Jump to content
#FlattenTheCurve ×
Jim R

Not sure why this INSERT isn't working...

Recommended Posts

I'm wanting to insert the following when someone submits a form.  

I know I have a connection to the database, and I know grade and position are coming from the form.  

 

$grade = $_POST['grade'];
$position = $_POST['position'];



$query = "INSERT INTO a_rankings_select (grade,position)
VALUES ('" .$grade. "', '" .$position. "')";
	
echo mysqli_error($con);

 

Share this post


Link to post
Share on other sites

To insert a record you need to execute the sql, not just define a string.

Share this post


Link to post
Share on other sites

Got it...thank you!  I did forget that line.  I'll likely come up with another hitch.  😐

Share this post


Link to post
Share on other sites

Use parameters in your mysqli code.  DO NOT interpolate or you will be creating code that is open to SQL injection.

$query = "INSERT INTO a_rankings_select (grade ,position) VALUES (?, ?)";
// $con would be the mysqli connection resource
$stmt = mysqli_prepare($con, $query);
//2nd param is a string of character(s) describing type of param.  In your case these are strings, so 'ss'
mysqli_stmt_bind_param($stmt, 'ss', $grade, $position);

if (mysqli_stmt_execute ($stmt) {
  // Insert succeeded
} else {
  echo 'Error:  Grade ranking insert failed. Check input/or database status';
}

If you spit out the contents of mysql_error, just be aware you could be leaking database connection information which attackers would love to have.  Better to log that data, and provide your own customized error message as I illustrated here.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.