HELP with INSERT INTO table (mysqli_query())

Hi all, I am hoping you guys can help me figure out the problem with my code. I want to take input from a form in an html page and add it as an entry in a mySQL database. Excuse my roundabout way of doing it, I am sure there are more efficient ways out there, however I am using what I have learnt over a period of about a week to try pull this together so I’m no PHP encyclopaedia. If anyone would like to show me another method of doing what I am, please don’t hesitate to post it instead of simply showing me where the error is in my own code.

I think the problem comes in somewhere around the two ‘//Submit data into Students’ blocks. If I comment these two blocks out the code runs fine creating and selecting the database and Table, or if the database already exists, then just selecting it and creating the table. I get the echo’s I should and when I check mySQL in my terminal I find the DB and TB have been created. However when I uncomment the ‘//Submit data into Students’ blocks… my php page comes up blank. It’s like it doesn’t even run the code above the blocks that I comment out.

I also know that the form is posting the data correctly as I made a second php page that would simply echo the variables I received using $_POST and it worked fine.

Any help would be appreciated.

[php]<?php

//Variables
$con=mysqli_connect(“localhost”,“root”,“password”);
$db=“CREATE DATABASE ROP”;
$tb=“CREATE TABLE Students (PID INT NOT NULL AUTO_INCREMENT,PRIMARY KEY(PID),Firstname CHAR(40),Lastname CHAR(40),Age INT)”;
$submit=“INSERT INTO Students (Firstname, Lastname, Age) VALUES (’$_POST[‘fname’]’,’$_POST[‘sname’]’,’$_POST[‘age’]’)”;

//Check connection
if (mysqli_connect_errno($con))
{
echo "Error connecting to the database - ".mysqli_error($con);
}

//Select database if exists, create if doesn’t, in either case create table within database and then submit form data into table

//Select db	
if (mysqli_select_db($con,"ROP"))
{
	echo "Database ROP selected<br>";
	
			//Create table
			if (mysqli_query($con,$tb)) 
			{
				echo "Table 'students' was created<br>";

					//Submit data into Students
					if (mysqli_query($con,$submit))
					{
						echo "1 user added to the database";
					}
					else
					{
						echo "Error adding user to database - ".mysqli_error($con);
					}
			}
                        //If table already existed
			else
			{
				echo "Table not created - ".mysqli_error($con);

					//Submit data into Students
					if (mysqli_query($con,$submit))
					{
						echo "1 user added to the database";
					}
					else
					{
						echo "Error adding user to database - ".mysqli_error($con);
					}
			}
}	
//Create db
elseif (mysqli_query($con,$db))
{
	echo "Database ROP created<br>";
		
		//Select db
		if (mysqli_select_db($con,"ROP"))
		{
			echo "Database ROP selected<br>";

				//Create tb
				if (mysqli_query($con,$tb)) 
				{
					echo "Table 'students' was created<br>";
				}
		}
}
else 
{
	echo "Error creating or selecting database ROP - ".mysqli_error($con);
}

?>[/php]

Found my problem. In my $submit=(…) my values were not mean to have single quotes within the square brackets. ie: $_POST[fname] instead of $_POST[‘fname’].

This may not have been the only problem but after all my messing around with the code it seemed to me to be the final straw that made it work.

Kable

That will actually throw notices because you’re using constants that do not exist. Your problem was really in invalid string formatting, one of the reasons I find it easier to always concatenate variables in strings.

However, doing queries with concatenated variables is terrible from a security perspective. You should look into mysqli parameterized queries!

Sponsor our Newsletter | Privacy Policy | Terms of Service