Cannot Post Data to mysql Database

PHP
1

I am running into trouble posting data into my mysql database. I thoroughly looked over the code, and I can’t seem to find the matter. Here is my code below, please let me know what I am doing wrong.

$query = “INSERT INTO contacts (‘firstname’,‘lastname’,‘phone’,‘email’,‘address’,‘category’,‘private’,‘yearofbirth’)
VALUES (‘$firstname’,‘$lastname’,‘$phone’,‘$email’,‘$address’,‘$category’,‘$private’,‘$yearofbirth’)”

or die(mysql_error());

2

you’re trying to insert values into strings

$query = "INSERT INTO contacts ('firstname,'lastname,'phone,'email,'address,'category,'private,'yearofbirth)

see those quotes? removes dem!!

:smiley:

3

or make them into backticks. ` != ’

4

For safety when it comes to restricted keywords (incase you have them as column names) always add `` around a column name and ‘’ around your values. E.g:
$query = "INSERT INTO contacts ([/B][/COLOR]firstname[COLOR=#FF0000][B],[/B][COLOR=#FF0000][/COLOR]lastname[COLOR=#FF0000][B][/COLOR]) VALUES('$firstname,'$lastname)

5

NOOOOOOOOOOOOOOOOOOOooooo…

6

Too much time on your hands today, Rudy :stuck_out_tongue_winking_eye:

7

also NO

especially not “always”

add backticks only if you’ve been unfortunate enough to inherit a database design from a clueless noob who declared table or column names that are reserved words or contain special characters

far better is not to declare problematic table or column names in the first place, and don’t use backticks at all

8

thanks for the quick replies. I have tried the suggestions given to me, but with no luck. I changed the ‘$private’ variable to ‘$if_private’, just to see if that would help, and to no surprise, it didn’t. Here is below the original code, and it doesn’t work correctly.

$query = “INSERT INTO contacts (firstname,lastname,phone,email,address,category,if_private,yearofbirth) VALUES ('”.$firstname.“‘,’”.$lastname.“‘,’”.$phone.“‘,’”.$email.“‘,’”.$address.“‘,’”.$category.“‘,’”.$if_private.“‘,’”.$yearofbirth.“')”;

9

Before you run mysql_query($query) try doing: die($query); to see what it outputs, you should also make sure you’ve escaped you variables, e.g. before your $query, do: $firstname = mysql_real_escape_string($firstname); etc…

10

before you do anything, test your query directly in mysql (i.e. not via php)

11

Can you please post the value of $query (using sample data for the insert)?

12

this is the $query I use in my program, below

$query = “INSERT INTO contacts (‘firstname’) VALUES ($firstname)”;

this is output to the screen, with ‘joe’ being the data I used

INSERT INTO contacts (‘firstname’) VALUES (joe)

But after I look at my database, nothing in there

13

here is the modified code, after listening to all the suggestions; nothing is found inside the database. Here is the code, can anybody spot anything wrong with it?

// run this only, once the user has hit the “Add Contact” button

if (isset($_POST[‘addcontact’])) {

// assign form inputs

$firstname = $_POST['firstname'];


// validate inputs

if ( !empty($firstname) ) {    

  // add member to database
   
  $query = "INSERT INTO contacts ('firstname') VALUES ($firstname)";

  $result = mysql_query($query);

  $message = "\\"".$firstname." \\" has been successfully added.";
14

I think you misinterpreted Rudy in post #2

// run this only, once the user has hit the "Add Contact" button


if (isset($_POST['addcontact'])) {


// assign form inputs


$firstname = $_POST['firstname'];




// validate inputs


if ( !empty($firstname) ) { 


// add member to database


$query = "INSERT INTO contacts (firstname) VALUES ('$firstname')";


$result = mysql_query($query);


$message = "\\"".$firstname." \\" has been successfully added.";

note the ’

15

misinterpreted? more like ignored :smiley:

16

I’ve tried and tried every combination; with single quotes, double quotes, etc… Here is the code with all the apostrophe and quotation marks removed like asked to do.

// run this only, once the user has hit the “Add Contact” button

if (isset($_POST[‘addcontact’])) {

// assign form inputs

$firstname = $_POST['firstname'];


// validate inputs

if ( !empty($firstname) ) {    

  // add member to database
   
  $query = "INSERT INTO contacts (firstname) VALUES ($firstname)";

  $result = mysql_query($query);

  $message = "\\"".$firstname." \\" has been successfully added.";
17

$query = “INSERT INTO contacts (firstname) VALUES ($firstname)”;

well, you’ve finally removed the quotes from the column name

now all you have to do is put quotes around the value, so that it is interpreted as a string

this would all have gone so much more smoothly if you had tested the sql statement outside of php first

18

This is the output I receive after correcting the code to work with help push data into the database. Again nothing is found inside the database.

INSERT INTO contacts (firstname) VALUES (John) <<output
‘John’ is the data I entered.

if this is not the way the code should look like, please inform.

// run this only, once the user has hit the “Add Contact” button

if (isset($_POST['addcontact'])) {

// assign form inputs

$firstname = $_POST['firstname'];

// validate inputs

if ( !empty($firstname) ) {    

// add member to database
   
$query = "INSERT INTO contacts (firstname) VALUES ('$firstname')";
  
$result = mysql_query($query);

$message = "\\"".$firstname." \\" has been successfully added.";

Header("Location: listcontacts.php");
19

How do I test out my query in mysql, is there a function or command I can use that can get me there.

20

a lot of people use phpmyadmin, but i don’t like it

download heidisql and give it a spin

:slight_smile: