2

I'm having some issues trying to insert a query into the database. I have this php form that should do an insert query but nothing happens, not even an error.

This is an example query with the form:

INSERT INTO FlashVideoList ('title', 'urltitle', 'description', 'tags', 'category', 'filename', 'filetype', 'size', 'uploadedbyuser', 'uploadtime') VALUES ('testtitle','testtitle','test','testtags','FlashVideo','SMILE!.swf','application/x-shockwave-flash','1007525','0','1339102426');

i echoed the contents of the query to get this

This is the php code:

function MySqlQuery($Query)
{
    // Invokes global connection info
    global $MySQL_Host, $MySQL_Username, $MySQL_Password, $MySQL_Database, $MySQL_Port;
    global $mysqli;

    // runs query
    $result = $mysqli->query($Query);
    return $result;
}

$mysqli = new mysqli($MySQL_Host, $MySQL_Username, $MySQL_Password, $MySQL_Database, $MySQL_Port);

    MySqlQuery("INSERT INTO FlashVideoList ('title', 'urltitle', 'description', 'tags', 'category', 'filename', 'filetype', 'size', 'uploadedbyuser', 'uploadtime') " .
    "VALUES ('" . $mysqli->real_escape_string($_SESSION['Title']) . "','" . $mysqli->real_escape_string(GetUrlTitle()) . "','" . $mysqli->real_escape_string($_SESSION['Description']) . "','" .
    $mysqli->real_escape_string($_SESSION['Tags']) . "','" . $_SESSION['Category'] . "','" . $mysqli->real_escape_string($FlashFileName) . "','" . $mysqli->real_escape_string($_FILES["file"]["type"]) . "','" .
    $mysqli->real_escape_string($_FILES["file"]["size"]) . "','" . $mysqli->real_escape_string($UploadUserID) . "','" . time() . "');");

mysqli_free_result($result);
mysqli_close($mysqli);

Any help is appereciated, thanks Select queries work fine with this same code

EDIT: Alright, i've made some progress, it seems that about everything possible is wrong with this code :P so yeah this is my query now:

INSERT INTO FlashVideoList (`title`, `urltitle`, `description`, `tags`, `category`, `filename`, `filetype`, `size`, `uploadedbyuser`, `uploadtime`) VALUES (`letitle`,`letitle`,``,`tagzz`,`FlashVideo`,`585336_pokemonsnewgrounds.swf`,`application/x-shockwave-flash`,`5058231`,`0`,`1339103842`);

And if I run it directly through navicat i get the error:

[Err] 1054 - Unknown column 'letitle' in 'field list'

Anyone know what i'm doing wrong? :/

  • 6
    MySQL identifiers should be quoted using the backtick character ` not the apostrophe character '. – eggyal Jun 07 '12 at 21:03
  • 4
    You are not doing any error checking so its no wonder it doesn't output an error even when there is one, isn't it? The manual on `mysqli_query()` shows how to check for errors: http://php.net/manual/en/mysqli.query.php – Pekka Jun 07 '12 at 21:03
  • 1
    Column names should be in backticks, not quotes – Mark Baker Jun 07 '12 at 21:04
  • 1
    Can you run that INSERT query directly in the database and see whether it generates an error? – andrewsi Jun 07 '12 at 21:04
  • I see, sorry I'm pretty new to all this so, I'll try doing that –  Jun 07 '12 at 21:07
  • 2
    Using backticks should fix it, but make sure you *do* add some error handling nevertheless. One more thing, consider using parametrized queries, those will no longer require `real_escape_string`: http://stackoverflow.com/questions/728229/parameters-in-mysqli – Pekka Jun 07 '12 at 21:09
  • 1
    It also helps to format the code so that it is readable. Newlines and spaces are very cheap and on special offer this week! – Ed Heal Jun 07 '12 at 21:13
  • Alright, I updated the code some but it's still being difficult –  Jun 07 '12 at 21:24
  • 1
    Don't put backticks around the *values*! Only around field names. – gen_Eric Jun 07 '12 at 21:42
  • I've learned a whole lot here :P Thanks everyone –  Jun 07 '12 at 21:47

3 Answers3

1

Read the error message. What error message? Well, that's another issue, but it would have said why the insert failed1.

One (but perhaps not the only) problem as mentioned in the comments is that ' is not a valid identifier quote and thus results in a parse error. In MySQL the default is `, but it can be changed (to ") if using ANSI quotes.

INSERT INTO FlashVideoList (`title`, ...)

1 Here is an example of basic error handling for mysqli (scroll to the bottom). The basic idea is, if the query returns FALSE then something failed and error can/should be consulted.

Also, I'd recommend cleaning up the code and getting rid of the "proxy" function call.

1

Use msysqli_error() to help find out the error

eg. mysqli_query($query) or die(mysqli_error());

Gpak
  • 3,342
  • 2
  • 21
  • 19
0

Why use backticks (or single quotes) in the first place? They let you use reserved words, but that's not something I'd propagate. Use sensible column names instead.

Sherlock
  • 7,525
  • 6
  • 38
  • 79