-1

Good day! I'm trying to save some data into my database and it won't work but it does not display any kind of error. please tell me what i'm doing wrong. I'm trying to find the error but I think another pair of eyes and brain could really help me. thanks! :)

this is my code

 <?php
 $user_name = "root";
 $password = "";
 $database = "db_tocode";
 $server = "127.0.0.1";
 $content = "content_temp1";

$uname = $_GET['username'];

$db_handle = mysql_connect($server, $user_name, $password);
$db_found = mysql_select_db($database, $db_handle);

$header = $_POST['header'];
$title1 = $_POST['title1'];
$content1 = $_POST['content1'];
$title2 = $_POST['title2'];
$content2 = $_POST['content2'];
$title3 = $_POST['title3'];
$content3 = $_POST['content3'];
$title4 = $_POST['title4'];
$content4 = $_POST['content4'];
$title5 = $_POST['title5'];
$content5 = $_POST['content5'];
$title6 = $_POST['title6'];
$content6 = $_POST['content6'];
$title7 = $_POST['title7']; 
$content7 = $_POST['content7'];
$title8 = $_POST['title8'];
$content8 = $_POST['content8'];
$title9 = $_POST['title9'];
$content9 = $_POST['content9'];
$title10 = $_POST['title10'];
$content10 = $_POST['content10'];
$content11 = $_POST['content11'];

if ($db_found) {

   $SQL="INSERT INTO $content (user_uname, header, title1, content1, title2, content2,                  title3,content3,title4, content4, title5, content5, title6, content6, title7, content7, title8, content8, title9, content9, title10, content10, content11) VALUES('$uname',              ' $header', '$title1', '$content1', '$title2', '$content2', '$title3', '$content3', '$title4', '$content4', '$title5', '$content5', '$title6', '$content6', '$title7', '$content7', '$title8', '$content8', '$title9', '$content9', '$title10', '$content10',   '$content11')";

header('Location:1stTemplate/index.php');

}   
else {

print "Database NOT Found ";
mysql_close($db_handle);

}

?>
bjmonts
  • 15
  • 7
  • **Danger**: You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. – Quentin Jan 28 '14 at 11:43
  • echo $sql and manually fire that query in phpmyadmin and check if there are any errors – Sanket Utekar Jan 28 '14 at 11:43
  • @krishna — The table name is `content_temp1`. `$` indicates the start of a variable in PHP. – Quentin Jan 28 '14 at 11:43
  • @krishna — No. PHP double quoted strings interpolate variables. Dropping in and out of literals and adding a pile of concatenation operators just makes a mess. – Quentin Jan 28 '14 at 11:46
  • @krishna - You seem to be unaware of variable interpolation in PHP strings. I suggest you read the manual chapter about [strings](http://es1.php.net/manual/en/language.types.string.php). – Álvaro González Jan 28 '14 at 11:46

1 Answers1

3

Execute your query:

$query = mysql_query($sql);

and you are using localhost so your server name will be

$server = "localhost";

and use mysqli not mysql!

vvvvv
  • 25,404
  • 19
  • 49
  • 81
Agha Umair Ahmed
  • 1,037
  • 7
  • 12