-3

I'm using XAMPP, phpmyadmin and even after correcting it so many times, in output it only shows updated records. The data is not being inserted somehow.

<?php 

$name=$_POST['comment']; 
$link=mysql_connect('localhost', 'root','' ); 
mysql_select_db('comments',$link);
mysql_query("insert into comment values('$name'"); 
echo '<script type="text/javascript"> 

<!-- window.location = "display1.php" --> </script>'; 

?>

display1.php

<?php 

$link=mysql_connect('localhost', 'root','' ); 
mysql_select_db('comments',$link); 
echo "Updated records:<br>"; 

$result=mysql_query("select * from comment"); 

while($row=mysql_fetch_array($result)) {
    $tempname=$row['commenting']; echo $tempname."<br>";
}

?>
Mate
  • 4,976
  • 2
  • 32
  • 38
user1950485
  • 13
  • 1
  • Please retry you question, actualy nobody is able to understand this – GreenRover Jan 05 '13 at 06:14
  • Please reformat your code and explain your question further... – jtheman Jan 05 '13 at 06:16
  • please format it again and show us a form tag – Sumit Bijvani Jan 05 '13 at 06:17
  • 1
    you must have to add column name in insert query... mysql_query("insert into comment(column_name) values('$name'"); – Sumit Bijvani Jan 05 '13 at 06:22
  • no data is being displayed eventually in display1.php. Empty field values are created in the table even after inserting values from the textarea form. – user1950485 Jan 05 '13 at 06:23
  • Are you getting any mysql errors? Your insert code seem wrong, you dont set the comment column name. See insert syntax http://dev.mysql.com/doc/refman/5.5/en/insert.html – jtheman Jan 05 '13 at 06:24
  • also insert query syntax is wrong... right syntax is....mysql_query("insert into comment(comment_column) values('$name')"); – Sumit Bijvani Jan 05 '13 at 06:26
  • Doesn't work prince...still the same result! – user1950485 Jan 05 '13 at 06:26
  • try this syntax...mysql_query("insert into comment(comment_column) values('$name')"); – Sumit Bijvani Jan 05 '13 at 06:27
  • this is my form     – user1950485 Jan 05 '13 at 06:31
  • form is okay. now replace your syntax with new one which i have post – Sumit Bijvani Jan 05 '13 at 06:37
  • You should be getting some errors if the code dont work. Turn on error reporting unless you have it on and post us your errors!! – jtheman Jan 05 '13 at 06:43
  • **WARNING!** Your code contains an [SQL injection vulnerability](http://en.wikipedia.org/wiki/SQL_injection) -- you are passing raw, unfiltered, unvalidated user input directly into an SQL string. SQL injection is [very easy to fix](http://stackoverflow.com/q/60174/168868). Consider [switching to PDO](http://php.net/book.pdo) or [mysqli](http://php.net/book.mysqli) so you can use [prepared statements with parameterized queries](http://en.wikipedia.org/wiki/Prepared_statement). – Charles Jan 05 '13 at 08:08
  • **Heads up!** The next major release of PHP is *deprecating* the `mysql_` family of functions. Now would be a great time to [switch to PDO](http://php.net/book.pdo) or [mysqli](http://php.net/book.mysqli). – Charles Jan 05 '13 at 08:08

2 Answers2

0

Your insert code need to have the column set

 mysql_query("INSERT INTO comment ('commenting') VALUES ('".mysql_real_escape_string($name)."')");

I have added a little better escape method for your query but preferrably not use mysql_* functions. PDO is more secure.

jtheman
  • 7,421
  • 3
  • 28
  • 39
0

syntax error in your code while inserting records,

correct code is...

mysql_query("insert into comment(comment_column) values('$name')");

also redirect your page using php header function don't use javascipt window.location

replace you JavaScript code with... 

header("Location:display1.php");

the whole code is...

<?php 

$name=$_POST['comment']; 
$link=mysql_connect('localhost', 'root','' ); 
mysql_select_db('comments',$link);
mysql_query("insert into comment(comment_column) values('".mysql_real_escape_string($name)."')");
header("Location:display1.php"); 

?>
Sumit Bijvani
  • 8,154
  • 17
  • 50
  • 82
  • $name=$_POST['comment']; $link=mysql_connect('localhost', 'root','' ); mysql_select_db('comments',$link); mysql_query("insert into comment('commenting') values('$name'"); header("Location:display1.php"); ?> still doesn't work – user1950485 Jan 05 '13 at 06:40
  • check i have posted whole code... you just update comment_column with your table column where the comment is store – Sumit Bijvani Jan 05 '13 at 06:44
  • also one more thing if your comment have characters like (' ") so you need to add mysql_real_escape_string function – Sumit Bijvani Jan 05 '13 at 06:47