FraanXT Posted May 21, 2014 Share Posted May 21, 2014 Hey guys, this is my first post here(not going to be the last one, Im sure), im trying to insert in mysql from session array, i don't know where is my error, I leave the code below, if someone can help me please . $conn = mysql_connect("localhost","root","Password"); $err_db = mysql_select_db('bd_amics'); $sql = ('INSERT INTO `'.$_SESSION["use"][0].'` (ID,Amic) VALUES (`'.$_SESSION["person"][0].'`, `"1"`)'); mysql_query("SET NAMES utf8"); mysql_query($sql, $conn); mysql_close(); Im trying to insert in table $_SESSION["use"][0] the values $_SESSION["person"][0] and 1. Thank you guys. Link to comment https://forums.phpfreaks.com/topic/288663-php-mysql-insert-error/ Share on other sites More sharing options...
jazzman1 Posted May 22, 2014 Share Posted May 22, 2014 As for mysql error(s) - http://dev.mysql.com/doc/refman/5.0/en/user-resources.html I strongly recommend you to read up the warning inside the pink box. EDIT: wrong link I've posted - http://www.php.net/manual/en/function.mysql-error.php Link to comment https://forums.phpfreaks.com/topic/288663-php-mysql-insert-error/#findComment-1480378 Share on other sites More sharing options...
bsmither Posted May 22, 2014 Share Posted May 22, 2014 $sql = ('INSERT INTO `'.$_SESSION["use"][0].'` (ID,Amic) VALUES (`'.$_SESSION["person"][0].'`, `"1"`)'); 1. I believe surrounding the entire right side of the equal sign is not necessary. 2. Backticks are used only to "quote" (bad term) database names, table names, and column names - never values. Link to comment https://forums.phpfreaks.com/topic/288663-php-mysql-insert-error/#findComment-1480388 Share on other sites More sharing options...
joallen Posted May 23, 2014 Share Posted May 23, 2014 Try the following: $conn = mysql_connect("localhost","root","Password"); $err_db = mysql_select_db('bd_amics',$conn); //You want your select_db statement to contain the connection $sql = "INSERT INTO ".$_SESSION["use"][0]." (ID,Amic) VALUES ('".$_SESSION['person'][0]."', '1')"; mysql_query($sql); You do not necessarily need to close the database connection, it will automatically close at the end of the script. If your script was massive and required various functions, procedures, etc, then closing a connection may be necessary. Also I am not sure why you were doing: mysql_query("SET NAMES utf8"); Is your server default not set to utf8? Lastly, in you mysql_query() statement you do not necessarily need to provide the connection information since you are only working with a single connection. If you were using mysqli it would be a different story. Since it is clear you are just starting out with PHP, please get yourself set up with mysqli instead of mysql. I would hate for you to do what I did and program 6 months worth the PHP to realize mysql has been deprecated and will not receive anymore updates or new features. It is pretty hefty task to go back and modify all your mysql statements to mysqli. Hope that works for you! Josh Link to comment https://forums.phpfreaks.com/topic/288663-php-mysql-insert-error/#findComment-1480545 Share on other sites More sharing options...
mogosselin Posted May 23, 2014 Share Posted May 23, 2014 Hi, you could try something like that with mysqli. I used mysqli prepared statements to prevent SQL injections. As for the dynamic table name, you should check it against a white list of allowed tables, again to prevent SQL injections. <?php define('DB_SERVER', "localhost"); define('DB_USER', "root"); define('DB_PASSWORD', "123"); define('DB_TABLE', "db_test"); $conn = mysqli_connect(DB_SERVER, DB_USER, DB_PASSWORD, DB_TABLE); // check valid tables where you could insert something. You want to prevent SQL injections somehow... $tables = array("table1", "table2", "table3"); $table = $_SESSION["use"][0]; if (!in_array($table, $tables)) { trigger_error('Invalid table from session: ' .$table, E_USER_ERROR); } // The 2 ? will be replace by actual values, we call this a prepared statement. It will prevent SQL injections $query = 'INSERT INTO `'.$table . '` (ID,Amic) VALUES (?, ?)'; if (mysqli_connect_errno($conn)) { trigger_error('Database connection failed: ' . mysqli_connect_error(), E_USER_ERROR); } if ($stmt = mysqli_prepare($conn, $query)) { $value1 = $_SESSION["person"][0]; $value2 = "1"; mysqli_stmt_bind_param($stmt, "ss", $value1, $value2); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); } else { trigger_error('Error with SQL query' . $query, E_USER_ERROR); } mysqli_close($conn); ?> Link to comment https://forums.phpfreaks.com/topic/288663-php-mysql-insert-error/#findComment-1480550 Share on other sites More sharing options...
FraanXT Posted May 23, 2014 Author Share Posted May 23, 2014 Thank you all, finally It's working, the error was `'$_SESSION["use"][0]'`, the right one: `$_SESSION["use"][0]`. Im using set names to utf-8 because I got some problems with database, no problems now since I use that. I have another problem and I made a new post, please check that guys: http://forums.phpfreaks.com/topic/288728-php-my-sql-concade-problem/ Link to comment https://forums.phpfreaks.com/topic/288663-php-mysql-insert-error/#findComment-1480666 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.