-2

I am generating a list of images and looking to insert a specific image based on wether or not a submit button has been pressed alongside my image.

Here is my code to generate a list of images. Alongside the images is the submit button, like count and other data:

// Display results
foreach ($media->data as $data) {
echo "<a href=\"{$data->link}\"</a>";
echo "<h4>Photo by: {$data->user->username}</h6>";
echo $pictureImage = "<img src=\"{$data->images->thumbnail->url}\">";
echo "<h5>Like Count for Photo: {$data->likes->count}</h5>";
echo "<form>";
echo '<input type="submit" onClick=post()>';
echo "</form>";
}

I am then trying to insert that picture into my database:

InstagramImages(DB) - image(field)

function post() {

        $hostname = "redacted";
        $username = "redacted";
        $dbname = "redacted";

        //These variable values need to be changed by you before deploying
        $password = "redacted";
        $usertable = "InstagramImages";

        //Connecting to your database
        mysql_connect($hostname, $username, $password) OR DIE ("Unable to 
        connect to database! Please try again later.");
        mysql_select_db($dbname);

        $sql="INSERT INTO $usertable (image) VALUES ('$pictureImage')";

        if (!mysqli_query($con,$sql)) {
            die('Error: ' . mysqli_error($con));
        }

        echo "1 record added";

        mysqli_close($con);
}

Any help would be appreciated. I need help creating the right INSERT query for the php variable $pictureImage.

qweqweqwe
  • 343
  • 5
  • 8
  • 18
  • um.. what's the problem or error your having exactly? – Anil Jul 31 '13 at 17:49
  • @JustAnil Sorry see edits. – qweqweqwe Jul 31 '13 at 17:50
  • as your html suggest generated by foreach loop, there will be multiple submit button with same name in a single page, having same function call post(); so you have to identify which submit button is pressed by passing some unique id parameter to that, – developerCK Jul 31 '13 at 17:52
  • possible duplicate of [How to prevent SQL injection in PHP?](http://stackoverflow.com/questions/60174/how-to-prevent-sql-injection-in-php) – qweqweqwe Jul 31 '13 at 18:08
  • Always use [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add values to your SQL queries, **never** use string interpolation without [proper escaping](http://bobby-tables.com/php) or you will have nasty [SQL injection bugs](http://bobby-tables.com/). It's unclear here why you're using `mysql_connect` and `mysqli_query` as the two are completely incompatible. You should be using `mysqli` or PDO, not `mysql_query` at all. – tadman Jul 31 '13 at 18:23

2 Answers2

0

also, <form> should be <form method='post'>

instead of onclick = post() change it to name='post'

and instead of function post(){ make it if($_POST['post']){

robz228
  • 630
  • 1
  • 4
  • 11
0
echo '<input type="submit" onClick=post()>';

onClick=post() - This is a javascript event used only for javascript but the post() function you have written in php code so it cannot insert into your tatabase table.

Chinmay235
  • 3,236
  • 8
  • 62
  • 93