Jump to content

Recommended Posts

Hey guys, this is my first post here(not going to be the last one, Im sure), im trying to insert in mysql from session array, i don't know where is my error, I leave the code below, if someone can help me please :).

 

                $conn = mysql_connect("localhost","root","Password");

                $err_db = mysql_select_db('bd_amics');

                $sql = ('INSERT INTO `'.$_SESSION["use"][0].'` (ID,Amic) VALUES (`'.$_SESSION["person"][0].'`, `"1"`)');

                mysql_query("SET NAMES utf8");

                mysql_query($sql, $conn);

                mysql_close();

 

Im trying to insert in table $_SESSION["use"][0] the values $_SESSION["person"][0] and 1.

 

Thank you guys.

 

Link to comment
https://forums.phpfreaks.com/topic/288663-php-mysql-insert-error/
Share on other sites

As for mysql error(s) - http://dev.mysql.com/doc/refman/5.0/en/user-resources.html

I strongly recommend you to read up the warning inside the pink box.

 

EDIT: wrong link I've posted - http://www.php.net/manual/en/function.mysql-error.php

Edited by jazzman1

$sql = ('INSERT INTO `'.$_SESSION["use"][0].'` (ID,Amic) VALUES (`'.$_SESSION["person"][0].'`, `"1"`)');

 

1. I believe surrounding the entire right side of the equal sign is not necessary.

2. Backticks are used only to "quote" (bad term) database names, table names, and column names - never values.

Try the following:

$conn = mysql_connect("localhost","root","Password");
$err_db = mysql_select_db('bd_amics',$conn); //You want your select_db statement to contain the connection

$sql = "INSERT INTO ".$_SESSION["use"][0]." (ID,Amic) VALUES ('".$_SESSION['person'][0]."', '1')";
mysql_query($sql);

You do not necessarily need to close the database connection, it will automatically close at the end of the script. If your script was massive and required various functions, procedures, etc, then closing a connection may be necessary. Also I am not sure why you were doing:

mysql_query("SET NAMES utf8");

Is your server default not set to utf8?

 

Lastly, in you mysql_query() statement you do not necessarily need to provide the connection information since you are only working with a single connection. If you were using mysqli it would be a different story. 

 

Since it is clear you are just starting out with PHP, please get yourself set up with mysqli instead of mysql. I would hate for you to do what I did and program 6 months worth the PHP to realize mysql has been deprecated and will not receive anymore updates or new features. It is pretty hefty task to go back and modify all your mysql statements to mysqli.

 

Hope that works for you!

 

Josh

Edited by joallen

Hi, you could try something like that with mysqli.

 

I used mysqli prepared statements to prevent SQL injections.

As for the dynamic table name, you should check it against a white list of allowed tables, again to prevent SQL injections.

<?php
define('DB_SERVER', "localhost");
define('DB_USER', "root");
define('DB_PASSWORD', "123");
define('DB_TABLE', "db_test");

$conn = mysqli_connect(DB_SERVER, DB_USER, DB_PASSWORD, DB_TABLE);

// check valid tables where you could insert something. You want to prevent SQL injections somehow...
$tables = array("table1", "table2", "table3");
$table = $_SESSION["use"][0];

if (!in_array($table, $tables)) {
    trigger_error('Invalid table from session: '  .$table, E_USER_ERROR);
}

// The 2 ? will be replace by actual values, we call this a prepared statement. It will prevent SQL injections
$query = 'INSERT INTO `'.$table . '` (ID,Amic) VALUES (?, ?)';


if (mysqli_connect_errno($conn)) {
    trigger_error('Database connection failed: '  . mysqli_connect_error(), E_USER_ERROR);
}

if ($stmt = mysqli_prepare($conn, $query)) {
    $value1 = $_SESSION["person"][0];
    $value2 = "1";
    mysqli_stmt_bind_param($stmt, "ss", $value1, $value2);
    mysqli_stmt_execute($stmt);
    mysqli_stmt_close($stmt);
} else {
    trigger_error('Error with SQL query' . $query, E_USER_ERROR);
}

mysqli_close($conn);

?>
Edited by mogosselin

Thank you all, finally It's working, the error was `'$_SESSION["use"][0]'`, the right one: `$_SESSION["use"][0]`.

Im using set names to utf-8 because I got some problems with database, no problems now since I use that.

 

I have another problem and I made a new post, please check that guys:

 

http://forums.phpfreaks.com/topic/288728-php-my-sql-concade-problem/

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.