0

I am creating a grade system, and I need some help.

I am creating a registration form, I've managed to insert the user details in the 'users' table, but I also want to insert the user ID and username in to a group table.

For example:

$sql = ("INSERT INTO `users`(`username`, `password`, `email`, `group`, `ip`, `signup`, `lastlogin`) VALUES ('$username','$email','$password','$group','$ip',now(),now())");
        $query = mysqli_query($db_conx, $sql); 
        $uid = mysqli_insert_id($db_conx);
        // Establish their row in the group table
        $sql = ("INSERT INTO '.$group.'(id, username) VALUES ('$uid','$username')");
        $query = mysqli_query($db_conx, $sql);

        exit();

I'm not sure how I can put a dynamic variable ($group) as the table name and then insert the data in the correct group tables.

If anyone has a suggestion or now how to achieve this, any feedback would be greatly appreciated.

Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
Chris Atwood
  • 25
  • 7
  • 1
    Psssst... mysqli is a good step but you must use prepared statements: http://stackoverflow.com/questions/9629328/how-to-use-mysqli-prepared-statements-in-php – Pier-Luc Gendreau Jun 04 '13 at 00:08
  • I think you should create `group` table first and then try to insert data into that table. – Harish Pareek Jun 04 '13 at 00:21
  • @Pier-LucGendreau Thanks a lot! I will use prepared statements now on! For anyone who would like it a good video is http://youtu.be/jSo0UDlATbw that help me understand. – Chris Atwood Jun 04 '13 at 01:39
  • No problem, glad to see you're interested to learn! Here's some reading on the "why": http://stackoverflow.com/questions/60174/how-to-prevent-sql-injection-in-php – Pier-Luc Gendreau Jun 04 '13 at 02:22

4 Answers4

1
"INSERT INTO '.$group.'(id, username) VALUES ('$uid','$username')"

You are surrounding $group with the dots and apostrophes - the apostrophes are not splitting the string.

"INSERT INTO `$group` (id, username) VALUES ('$uid','$username')"

- notice the back-ticks.

Andy G
  • 19,232
  • 5
  • 47
  • 69
0

You mean something like this?

"INSERT INTO '$table' (username,password) VALUES ('$username','$password')"

I'd recommend you to use prepared statements instead, though. http://php.net/manual/en/pdo.prepared-statements.php

Tommy Naidich
  • 752
  • 1
  • 5
  • 23
  • Those should be back-ticks around $table. I'm also assuming that $group is the name of a table. – Andy G Jun 04 '13 at 00:13
  • In fact there's absolutely no need to add ticks, at all. I just used them to organize the code a little bit better so it's easy to understand. And indeed, in his case $table would be $group, but once again this was a simple example for reference only. – Tommy Naidich Jun 04 '13 at 00:17
  • Hey, thanks for the advice. My problem was that i had $group = preg_replace('#[^a-z]#', '', $_POST['g']); but I needed $group = preg_replace('#[^a-z0-9]#', '', $_POST['g']); it now works as intented. Thanks for the help. – Chris Atwood Jun 04 '13 at 00:30
0

First create table with your desired name

$sql = ("CREATE TABLE `".$group."` (id,username);");
$query = mysqli_query($db_conx, $sql);

$sql = ("INSERT INTO `".$group."` (id, username) VALUES ('".$uid."','".$username."')");
$query = mysqli_query($db_conx, $sql);

Hope this will help you!

Harish Pareek
  • 120
  • 1
  • 2
  • 9
0

This works.

mysql_query("INSERT INTO '.$group.'(id, username) VALUES ('$uid','$username')");

CYRIL
  • 31
  • 1
  • 7