0

I am building a private messaging network and it doesn't seem to be inserting them into my table specified. The messages are posted into the table and then accessed in a different script. What is wrong my my query? 

   $new_of_id = $_SESSION['user_login'];

  $send_msg = mysql_query("INSERT INTO pvt_messages VALUES   ('','$new_of_id','$username','$msg_title','$msg_body','$date','$opened','$deleted')");
       echo "Your message has been sent!";
        }
      }
    echo "

    <form action='send_msg.php?u=$username' method='POST'>
    <h2>Compose a Message: ($username)</h2>
    <input type='text' name='msg_title' size='30' onClick=\"value=''\" value='Enter the message title here ...'><p />
    <textarea cols='50' rows='12' name='msg_body'>Enter the message you wish to send ...</textarea><p />
    <input type='submit' name='submit' value='Send Message'>
    </form>

    ";
    }
Noah Smith
  • 1
  • 5
  • 4
    add some basic debugging, and you would find out. –  Nov 15 '12 at 20:47
  • 1
    Please use PDO and prepared statements. http://bobby-tables.com/php.html explains how. – Andy Lester Nov 15 '12 at 20:51
  • 3
    [**Please, don't use `mysql_*` functions in new code**](http://bit.ly/phpmsql). They are no longer maintained and the [deprecation process](http://j.mp/Rj2iVR) has begun on it. See the [**red box**](http://j.mp/Te9zIL)? Learn about [*prepared statements*](http://j.mp/T9hLWi) instead, and use [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) - [this article](http://j.mp/QEx8IB) will help you decide which. If you choose PDO, [here is a good tutorial](http://j.mp/PoWehJ). – Madara's Ghost Nov 15 '12 at 20:54
  • What's with the flood of `mysql_*` functions with sql injections today, did w3schools.com get a boost from Google? – jeroen Nov 15 '12 at 20:54
  • You don't show how all the variables are set. Since you're interpolating them into the string instead of using a prepared statement with placeholders, you need to use `mysql_real_escape_string` to deal with special characters. – Barmar Nov 15 '12 at 20:57

2 Answers2

3

Couple of things here.

Your code doesn't deal with the possibility of a failure.

Currently, you're posting a success message without checking the return value from your INSERT query. You can fix this by checking the value of $send_msg before printing a message:

$send_msg = mysql_query("
    INSERT INTO pvt_messages 
    VALUES(
        '',
        '$new_of_id',
        '$username',
        '$msg_title',
        '$msg_body',
        '$date',
        '$opened',
        '$deleted'
    )
");

//$send_msg will be TRUE if the row was inserted. FALSE if it wasn't.
if($send_msg){
    echo "Your message has been sent!";
}
else{
    echo "We were unable to send your message!";
}

You're not debugging your query properly.

By using trigger_error (mysql_error() like so:

$send_msg = mysql_query("
    INSERT INTO pvt_messages 
    VALUES(
        '',
        '$new_of_id',
        '$username',
        '$msg_title',
        '$msg_body',
        '$date',
        '$opened',
        '$deleted'
    )
") or trigger_error(mysql_error());

... Any MySQL errors that are preventing your INSERT from running properly will be spit out onto the page. This way, you can iron out any syntax errors and whatnot. My guess is that you're trying to insert an empty string into a primary key column.

The mysql_* functions:

Please, don't use mysql_* functions in new code. They are no longer maintained and the deprecation process has begun on it. See the red box? Learn about prepared statements instead, and use PDO, or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.

Wayne Whitty
  • 19,513
  • 7
  • 44
  • 66
0

try something like this - just to check in case you are messing up with column fields (could be a possible reason)

$send_msg = mysql_query("
    INSERT INTO pvt_messages (
         id,
         name
         )
    VALUES(
        '',
        '$name'
    )
");
Taimur Amjad
  • 392
  • 2
  • 14