0

Im fairly new to both PHP and SQL but what i want is for the details entered into my form to be inserted into a database.

The code i have written works and the data is submitted into the database but there are a couple things not right.

Firstly here is the code;

<?php

include "credentials.php";


function insert_post($cnhost,$cnusername,$cnpassword,$cndatabase,$titlein,$contentin,$comment_optionin) {


    $connect = mysqli_connect($cnhost,$cnusername,$cnpassword,$cndatabase);

if (mysqli_connect_errno($connect))     

{

  echo "Failed to connect to MySQL: " . mysqli_connect_error();

  }else{

  echo "Connection Success! <br>";


$submitpost_query = mysqli_query($connect,"INSERT INTO blog_posts (title,content,comment_option) VALUES ('".$titlein."','".$contentin."','".$comment_optionin."')"); 

if (!mysqli_query($connect,$submitpost_query))
  {
  die('Error: ' . mysqli_error($connect));
  }else{
echo "Post submitted.";


}
    mysqli_close($connect);


}
}

$title = $_POST["title"];
$content = $_POST["content"];
$comment_option = $_POST["comment_option"];


insert_post($host,$username,$password,$database,$title,$content,$comment_option);

?>

Although the data is submitted into the database as i want i get the following error;

"Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1' at line 1"

The $comment_option variable contains the value 1 or 0, depending on which radio button is selected so this error might be referring to this variable but this SQL error is the same whether the value of $comment_option is 1 or 0.

I do see "Connection success!" before this error but do not see "Post submitted" even though the post is actually submitted. Any ideas why?

As well as helping me with this problem i would be very grateful if somebody could give me some general tips to improve what iv wrote. I am a noob so im sure there's a few things that could be improved here!

Thanks very much!

Max
  • 3
  • 2

3 Answers3

0

The problem is here:

if (!mysqli_query($connect,$submitpost_query))

You're passing a mysqli_query result which is $submitpost_query to another mysqli_query which is in the if statement.

Can Geliş
  • 1,454
  • 2
  • 10
  • 19
  • Ok thanks for the quick responses. I removed the if statement and the error has gone! Thanks! I was using that to try to verify that the SQL statement had worked and the data was inserted into the database. How would you suggest verifying this? – Max Jun 23 '13 at 20:00
  • 1
    right, `$submitpost_query` is the result of the query, you should test whether `$submitpost_query` is false or true like `if(!$submitpost_query)` – Georges Brisset Jun 23 '13 at 20:01
  • Sorry didnt see that comment before i submitted mine. Ok thank you i will try this! – Max Jun 23 '13 at 20:03
0

The problem is with following chunk of code if (!mysqli_query($connect,$submitpost_query)) it should be instead following if (!$submitpost_query)

Reason : You are executing return object again through mysql_queri function that is causing warning, invalid resource, as this function only excepts valid sql query or connection object

Manish Goyal
  • 700
  • 1
  • 7
  • 17
  • I had done it this way because they have used that if statement like that on W3schools - http://www.w3schools.com/php/php_mysql_insert.asp In the last block of code at the bottom of the page. How is there's different to mine please? – Max Jun 23 '13 at 20:12
0

I know your question is answered but I seriously recommend you to sanitize the POST data before concatenating it in a query.

SkarXa
  • 1,184
  • 1
  • 12
  • 24
  • Can you give me a bit more information on what you mean by this please? I will research what you've said but would appreciate you explaining a little more with relation to what code i have here. – Max Jun 23 '13 at 20:25
  • About how to sanitize user inputs http://stackoverflow.com/questions/129677/whats-the-best-method-for-sanitizing-user-input-with-php And why you should do it http://en.wikipedia.org/wiki/SQL_injection – SkarXa Jun 24 '13 at 08:34