error inserting to database..working fine in php 5.3.1 but error in 5.2.17

Question

function insertVisitorInfoSignIn($att_id, $card_no, $purpose, $block, $level, $staff_email, $pa_email, $staff_id,$dept_id){
    $time_in = getTime();
    $sql = "insert into visitor_history (att_id, card_no, time_in, purpose, block, level, staff_email, pa_email, staff_id,dept_id) 
            values ($att_id, '$card_no', '$time_in', '$purpose', '$block', '$level', '$staff_email', '$pa_email', $staff_id,$dept_id)";

    $rs = mysql_query($sql) or die ("Error in function insertVisitorInfoSignIn ");
}

what is the error you are getting , also try using mysqli or PDO as using mysql extensions is deprecated — Satya, Feb 05 '13 at 04:21
[**Please, don't use `mysql_*` functions in new code**](http://bit.ly/phpmsql). They are no longer maintained [and are officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). See the [**red box**](http://j.mp/Te9zIL)? Learn about [*prepared statements*](http://j.mp/T9hLWi) instead, and use [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) - [this article](http://j.mp/QEx8IB) will help you decide which. If you choose PDO, [here is a good tutorial](http://stackoverflow.com/a/14110189/1723893). — NullPoiиteя, Feb 05 '13 at 04:31
Posting the error that you are receiving along with additional details will help people assist you. — David L, Feb 05 '13 at 04:42

jogesh_pi · Answer 1 · 2013-02-05T04:33:56.027

1

this is what you are using:

$sql = "insert into visitor_history 
            ( att_id, card_no, time_in, purpose, block, 
              level, staff_email, pa_email, staff_id, dept_id) 
        values ( $att_id, '$card_no', '$time_in', '$purpose', '$block', 
                 '$level', '$staff_email', '$pa_email', $staff_id, $dept_id)";

that should be like this:

$sql = "insert into visitor_history 
          ( att_id, card_no, time_in, purpose, block, 
            level, staff_email, pa_email, staff_id,dept_id) 
        values ( '$att_id', '$card_no', '$time_in', '$purpose', '$block', 
                 '$level', '$staff_email', '$pa_email', '$staff_id', '$dept_id')";

you missed the '' in some variables into your query, when passing the value through variable.

we suggest you to use mysql_real_escape_string() to prevent your DB from SQL injection, and also try using mysqli or PDO as using mysql extensions is deprecated.

edited Feb 05 '13 at 04:33

answered Feb 05 '13 at 04:23

jogesh_pi

9,762
4
37
65

@mario thanks but i am still updating my answer to provide better explanation. – jogesh_pi Feb 05 '13 at 04:30
I'd rather guess the unquoted vars were foremost numeric ids. (OPs actual problem is magic_quotes on one server, but not the other). You should expand your addendum, PDO + mysqli by themselves are useless; only prepared statements would fix this. – mario Feb 05 '13 at 04:42
@mario thanks to explain sir, i am here to learn as well thanks to make me correct.. – jogesh_pi Feb 05 '13 at 04:53

error inserting to database..working fine in php 5.3.1 but error in 5.2.17

1 Answers1