0

I have a form that sends data to the php below. No errors appear but no information is inserted into the database and I don't understand why. I have triple checked all the table names etc and everything is correct. The code echo's out what I put into the form but it doesn't update to the database!

<?php
    //variables for db
    $username = "";
    $password = "";
    $hostname = "localhost"; 
    $dbname = "infinity";

    //connection to the database
    $con = mysql_connect($hostname, $username, $password);

    if($con == FALSE)
    {
        echo 'Cannot connect to database' . mysql_error();
    }

    mysql_select_db($dbname, $con);

    $name=$_POST["name"]; 
    $logo=$_POST["logo"]; 
    $logo="<img src=\"images/".$logo."\" alt=\"$name Logo\" />";
    $blurb=$_POST["blurb"]; 
    $link=$_POST["link"]; 
    echo $name;
    echo $logo;
    echo $blurb;
    echo $link;
    //Insert Values into Database
    mysql_query("INSERT INTO `infinity`.`sponsors` (`name`, `logo`, `blurb`, `link`) VALUES ('$name', '$logo', '$blurb', '$link');");   
?>
Strawberry
  • 33,750
  • 13
  • 40
  • 57
mickzer
  • 5,958
  • 5
  • 34
  • 57
  • You aren't returning from `mysql_query()` and checking errors. Check `echo mysql_error()` to see why it fails. This could be any number of reasons, not least of which is that your input is unescaped. Any single quote appearing in any of your inputs _will_ break your query, while it is also vulnerable to SQL injection. This is a very good time to start learning parameterized queries with PDO, since `mysql_query()` is deprecated. – Michael Berkowski Aug 05 '13 at 13:25
  • You're vulnerable to [SQL injection](http://en.wikipedia.org/wiki/SQL_injection) here, and using the deprecated PHP functions. You should investigate [`PDO` or `mysqli`](http://php.net/manual/en/mysqlinfo.api.choosing.php) for new code! – msturdy Aug 05 '13 at 13:26
  • `infinity`.`sponsors`? – Ben Fortune Aug 05 '13 at 13:27
  • @BenFortune That's `databasename.tablename`. Nothing wrong there. – Michael Berkowski Aug 05 '13 at 13:27

3 Answers3

0

try this 

     mysql_query("INSERT INTO `infinity`.`sponsors` (`name`, `logo`, `blurb`, `link`)
 VALUES ('$name', '$logo', '$blurb', '$link')") or die(mysql_error());

else you make check it.

$sql ="INSERT INTO `infinity`.`sponsors` (`name`, `logo`, `blurb`, `link`)
     VALUES ('$name', '$logo', '$blurb', '$link')";
 $sqlinset= mysql_query($sql) or die(mysql_error());
  echo $sql;
  echo $sqlinset;
VIVEK-MDU
  • 2,483
  • 3
  • 36
  • 63
0

Try to get an error message of you query:

mysql_query($your_query) OR die(mysql_error());
Ellis
  • 328
  • 3
  • 12
0

Try this:

mysql_query("INSERT INTO `infinity`.`sponsors` (`name`, `logo`, `blurb`, `link`) VALUES ('$name', '$logo', '$blurb', '$link');", $con);

And be sure to secure those variables you put in your database from SQL ijection and XSS attacks.

Janis Vepris
  • 587
  • 3
  • 13