1

Thanks for taking a look:

Here is the php I'm using to insert the data into the table

<?php

session_start();

//sets a variable from a session value
if (isset($_SESSION['sv_01'])) {$sv_01=$_SESSION['sv_01'];} else {$sv_01="";}

//to test that the variable has been set and is not empty
echo $sv_01;

//define database log in stuff
$username="username123";
$password="password123";
$database="database01";
$table="my_table";
$dbaddress="123.123.123.123";

//connect to dbserver
$con=mysql_connect($dbaddress,$username,$password); 

if (!$con) 
{ 
die('Could not connect:' .mysql_error()); 
} 

//select the db
mysql_select_db($database) or die( "Unable to select database"); 

//insert data from variables
mysql_query("INSERT INTO $table 
(
$sv_01
)
VALUES 
(
'$sv_01'
)");

mysql_close($con);

?>

I run this, and then go to check out the contents of the DB. Using MySQL workbench I open the connection and the database and table in question, select all rows and there is no data contained in the table.

MySQL info: Collation: latin1 - default collation Engine: MyISAM datatype: sv_01 VARCHAR (255) default: NULL

Any ideas what I am doing incorrectly?

Gideon
  • 1,878
  • 4
  • 40
  • 71
  • 1
    Please stop whatever you're doing now and learn to use the newer `mysqli` or PDO interfaces to MySQL. `mysql_query` **SHOULD NOT BE USED** because it is extremely dangerous. You have a [SQL injection bug](http://bobby-tables.com/php) in this example here that needs immediate attention. – tadman Aug 01 '12 at 22:22
  • Change your code to `$res = mysql_query(...); if (!$res) die(mysql_error());` it will tell you why the data isn't being inserted. – drew010 Aug 01 '12 at 22:24
  • er, ok! have removed this straight away. Care to point me in the right direction for what to do here? I'll look up what you mention, thanks. – Gideon Aug 01 '12 at 22:27
  • 1
    @ drew010 ah ha thanks! great tip. Sounds like I need to resolve this securit risk @tadman mentions first, will look into both – Gideon Aug 01 '12 at 22:28
  • PDO isn't that hard and will make it almost impossible to expose yourself to a SQL injection bug if you do it properly, it's safe by default. It also makes your queries easier to read since the query and the data are usually kept separate. Sorry to be so severe but `mysql_query` is very dangerous unless you know how to use it properly. Side effects of mis-use may include: job loss, disruption of company operations and destruction of stock valuation. – tadman Aug 01 '12 at 22:31

2 Answers2

5

I believe that the name of the field is sv_01 not $sv_01

I would try:

$query = "INSERT INTO $table (sv_01) VALUES ('$sv_01')";

Update (dedicated to tadman):
A small piece of advice: DO NOT use mysql_query

Community
  • 1
  • 1
Nir Alfasi
  • 53,191
  • 11
  • 86
  • 129
  • 1
    Unescaped user input injected into SQL directly? Using `mysql_query`? What could possibly go wrong? – tadman Aug 01 '12 at 22:28
  • 3
    @tadman +1 of course you're right, but I'm tired of telling people to use PDO/MySqli cause they're just "inviting" sql-injections. Btw, why -1 ? – Nir Alfasi Aug 01 '12 at 22:30
  • The last thing the internet needs is *yet another* example using `mysql_query`. Please stop using it. SQL injections are not an academic concern. Ask anyone with a name like "O'Malley" how much they like SQL escaping. It's trivial to express this using `mysqli` with placeholders and it encourages best practices, which is really what StackOverflow is all about. – tadman Aug 01 '12 at 22:33
  • 2
    @tadman I agree with you, but, your point is out of scope. I answered his question and chose to ignore the fact that he uses `mysql_query` since I saw that you already commented on this issue. The example was relevant for the code that he gave. – Nir Alfasi Aug 01 '12 at 22:38
  • It's like someone asking for directions while they're on fire. First you put out the fire, *then* you give them directions. – tadman Aug 01 '12 at 22:50
  • 2
    Thanks very much for pointing out the error I made @alfasin - that's certainly the cause of my actual issue. Also sorry to cause the mysql query controversy - since you have edited your answer with advice about not using it - I think it's fine for me to accept yours an answer without risking leading other novices astray! Thanks again and I'll learn how to be safe with mysqli. – Gideon Aug 01 '12 at 23:32
0

Use localhost insted af your IP (if possible), and make your connection easy to read:

$con=mysql_connect($dbaddress,$username,$password) OR DIE mysql_error();

AND you also have to give you mysql_query a variable: 

$mysql = mysql_query("INSERT INTO $table ($sv_01) VALUES ('".$sv_01."');");

:)

Jonathan Bredo Christensen
  • 75
  • 12