adrian369 Posted August 13, 2018 Share Posted August 13, 2018 <?php /* Connecting, selecting database */ /* Please change the values below to connect to the users database...*/ $mysqli_host="db749575m"; $mysqli_user="********"; $mysqli_password="*******"; $my_database = "db72"; $table_name = "nametable"; echo "adder22"; /*Please Do not change anything below this line */ $link = mysqli_connect("$mysqli_host", "$mysqli_user", "$mysqli_password", "$my_database") or die("Could not connect : " . mysqli_error($link)); echo "Connected successfully"; mysqli_select_db($link, "$my_database") or die("Could not select database"); the code above is working and connecting to the database. code below original was in sql format and not sure how to upgrade it? ================================================================================= $sqli="INSERT INTO nametable (firstname, lastname) VALUES ('$_POST[fname]','$_POST[lname]')"; if (!mysqli_query($sqli,$con)) { die('Error: ' . mysqli_error()); <<<< only getting this far recordiing error on screen>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> } echo "1 record added"; mysqli_close($con) ?> not sure how to fix this as hosts now wont let you send in support tickets. There SQL connect codes dont work. Link to comment Share on other sites More sharing options...
Barand Posted August 13, 2018 Share Posted August 13, 2018 Best way to fix is to check the manual to see what parameters are required for the query() function. While you're at it, read up on prepared statements so you are not putting POST data directly into the query statement string. (I would recommend PDO extension rather then mysqli) Link to comment Share on other sites More sharing options...
ginerjm Posted August 13, 2018 Share Posted August 13, 2018 Oh - the suspense!! So what IS this error on the screen? Remember - we can't see your screen.... PS This: $sqli="INSERT INTO nametable (firstname, lastname) VALUES ('$_POST[fname]','$_POST[lname]')"; if (!mysqli_query($sqli,$con)) would be better this way (indices need to be in quotes!): $q = 'insert into nametable (firstname, lastname) values(' . "$_POST['fname']" .', ' . "$_POST['lname']" . ')'; if (!mysqli_query($q, $con)) ...... Link to comment Share on other sites More sharing options...
Barand Posted August 13, 2018 Share Posted August 13, 2018 4 minutes ago, ginerjm said: (indices need to be in quotes!) Not inside a string where there is no possibility of their being mistaken for constants. Link to comment Share on other sites More sharing options...
cyberRobot Posted August 14, 2018 Share Posted August 14, 2018 15 hours ago, ginerjm said: would be better this way (indices need to be in quotes!): $q = 'insert into nametable (firstname, lastname) values(' . "$_POST['fname']" .', ' . "$_POST['lname']" . ')'; if (!mysqli_query($q, $con)) ...... Just be aware that the POST variables would need to be enclosed in curly brackets with the above code. $q = 'insert into nametable (firstname, lastname) values(' . "{$_POST['fname']}" .', ' . "{$_POST['lname']}" . ')'; Or you could remove the double quotes $q = 'insert into nametable (firstname, lastname) values(' . $_POST['fname'] .', ' . $_POST['lname'] . ')'; In the end, however, it would be better to follow Barand's advice regarding prepared statements. That way you don't need to worry about the query breaking when someone with an apostrophe in their name shows up. Prepared statements will also protect you from SQL Injection attacks. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.