For some reason my mysql wont insert

Question

I've been looking at this for hours, and I can't find the problem as to why my sql insert won't work.

$body = "link test - 3!!!";
$userid = 1;
$cat_id = 3;
$user_url = "http://www.pizza.com";
$body = mysql_real_escape_string($body);

$sql = "insert into posts (userid, body, stamp, cat_id, link) values ($userid,$body,now(),$cat_id,$user_url)";

$result = mysql_query($sql);

[Why shouldn't I use mysql_* functions in PHP?](http://stackoverflow.com/q/12859942/283366) — Phil, Jan 20 '14 at 02:42
Thanks @GreenAsJade --- One of my [specialties](http://stackoverflow.com/help/badges/223/copy-editor?userid=1415724) ;-) — Funk Forty Niner, Jan 20 '14 at 02:42
@Dagon, +1 to your comment, also the user could examine the string value of `$sql`. — Bill Karwin, Jan 20 '14 at 04:28

Musa · Accepted Answer · 2014-01-20T02:52:32.763

6

$body and $user_url are string but you didn't quote .

$sql = "insert into posts (userid, body, stamp, cat_id, link) values ($userid,'$body',now(),$cat_id,'$user_url')";

and quote any other fields that need it.

edited Jan 20 '14 at 02:52

answered Jan 20 '14 at 02:41

Musa

96,336
17
118
137

2

Maybe an added note to quote the ones that "could" be strings? We don't know if `userid` and `cat_id` are VARCHAR or INT. Just saying. We don't know what the OP's schema is. – Funk Forty Niner Jan 20 '14 at 02:49
heres my db: id int(11) user_id int(11) body varchar(140) stamp datetime cat_id tinyint(1) links varchar(500) – user3195457 Jan 20 '14 at 03:03
Then, what Musa posted should suffice. @user3195457 – Funk Forty Niner Jan 20 '14 at 03:11

score 0 · Answer 2 · answered Jan 20 '14 at 06:26

0

You also need to escape special characters in $body to avoid future problems.

$sql = "insert into posts (userid, body, stamp, cat_id, link) values ($userid, '".mysql_real_escape_string($body)."', '".now()."', $cat_id, '$user_url')";

answered Jan 20 '14 at 06:26

Mario Radomanana

1,698
1
21
31

For some reason my mysql wont insert

2 Answers2