Unable to use INSERT INTO......ON DUPLICATE KEY.....My data wasn't into the database

PHP
1

Dear all, I’m using INSERT INTO…ON DUPLICATE KEY statement to check, if there is no record in database it will insert new record. But unfortunately I didnt insert any record or update any record.

Here is my code:

    $audit_no 	=	$_POST['audit_no'];
    $ip = remoteIP();
    $date	=	date("Y-m-d H:i:s");
    
    for ($i=0; $i < ($_POST['count']); $i++)
    {
    	$form_details_subquestion_id 	= $_POST['form_details_subquestion_id'][$i];
    	$form_details_section_id		= $_POST['form_details_section_id'][$i];
    	$mark							= $_POST['mark'][$i];
    	$remark							= $_POST['remark'][$i];	
    
    
    	$query = "INSERT INTO audit_section_markrecord(audit_section_id,form_details_subquestion_id,form_details_section_id,mark) 
    											VALUES(`$audit_no`,`$form_details_subquestion_id`,`$form_details_section_id`,`$mark`) 
    											ON DUPLICATE KEY UPDATE mark = '$mark'";
    	$go = mysql_query($query);
}

Please help me up! Thank you all of you!!

2

Wrong type of quotes around the values - should be " instead of `

3

You’re a sitting duck for a potential SQL injection attack with that code as no attempted is made to validate the user submitted data and the user submitted data isn’t escaped either!

Also you need to be aware that the old mysql_* extension is deprecrated in version 5.5 of PHP (current version) and is being removed from version 7 (the next version). You need to migrate over to using either the mysqli_* extension or PDO. Whichever of the two you go for you need to use prepared statements when dealing with data submitted by the user, having first validated the data that has been submitted by the user.

2 Likes
4

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.