Sql Not placing Select option to database?

Question

i have three options for a photo or video being uploaded to the site , i have this select option to pick what the file is being uploaded sorta like a tag. its not placing it in the database. here is my code:

Here is where i call on it

$type1 = $_POST['type'];
$type = mysql_real_escape_string($type);

          $sql = mysql_query("INSERT INTO photos 
SET photo='$newname', title='$title', date='$date', author='$by' , type='$type'")

Here is where it is made

<select name="type" id="type">
  <option value="Pic">Picture</option>
  <option value="Video">Video</option>
  <option value="Gif">Animated picture (GIF)</option>
</select>

You use $type on the second line, but you only have $type1 variable defined. A typo :) — Vlad Preda, Jan 11 '13 at 07:45

score 3 · Answer 1 · edited May 23 '17 at 11:43

3

use this INSERT syntax

INSERT INTO photos (photo, title, date, author, type )
VALUES ('$newname', '$title', '$date','$by' , '$type')

As a sidenote, the query is vulnerable with SQL Injection. Please read the article below how to prevent from it,

How to prevent SQL injection in PHP?

edited May 23 '17 at 11:43

Community

1
1

answered Jan 11 '13 at 07:42

John Woo

258,903
69
498
492

score 0 · Answer 2 · answered Jan 11 '13 at 07:47

The code you posted is the real code? It looks like when you're escaping, you're not using the actual data from the Select.

$type = mysql_real_escape_string($type); // You are escaping the $type variable, which is NULL, it was just declared

But you're reading the data from the Select using this variable name

$type1 = $_POST['type'];

So you're using $type1 somewhere, and $type somewhere else.

Sql Not placing Select option to database?

2 Answers2