1

I am trying to insert data into MySQL database. For each of the data been inserted I want the username to be added so as to keep track of the user the insert that data.Here is my sample query below but the username is not inserting. 

$username = $_SESSION['log']['username'];

$Query = "INSERT INTO core_modules 
          (username,courseID,title,credits) 
           VALUES ('$username',SELECT ID,title,credits FROM module 
               WHERE ID IN ('CS4150','CS4403','CS4407','CS4501','CS4504','CS4614'))";
mysql_query($Query);
echo $Query. '<br />';

This is what my database looks like and I need the username inserted into each record inserted.

enter image description here

How could I go about this please ?? Thanks in advance.

user1444442
  • 109
  • 4
  • 11
  • What does the echo $Query output? – Ronn0 Jul 12 '12 at 15:19
  • have you double-checked the value of `$username` after getting it out of the session? – quickshiftin Jul 12 '12 at 15:20
  • 2
    Well, what a surprise, a question that contains code that is vulnerable to sql injections, I've never ever seen this before in my life. – Mahn Jul 12 '12 at 15:20
  • 1
    @Mahn Yep, can't wait to sign up for this site with the username `',ID,title,credits from module; drop database; --`! – lc. Jul 12 '12 at 15:25
  • Maybe nitpicky, but why are the values of title,credits copied from module to core_modules? Value duplication like this not only wastes space, it makes the database susceptible to value-rot and will make the entire project more cumbersome as you go on. Is there a reason you can't regularly do a JOIN query on the two tables? If not, the module.ID should be sufficient. – Mr Griever Jul 12 '12 at 15:27
  • @ Ronn0 and quickshiftin . Thank you both for the reply !! It's working now. – user1444442 Jul 12 '12 at 15:31
  • @Mahn and lc . Thank you two for the pleasant contributions. It's well appreciated. But what ye both don't understand is your level of knowledge in PHP and MySQL cant be the same as everyone else. So if ye would like to correct someone or teach someone something,JUST DO IT rather than criticize them ! Wouldn't that make things bit more straight forward or at least make ye more like decent people?? Just saying! – user1444442 Jul 12 '12 at 15:43
  • Okay, then please read the following: http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php – Mahn Jul 12 '12 at 15:47
  • @Mahn Thank you for the link. Am including that in my code now.You have proved to be a better person than I thought you are.Well done and much respect. Once again thank you. – user1444442 Jul 12 '12 at 15:56
  • Np, the thing that most people are pissed about is not others not knowing everything (I don't know jack either) but others neglecting or not caring to learn. If you are willing to learn, improve, and go the extra mile to make your code better you'll have the respect of everyone at SO ;) – Mahn Jul 12 '12 at 16:10
  • @Mahn.I do enjoy learning. But I have to admit I don't know alot about PHP and MySQL. This is a little project am doing for learning purpose. Have been at it now couple of weeks and it has truly boost my self esteem though I know I still have a long way to go in terms of learning.People like you correcting me and showing what not to do and better way(s) to do things have definitely contributed to my learning. Made me believe more in myself. Thank you. – user1444442 Jul 12 '12 at 16:25

1 Answers1

4
 INSERT INTO core_modules (username,courseID,title,credits) 
 SELECT '$username', ID, title, credits 
 FROM module 
 WHERE ID IN ('CS4150','CS4403','CS4407','CS4501','CS4504','CS4614')
juergen d
  • 201,996
  • 37
  • 293
  • 362