Insert into database from url

Beginners - Learning PHP
#1

Hi All,

Very new to PHP and need a little help

I have a URL http://soware.com/inbound.php?to=1234567890&from=0987654321&message=hello%20world&ref=abc123

I want to insert this into a database

I have a database setup and table “messages” with fields “to”, “from”,“message”,“ref”

i created a php file inbound.php

with

<?php $to = $_GET["to"]; //The receiving mobile number $from = $_GET["from"]; //The sending mobile number $message = urldecode($_GET["message"]); //SMS content $ref = $_GET["ref"]; // Referer Number // You may wish to log this information in a database $con=mysqli_connect("localhost","user","password","dbase"); // Check connection if (mysqli_connect_errno()) { echo "Failed to connect to MySQL: " . mysqli_connect_error(); } $sql="INSERT INTO messages (to,from,message,ref) VALUES ('$to','$from','$message','$ref')"; if (!mysqli_query($con,$sql)) { die('Error: ' . mysqli_error($con)); } echo "1 record added"; mysqli_close($con); ?>

but i get the error

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘to,from,message,ref) VALUES (‘1234567890’,‘0987654321’,‘Hello World’,‘abc1234’)’ at line 1

any help would be appreciated

#2

1: it seems like it would be better to do a post of the data instead of get.
2: you are inserting variables directly into your query, leaving you wide open to sql injection.
3: the sql syntax error will probably resolve itself when you change to parameterized queries.

Sponsor our Newsletter | Privacy Policy | Terms of Service