0
<?php
include 'config.php';
$lat=$_GET["latitudee"];
$lon=$_GET["longitude"];
$sql="INSERT INTO coordinates(latitude,longitude)
      VALUES ('$_POST[$lat]','$_POST[$lon]')";
       if (!mysqli_query($con,$sql))
        {
       die('Error: ' . mysqli_error($con));
        }
      echo "1 record added";
  ?>

This is the table i have in my database :

CREATE TABLE IF NOT EXISTS `coordinates` (
  `id` int(10) NOT NULL AUTO_INCREMENT,
  `latitude` float NOT NULL,
  `longitude` float NOT NULL,
  `timestamp` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
  PRIMARY KEY (`id`),
  UNIQUE KEY `id` (`id`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=9 ;

http://localhost.com/input.php?latitudee=3.14159&longitude=4.14159

values are not being inserted. what is the problem?

Moyed Ansari
  • 8,436
  • 2
  • 36
  • 57

4 Answers4

5

try this:

$sql="INSERT INTO coordinates(latitude,longitude)
VALUES
('$lat','$lon')";

bacause you stored get value in variable like this :

$lat=$_GET["latitudee"];
$lon=$_GET["longitude"];

and in your query you write this:
$_POST[$lat]','$_POST[$lon] so change it like i suggest.

Side note: make sure what method you used: POST or GET and escape the variable to prevent sql injection.

Read this:How can I prevent SQL injection in PHP?

Community
  • 1
  • 1
DS9
  • 2,995
  • 4
  • 52
  • 102
  • The data you try to insert is passed through the URL. Therefor, they are in the $_GET array. The $_POST array is typically used when using a form to POST data. By defining $lat and $lon you have the information from the URL in these two vars and you can use the info in your query. Note that your code is subject to SQL injection.. – Jelle Ferwerda Dec 25 '13 at 07:01
  • Did you give him an example that is free of SQL injection? – Robert Harvey Dec 25 '13 at 07:02
0

Use this

<?php
include 'config.php';
$lat=$_GET["latitudee"];
$lon=$_GET["longitude"];
$sql="INSERT INTO coordinates(latitude,longitude)
      VALUES ('$lat','$lon')";
$In_qrr = mysqli_query($con,$sql);
       if (!In_qrr)
        {
       die('Error: ' . mysqli_error($con));
        }
      echo "1 record added";
  ?>
0
  1. You have a typo error in $_GET["latitudee"] index. Need latitude instead latitudee
  2. Your code works fine. Maybe $_GET and $_POST elements are not set. Enable error_reporting or use this checking code.

```

<?php
include 'config.php';

//--
echo isset($_GET["latitudee"]) ?: 'GET array element with index latitudee is not set';
echo isset($_GET["longitude"]) ?: 'GET array element with index longitude is not set';
//--

$lat=$_GET["latitudee"];
$lon=$_GET["longitude"];

//--
echo isset($_POST[$lat]) ?: 'POST array element with index ' . $lat . ' is not set';
echo isset($_POST[$lon]) ?: 'POST array element with index ' . $lon . ' is not set';
//--

$sql="INSERT INTO coordinates(latitude,longitude)
VALUES
    ('$_POST[$lat]','$_POST[$lon]')";
       if (!mysqli_query($con,$sql))
        {
       die('Error: ' . mysqli_error($con));
        }
      echo "1 record added";
0

first you have to use $lat at the place of $_POST[$lat].since you have already assign $lat=$_GET["latitudee"]; so why are you using $_POST[$lat].please use below code.

 <?php
    include 'config.php';
    $lat=$_GET["latitudee"];
    $lon=$_GET["longitude"];
    $sql="INSERT INTO coordinates(latitude,longitude)
          VALUES ('$lat','$lon')";
           if (!mysqli_query($con,$sql))
            {
           die('Error: ' . mysqli_error($con));
            }
          echo "1 record added";
      ?>
Anil Meena
  • 903
  • 1
  • 12
  • 28