quotes are strictly (and necessary) for string values.

INSERT INTO table (field1, field2, field3) VALUES ("string 1", "string 2", "string 3")

INSERT INTO table (`field`, `field2`, `field3`) VALUES ('string 3', 'string 4', 'string 5')

NomadicJosh Member

NomadicJosh

Posted
Posted (edited)

Also, I want to suggest using a function like:

 

function isSessionSet($caller) {
if(isset($_SESSION[$caller])) {
return $_SESSION[$caller];
}
}

 

How to use:

$query = "insert into users(name, email) values ( '" . isSessionSet('name') . "', '" . isSessionSet('email') . "' )" or die(mysql_error());

 

This will prevent your error logs from being crowded with unnecessary "index" errors.

Edited by parkerj
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.