0

So PHP won't let me use NOW() on my MySQL query, saying " Fatal error: Call to undefined function now()". I'm not sure what I did wrong and everything I find has now in a string working fine. Table structure for table 'news': |ID(int, auto-increment)|date(date)|content(text)|

$content = $_POST['content'];
$dbc = mysqli_connect(MOTD_DB_HOST, MOTD_DB_USER, MOTD_DB_PASS, MOTD_DB_NAME);
$query = "INSERT INTO news VALUES (0, NOW(), '$content')";
mysqli_query($dbc, $query);

[edit] Interestingly enough, it appears the info was added to the database. The query is going through but also causing the script to exit with an error.

[edit 2] so yeah I'm new to stack overflow. The question has been answered, I just don't know how to mark this as answered...

Goigle
  • 138
  • 13
  • That's a PHP error message, not a mySQL one, so PHP must be interpreting `NOW()` somewhere. I doubt it's in the code you show, though? – Pekka Nov 09 '13 at 22:44
  • 1
    "Fatal error" sounds like it's PHP, not MySQL, that is trying to process your query string. That makes me think you have a stray quotation mark somewhere in your PHP code. Is the above *exactly* the code you are using? Also, you have SQL injection (security) problems, big time. – elixenide Nov 09 '13 at 22:44
  • I know I have SQL injection issues, but this is just going to display text and is a no security risk thing. This isn't for private information or anything. I know PHP is giving the error, I just can't for the life of me figure out why. The above is the exact code. – Goigle Nov 09 '13 at 22:46
  • In error you're getting there should be line number. Show us this line. – speccode Nov 09 '13 at 22:49
  • Since it is adding the needed info to the database I will try using @ to suppress errors and see if it works... It didn't, I guess the actual error is in the $query = "INSERT INTO news (id, date, content) VALUES (0, NOW(), '$content')"; – Goigle Nov 09 '13 at 22:50
  • 2
    No for God's sake... Don't use `@`. – speccode Nov 09 '13 at 22:51
  • That @ thing caused me physical pain. Please dont' do that and use prepared statements. – jnardiello Nov 09 '13 at 22:52
  • It's okay I was just testing. I now know it's not the query function doing it but rather the actual string declaration... @jnardiello what do you mean by prepared statements? and relax everyone, the @ was troubleshooting – Goigle Nov 09 '13 at 22:57
  • @user2975053 check my answer to see how prepared statements looks like. This will also help to prevent SQL Injection. Focus on line number in error message. – speccode Nov 09 '13 at 22:59
  • To mark an answer, click the hollow check box under the up/down arrows for the answer that is satisfactory. – siride Nov 09 '13 at 23:05

2 Answers2

2

For future read this: How can I prevent SQL injection in PHP?

For current problem try this:

$q = mysqli_prepare($dbc, 'INSERT INTO news VALUES (0, NOW(), ?)');
mysqli_stmt_bind_param($q, 's', $content);
mysqli_stmt_execute($q);

As NOW() shouldn't be interpreted inside " you must call now() function somewhere in your code. That somewhere is line number you're getting in your error message.

Community
  • 1
  • 1
speccode
  • 1,562
  • 9
  • 11
  • I know about SQL injection, I wasn't worried about it here because the database doesn't hold private information. It only has text to displayed in an MOTD when people join a game server. Also, I just found the other bit in the line of code and it made me realize how stupid I was being. thanks for the other tips though :) – Goigle Nov 09 '13 at 23:02
  • @user2975053: it's not just about private information, it's about keeping your program robust. Injection could happen accidentally. Just do the right thing and save yourself some trouble down the road. It'll also decrease the likelihood of your `NOW()` problem continuing. – siride Nov 09 '13 at 23:04
  • `NOW()` is a MySQL function, not a PHP function. The alternative in PHP is to generate your own date string – Machavity Nov 09 '13 at 23:04
  • No I just had a tired moment, I was making PHP echo that the addition to the database was successful and I was thinking of queries and tried concatenating now which gave me the error. I'll add the SQL injection preventative measures, and how do I mark this question as answered if I do? – Goigle Nov 09 '13 at 23:06
-5

You are not specifying the fields for the value insertions. Try:

$query = "INSERT INTO news (id, time, content) VALUES (0, NOW(), '$content')";

GluePear
  • 7,244
  • 20
  • 67
  • 120
  • You don't have to enumerate the field names when using `INSERT ... VALUES` – Machavity Nov 09 '13 at 22:46
  • Apologies, my mistake. Ignore my answer! – GluePear Nov 09 '13 at 22:46
  • It's not that. I added the fields just now to test and still the same error occurs. You also don't need to specify fields if you are inserting into the table in the same way the table is structured. – Goigle Nov 09 '13 at 22:48