I am running into trouble posting data into my mysql database. I thoroughly looked over the code, and I can’t seem to find the matter. Here is my code below, please let me know what I am doing wrong.
$query = “INSERT INTO contacts (‘firstname’,‘lastname’,‘phone’,‘email’,‘address’,‘category’,‘private’,‘yearofbirth’)
VALUES (‘$firstname’,‘$lastname’,‘$phone’,‘$email’,‘$address’,‘$category’,‘$private’,‘$yearofbirth’)”
For safety when it comes to restricted keywords (incase you have them as column names) always add `` around a column name and ‘’ around your values. E.g:
$query = "INSERT INTO contacts ([/B][/COLOR]firstname[COLOR=#FF0000][B],[/B][COLOR=#FF0000][/COLOR]lastname[COLOR=#FF0000][B][/COLOR]…) VALUES('$firstname’,'$lastname’…)
add backticks only if you’ve been unfortunate enough to inherit a database design from a clueless noob who declared table or column names that are reserved words or contain special characters
far better is not to declare problematic table or column names in the first place, and don’t use backticks at all
thanks for the quick replies. I have tried the suggestions given to me, but with no luck. I changed the ‘$private’ variable to ‘$if_private’, just to see if that would help, and to no surprise, it didn’t. Here is below the original code, and it doesn’t work correctly.
$query = “INSERT INTO contacts (firstname,lastname,phone,email,address,category,if_private,yearofbirth) VALUES ('”.$firstname.“‘,’”.$lastname.“‘,’”.$phone.“‘,’”.$email.“‘,’”.$address.“‘,’”.$category.“‘,’”.$if_private.“‘,’”.$yearofbirth.“')”;
Before you run mysql_query($query) try doing: die($query); to see what it outputs, you should also make sure you’ve escaped you variables, e.g. before your $query, do: $firstname = mysql_real_escape_string($firstname); etc…
here is the modified code, after listening to all the suggestions; nothing is found inside the database. Here is the code, can anybody spot anything wrong with it?
// run this only, once the user has hit the “Add Contact” button
if (isset($_POST[‘addcontact’])) {
// assign form inputs
$firstname = $_POST['firstname'];
// validate inputs
if ( !empty($firstname) ) {
// add member to database
$query = "INSERT INTO contacts ('firstname') VALUES ($firstname)";
$result = mysql_query($query);
$message = "\\"".$firstname." \\" has been successfully added.";
// run this only, once the user has hit the "Add Contact" button
if (isset($_POST['addcontact'])) {
// assign form inputs
$firstname = $_POST['firstname'];
// validate inputs
if ( !empty($firstname) ) {
// add member to database
$query = "INSERT INTO contacts (firstname) VALUES ('$firstname')";
$result = mysql_query($query);
$message = "\\"".$firstname." \\" has been successfully added.";
I’ve tried and tried every combination; with single quotes, double quotes, etc… Here is the code with all the apostrophe and quotation marks removed like asked to do.
// run this only, once the user has hit the “Add Contact” button
if (isset($_POST[‘addcontact’])) {
// assign form inputs
$firstname = $_POST['firstname'];
// validate inputs
if ( !empty($firstname) ) {
// add member to database
$query = "INSERT INTO contacts (firstname) VALUES ($firstname)";
$result = mysql_query($query);
$message = "\\"".$firstname." \\" has been successfully added.";