0

I'm attempting to pull a auto incremented id from a previous query. I receive exception: 1305 FUNCTION THE_NAME_OF_MY_DATABASE.mysqli_insert_id does not exist.

  1. This can't be a syntax error correct?

  2. Where can I alter mysql to have this function or what needs to be rephrased? I've googled this and found mixed responses. 

    $action = isset( $_POST['action'] ) ? $_POST['action'] : "";
if($action == "create"){
//write the query for character creation

$query = "(all of my stuff that I'm putting into another database that works)";

$query1 = "INSERT INTO playerskill
                (skillid, charid)

                VALUES ('".$_POST['skills']."',mysqli_insert_id());
                ";
//what happens when successful or not
if( $mysqli->query($query) ) {
    echo $query ;
    echo "Character was approved.";
}else{
    echo "Database Error: Unable to update record.";
    echo $mysqli->errno;
    echo mysqli_error($mysqli);
}
}

//what happens when successful or not
if( $mysqli->query($query1) ) {
    echo $query1 ;
    echo "Character was approved.";
}else{
    echo "Database Error: Unable to update record.";
    echo $mysqli->errno;
    echo mysqli_error($mysqli);
}
Cody Higdem
  • 43
  • 1
  • 9
  • 3
    The MySQL native function is called `LAST_INSERT_ID()`. MySQLi wrapper for it is mysqli_last_insert_id(). PDO version is `$pdo->lastInsertId()`. What you're doing is invoking PHP's wrapper for that function. Just call the MySQL one (LAST_INSERT_ID()). – N.B. Jun 18 '13 at 12:47
  • 1
    Beware! Your code looks like it may be vulnerable to SQL injection attacks. It doesn't look as if you are escaping `$_POST['skills']` properly. – Spudley Jun 18 '13 at 12:47
  • 1
    You are **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that you should [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. – Quentin Jun 18 '13 at 12:47
  • 1
    `".$mysqli->insert_id."` – amigura Jun 18 '13 at 12:51
  • The skills post is from a pre-populated drop down menu in html and so they can only down carrot. – Cody Higdem Jun 18 '13 at 12:57
  • also when I use LAST_INSERT_ID it says unknown column in field list and so I figured I must have been using it wrong. – Cody Higdem Jun 18 '13 at 12:58
  • Thank you everyone who commented. Its a learning curve for PHP/MYSQL LAST_INSERT_ID() works great and I'll be using the other documentation and info for future code writing (I have 3 very similiar many-to-many inputs that all of it will come in handy) So thank you! – Cody Higdem Jun 18 '13 at 13:13
  • @user2414111 - re the field being populated from a drop down menu: A malicious user could **easily** bypass that and send any values they liked into your `$_POST` variables. You **must** validate your input in your PHP server-side code, otherwise you **will* ver vulnerable to attack. Relying on the browser to protect you is no protection at all. – Spudley Jun 18 '13 at 13:26
  • spudley- thank you I didn't realize that was an issue. I'll make changes to it. – Cody Higdem Jun 20 '13 at 03:24

2 Answers2

2

Per your code:

$query1 = "INSERT INTO playerskill (skillid, charid)
           VALUES ('".$_POST['skills']."',mysqli_insert_id());";

Note that mysqli_insert_id(), in common with all the other mysqli functions requires you to specify the DB connection variable.

I note that most of the rest of your code uses the OO syntax for mysqli, which means that the connection variable is specified as the object name. In the case of mysqli_insert_id() here, you are calling it using the procedural syntax, in which case you must specify the connection var as the first parameter.

So you need either mysqli_insert_id($mysql) or $mysql->insert_id

That should solve the problem.

Spudley
  • 166,037
  • 39
  • 233
  • 307
1

Well, you're trying to use a PhP function into a SQL query... it can't work !

Here's a bit of explanation on how to use the function in PhP : http://www.w3schools.com/php/func_mysqli_insert_id.asp

Laurent S.
  • 6,816
  • 2
  • 28
  • 40
  • I didn't downvote you since your answer is more or less correct, but you're getting these downvotes because you linked w3schools, probably the worst resource for anything online.. – N.B. Jun 18 '13 at 12:49
  • @N.B. : I know w3schools isn't to be trusted, but here the short example they give seems correct, therefore the link. Spudley's answer is far better than mine anyway. – Laurent S. Jun 19 '13 at 11:16