1

I understand this is a frequently asked question, but I'm having trouble with this before. I've written quite a few sql statements that write to database, so I am not sure why this is happening. My code says the record has been written, but the record doesn't show up in my database in phpmyadmin. Here is my code:

    $hostname = "localhost";
    $dbusername = "username";
    $dbname = "database";
    $dbpassword = "password";
    mysql_connect($hostname, $dbusername, $dbpassword) OR DIE ("Unable to connect to database! Please try again later.");
    mysql_select_db($dbname);


    $sql = "INSERT INTO 'payment_profiles'(id, client_id) VALUES ( '','$profile_id')";

    mysql_query($sql);
    if(! $sql )
    {
      die('Could not enter data: ' . mysql_error());
    }
    else {
    echo ("We inserted the id");
    }

It tells me "We inserted the id" when the script is ran, so I am not sure what the problem is. Maybe someone has seen this before? Note: the profile_id variable is declared higher up in my script, its just not on here.

dkeeper09
  • 537
  • 3
  • 11
  • 29
  • 3
    You are using the wrong kind of quotes for the table name. either use (`), or remove quotes from table name entirely – Skarlinski Jul 02 '13 at 19:36
  • 3
    [**Please, don't use `mysql_*` functions in new code**](http://bit.ly/phpmsql). They are no longer maintained [and are officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). See the [**red box**](http://j.mp/Te9zIL)? Learn about [*prepared statements*](http://j.mp/T9hLWi) instead, and use [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) - [this article](http://j.mp/QEx8IB) will help you decide which. If you choose PDO, [here is a good tutorial](http://j.mp/PoWehJ). – h2ooooooo Jul 02 '13 at 19:36
  • Your code tests if the variable `$sql` is truthy, which it is because it is a string. You need to capture the result of `mysql_query()` into a new variable and test `if (!$that_new_variable)` – Michael Berkowski Jul 02 '13 at 19:36
  • I see this type of question all the time, you should read [common database debugging for PHP and MySQL](http://jason.pureconcepts.net/2013/04/common-debugging-php-mysql/). – Jason McCreary Jul 02 '13 at 19:37

4 Answers4

12

Several things wrong here.

  1. No data santization: See How can I prevent SQL injection in PHP?
  2. You're using the deprecated mysql_* functions, use MySQLi at the very least, or preferably PDO. See Why shouldn't I use mysql_* functions in PHP?
  3. You're quoting your table name 'payment_profiles' - if you must quote, use back ticks (`)
  4. You're not testing the query properly. You're testing $sql - which will always return true because $sql is a string that's not empty. You should assign the results of your query to $result, then check if $result is true (or handle the error).
Community
  • 1
  • 1
Rob W
  • 9,134
  • 1
  • 30
  • 50
0

You should change the "If" block condition, if you want to use the deprecated mysql_query thing, you'll have to test if the mysql_query went fine, not if the $sql variable has been "defined"

$hostname = "localhost";
$dbusername = "username";
$dbname = "database";
$dbpassword = "password";
mysql_connect($hostname, $dbusername, $dbpassword) OR DIE ("Unable to connect to database! Please try again later.");
mysql_select_db($dbname);

$sql = "INSERT INTO 'payment_profiles'(id, client_id) VALUES ( '','$profile_id')";

$result = mysql_query($sql);
if(! $result )
{
  die('Could not enter data: ' . mysql_error());
}
else 
{
    echo ("We inserted the id");
}
RelevantUsername
  • 1,270
  • 8
  • 14
0

$sql is a string that is always true.

Try:

$sql = "INSERT INTO 'payment_profiles'(id, client_id) VALUES ( '','$profile_id')";

$result = mysql_query($sql);
if(!$result) {
    die('Could not enter data: ' . mysql_error());
} else {
    echo ("We inserted the id");
}
Amani
  • 519
  • 2
  • 5
  • Ok, so I switched to mysqli per everyone's instructions. Here is my new code: '$link = mysqli_connect($hostname, $dbusername, $dbpassword, $dbname); if (!$link) { die('Connect Error (' . mysqli_connect_errno() . ') ' . mysqli_connect_error()); } echo 'Connected... ' . mysqli_get_host_info($link) . "\n"; $sql = "INSERT INTO payment_profiles(id, client_id) VALUES ( '','$profile_id')"; echo $sql; $result = $mysqli->query($sql); if (!result) { echo 'Error: ', $mysqli->error; }' Now if I call that in a function, I get Fatal error: Call to a member function query() on a non-objec – dkeeper09 Jul 02 '13 at 20:12
0

you are checking !$sql..what does $sql contain.. its the query string nothing else and thats why else part is executed here as it is initialized.convert your code to

$result= mysql_query($sql);
if(! $result )
{

note: use mysqli_* functions.mysql_* is deprecated

EDIT 1 the syntax is $result=mysqli_query($link,$sql);.note : after using this if u get an error that call to undefined function.then u will need to edit your php.ini config file and remove the ; from ;extension=php_mysqli.dll and set your extension_dir to your ext subfolder of your php folder.okay.but at first try to runt code as i said

RbG
  • 3,181
  • 3
  • 32
  • 43
  • Ok, so I switched to mysqli per everyone's instructions. Here is my new code: '$link = mysqli_connect($hostname, $dbusername, $dbpassword, $dbname); if (!$link) { die('Connect Error (' . mysqli_connect_errno() . ') ' . mysqli_connect_error()); } echo 'Connected... ' . mysqli_get_host_info($link) . "\n"; $sql = "INSERT INTO payment_profiles(id, client_id) VALUES ( '','$profile_id')"; echo $sql; $result = $mysqli->query($sql); if (!result) { echo 'Error: ', $mysqli->error; }' Now if I call that in a function, I get Fatal error: Call to a member function query() on a non-objec – dkeeper09 Jul 02 '13 at 20:06
  • watch the edited portion.and if it was helpful please vote up – RbG Jul 03 '13 at 07:08