No errors but doesnt write to database

Question

thanks for taking the time to look at this.

No errors pop up, but nothing writes to the database.

Can someone help me out with what im doing wrong?

<?php
$subject = $_POST['subject'];
$comment = $_POST['comment'];

if(isset($_POST['submit']))
{
$connect = mysql_connect('localhost','<USER>','<PASSWORD>');
mysql_select_db("rebeler_comment");

    $query = mysql_query("INSERT INTO `cdb` ('',subject', 'comment' VALUES    ('',$subject','$comment')");


echo "Data successfully written to DB";
}

else{
echo "Sorry, there was a problem.";

}
?>

Please don't use `mysql_*` functions anymore, they are deprecated. See [Why shouldn't I use mysql_* functions in PHP?](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) for details. Instead you should learn about [prepared statements](http://bobby-tables.com/php.html) and use either [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli). If you can't decide which, [this article](http://php.net/manual/en/mysqlinfo.api.choosing.php) will help you. If you pick PDO, [here is a good tutorial](http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers). — Marcel Korpel, Nov 05 '13 at 15:52
BTW, you're open to SQL injections. And you should use backticks for column names. — Marcel Korpel, Nov 05 '13 at 15:53
Use `mysql_error()`. It would tell you exactly what is wrong. — John Conde, Nov 05 '13 at 15:54
1. What @MarcelKorpel said. 2. Are you getting anything printed on the screen? Is "Data successfully written to DB" being written? — Brian Warshaw, Nov 05 '13 at 15:55
You forgot a closing `)` in `('',subject', 'comment'` and a `'`. Change to `('', 'subject', 'comment')` — Funk Forty Niner, Nov 05 '13 at 15:56
Of course it shows that, as there's no error catching in your code. — Marcel Korpel, Nov 05 '13 at 16:01
@wumm, ty lol, I have little idea about what im doing in php, still learning, but need this up asap for a website I built for my team at work — Moses Bolton, Nov 05 '13 at 16:01
Also this `('',$subject','$comment')` change to `('','$subject','$comment')` yet you should use prepared statements, ***urgently.*** — Funk Forty Niner, Nov 05 '13 at 16:03
If you only have 2 columns to update, then all you need to do is use `('subject', 'comment') VALUES ('$subject','$comment')` if you have 3, then you will need to adjust accordingly. And wrap the first (2) in backticks, SO won't let me show them. — Funk Forty Niner, Nov 05 '13 at 16:08

score 7 · Answer 1 · answered Nov 05 '13 at 15:55

7

Of course there's no errors. You don't check for any, so you've missed the glaring syntax error in your insert query:

$query = mysql_query("INSERT INTO `cdb` ('',subject', 'comment' VALUES    ('',$subject','$comment')");
                                         ^^---invalid field
                                            ^---unbalanced quote
                                                               ^---missing )

You can NOT quote field names with ' quotes. That turns them into strings, not field names.

Your code should at absolute bare minimum have the following structure:

$result = mysql_query(...) or die(mysql_error());
                          ^^^^^^^^^^^^^^^^^^^^^^

In short, your SQL is a disaster.

answered Nov 05 '13 at 15:55

Marc B

356,200
43
426
500

1

Plus a missing `)` before `VALUES` – Funk Forty Niner Nov 05 '13 at 16:01
1

And without that invalid field the number of values doesn't match the number of fields. – Marcel Korpel Nov 05 '13 at 16:02
For columns: don't use a quote `'` but a backtick `\`` – Nov 05 '13 at 16:02
that's not an apostrophe, it's a backtick. – Marc B Nov 05 '13 at 16:03
hey fred and marc ty, the missing ) is when I put it on this site, it is actually there in the code, I did add the ' to the begin of subject, still nothing, and again as is said before, I understand my SQl is horrible, but I am trying to learn so bare with me if you can – Moses Bolton Nov 05 '13 at 16:06
2

@MosesBolton No problemo. Yet you would be better off using the [PDO version](http://stackoverflow.com/a/19793124/1415724) – Funk Forty Niner Nov 05 '13 at 16:16

score 3 · Answer 2 · 2013-11-05T16:01:02.640

PDO:

$pdo = new PDO('mysql:host=localhost;dbname=database', '<USER>', '<PASSWORD>');
$stmt = $pdo->prepare('INSERT INTO `cdb` (`subject`, `comment`) VALUES (:subject, :$comment)');
$stmt->execute(array(':comment' => $comment, ':subject' => $subject));

These extensions have built-in functions for creating prepared queries which let you use quotes and apostrophes without any problems. It is way better than using the deprecated mysql_* extension.

CreatoR · Accepted Answer · 2013-11-05T16:08:15.923

-1

Try

$subject = mysql_real_escape_string($subject);
$comment = mysql_real_escape_string($comment);
$query = mysql_query("INSERT INTO `cdb` (`subject`, `comment`) VALUES ('$subject','$comment')");

For checking error check mysql_errno() (is not 0 than error), mysql_error() contains error message

edited Nov 05 '13 at 16:08

answered Nov 05 '13 at 15:54

CreatoR

1,654
10
14

1

You can't surround column names with apostrophes (well, at least, you shouldn't). Use backticks instead (or nothing if they're not reserved words). – Marcel Korpel Nov 05 '13 at 16:00
@CreatoR, ur awesome, thanks...at everyone else, thank you for posting, I love this place, I will work on getting this secured and all as well, and I will get better at php I promise wumm and marc, lol thanks guys/gals for the help – Moses Bolton Nov 05 '13 at 16:15
@MosesBolton There's usually a ***"happy ending"***, and this one was one of them, cheers. – Funk Forty Niner Nov 05 '13 at 16:15

No errors but doesnt write to database

3 Answers3