INSERT INTO and VALUES doesnt work

Question

$sql = ("INSERT INTO `Lcode` (lid, sid)
VALUES (".$a.", ".$b.")"
);

the above lid=varchar and $a=vib(in this case) the above sid=int and $b=3(again in this case)

but it doesn't seem to insert it into the database?

i have checked my connection to the server, which is OK.

and i can either update with codes like this:

$sql = ("INSERT INTO Lcode SET lid='".$b."'");

and a similar UPDATE.

i really hope u can help me with this.

more info

$a = strtolower ( $resa['lid'] );
$b = strtolower ( $resb );

$resa['lid'] = a variable that i get from the mysql server:: it comes back correctly when try to echo $a

$resb is a call i make to the url with a $_GET :: it does also come back correctly.

i have some troubles figuring this and need you help...

appreciate your help

You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. — Quentin, Apr 24 '13 at 08:48

score 1 · Answer 1 · edited May 23 '17 at 12:00

1

To answer your question directly, you need to wrap the value of lid with single quote as it is a string literal.

$a = strtolower($resa['lid']);
$b = strtolower($resb);
$sql = "INSERT INTO Lcode (lid, sid) VALUES ('$a', $b)";

As a sidenote, the query is vulnerable with SQL Injection if the value(s) of the variables came from the outside. Please take a look at the article below to learn how to prevent from it. By using PreparedStatements you can get rid of using single quotes around values.

How to prevent SQL injection in PHP?

edited May 23 '17 at 12:00

Community

1
1

answered Apr 24 '13 at 08:48

John Woo

258,903
69
498
492

$sql = ("INSERT INTO `Lcode` (lid, sid) VALUES ('$a', $c)"); it doesnt seem to work... my DB doesnt get updated with the new lid/sid – Jokb Apr 24 '13 at 08:58

score 1 · Answer 2 · answered Apr 24 '13 at 09:31

The first thing is the lack of single quotes, like this:

$sql = "INSERT INTO `tbl_name` (`field1`, `field2`) VALUES ('$a','$b')";

Try to echo whole query before sending it to server. Also use an error information from sql server to solve this, for example using mysqli:

echo "Error message: %s\n" . mysqli_error();

score 0 · Answer 3 · answered Apr 24 '13 at 08:48

You forgot to quote your string values. This:

$sql = ("INSERT INTO `Lcode` (lid, sid)
VALUES (".$a.", ".$b.")"
);

Should be:

$sql = ("INSERT INTO `Lcode` (lid, sid)
VALUES ('".$a."', '".$b."')"
);

To find out these kind of problems it is very useful to print out the whole query before executing it, it should give you a clue about a possible syntax error.

score 0 · Accepted Answer · answered Apr 24 '13 at 09:05

0

Try like this its more easier ,

INSERT INTO `table_name` SET `lid` = $somevalue, `sid` = $somevalue2

answered Apr 24 '13 at 09:05

Shushant

1,625
1
13
23

this worked perfect thx... and also JW 웃 for the sql injection reminder... ive forgot all about that :-D – Jokb Apr 24 '13 at 09:22
Why dont u use PDO and read this thread http:// stackoverflow.com/questions/866860/mysql-versus-pdo – Shushant Apr 24 '13 at 15:36

INSERT INTO and VALUES doesnt work

4 Answers4