php/mysql returning empty set

Question

<html>
<head>
</head>
<body>
<form action = "insertform.php" method = "post">
field: <input type = "text" name = "fielda">
field2: <input type = "text" name = "fieldb">
thedata: <input type = "text" name = "qdata">
<input type = "submit" name = "submit">
</form>

<?php
if (isset($_POST['submit'])){

$con = mysql_connect("localhost","user","password");
if (!$con){
die("cannot connect" . mysql_error());
}
mysql_select_db("stQutieria",$con);
$sql = "INSERT INTO qtable(fielda, fieldb, qdata) VALUES ("$_POST[fielda]","$_POST[fieldb]","$_POST[qdata]")";

mysql_query($sql,$con);
mysql_close($con);
}
?>
</body>
</html>

Edit: OK! so I changed my code, I played around with double quotes or ' around the $_POST areas. When I used double quotes I got errors saying fielda / fieldb wernt defined, I also got errors saying "syntax error, unexpected '$_POST' (T_VARIABLE)"... the code i am working with derives from the same page ass insertform.php. Here is the video I am watching http://www.youtube.com/watch?v=j4FUCoCxE8w. if anyone could help me on Skype / msn / teamview I would greatly appreciate it.

You're trying to execute everything from the same page. Use `
` instead of `
` — Funk Forty Niner, Feb 07 '14 at 00:54
@Fred-ii- Assuming this is `insertform.php` it'll work fine. — helion3, Feb 07 '14 at 00:55
This has missing quotes `'$_POST[fielda],'$_POST[fieldb],'$_POST[qdata]'` change to `'$_POST[fielda]','$_POST[fieldb]','$_POST[qdata]'` yet using this method leaves you open to [SQL injection](http://stackoverflow.com/q/60174) — Funk Forty Niner, Feb 07 '14 at 00:59
Besides that - I'm not sure the submit button gets sent as a post element too. Why don't you try checking on the existence of `fielda` or `fieldb`? — Louis Huppenbauer, Feb 07 '14 at 01:10
This is not an answer to the question, so I'll write it here instead. You should consider switching to `mysqli`, as the method you are using (i.e. mysql_query) is deprecated. Some links: Official documentation (http://au1.php.net/manual/en/intro.mysqli.php) and MySQLi tutorial (http://codular.com/php-mysqli). — LeigerGaming, Feb 07 '14 at 01:16
@ZachSaucier - Edits can be to fix or add indents, spelling/grammar and tag-related, yet **not to fix/add/delete** from OP's original code (unless asked by OP). I will rollback. Please don't do this again. — Funk Forty Niner, Feb 07 '14 at 01:21
I changed my code and still am getting errors, Currently its telling me" syntax error, unexpected '$_POST' (T_VARIABLE)" Earlier it was telling me that I did not have fielda/b declared. this is my reference of learning http://www.youtube.com/watch?v=j4FUCoCxE8w if that helps. I checked the php website and it told me that it was deprecated but not yet removed so it should still be working, if someone could help me via Skype or teamviewer would be greatly appreciated. — user3281943, Feb 07 '14 at 01:48

score 3 · Answer 1 · edited May 23 '17 at 12:14

3

~~You're missing quotes around your $_POST keys: $_POST[fielda] should be $_POST['fielda'] etc.~~ (actually not true)
You need a space after your table name and opening parenthesis qtable(fielda should be qtable (fielda
You're missing a quote after '$_POST[fielda] (should be '$_POST[fielda]') and after '$_POST[fieldb] (should be '$_POST[fieldb]')
You have no error handling. If you call mysql_error() after your query you would know exactly what your error is.
You are wide open to SQL injections
You are using an obsolete API

edited May 23 '17 at 12:14

Community

1
1

answered Feb 07 '14 at 00:55

John Conde

217,595
99
455
496

wrong on #1. they're in a double-quoted strings, where quoted array keys are forbidden, unless the whole array referenc is `{}`-delimited – Marc B Feb 07 '14 at 01:02
`'$_POST[fieldb]` is also missing a quote. – Funk Forty Niner Feb 07 '14 at 01:14
When looking at the others I think the opening quote for the third value looked like the closing quote for that one. Let me add it to the list... – John Conde Feb 07 '14 at 01:15
I also had the same impression @JohnConde - You're not alone ;-) At first, thought it was the form's action, then gave my head a triple shake, and noticed the missing quotes around the two values. Gawd, I almost got "Whiplash"! lol – Funk Forty Niner Feb 07 '14 at 01:20

score 0 · Answer 2 · answered Feb 07 '14 at 00:54

0

That means your query is failing. Likely because you have no space between the table name and the column names:

INSERT INTO qtable (fielda, fieldb, qdata)

answered Feb 07 '14 at 00:54

helion3

34,737
15
57
100

Dmytro Dzyubak · Answer 3 · 2014-02-07T01:10:47.890

0

replace Your SQL with:

$sql = "INSERT INTO qtable (fielda, fieldb, qdata) VALUES ('".$_POST['fielda']."','".$_POST['fieldb']."','".$_POST['qdata']."')";

but this is really unsafe...

Much more safer is to use something like this:

$values = array($_POST['fielda'], $_POST['fieldb'], $_POST['qdata']);    
$st = $db->prepare('INSERT INTO qtable (fielda, fieldb, qdata) VALUES (?,?,?)');
$st->execute($values);

edited Feb 07 '14 at 01:10

answered Feb 07 '14 at 00:57

Dmytro Dzyubak

1,562
2
22
35

score 0 · Answer 4 · answered Oct 16 '15 at 05:14

You are making mistake in coding the correct sql statement will be like this one

$sql ="INSERT INTO qtable(fielda, fieldb, qdata) VALUES (".$_POST[fielda].",".$_POST[fieldb].",".$_POST[qdata].")";

Note this above sql statement is for those fields which are integer in database if fields are varchar then following will be code

$sql ="INSERT INTO qtable(fielda, fieldb, qdata) VALUES ('".$_POST[fielda]."','".$_POST[fieldb]."','".$_POST[qdata]."')";

Thank You

php/mysql returning empty set

4 Answers4