PHP insert into table issue

Question

Me again. I'm really new to PHP though have been really trying hard to practice, so terms are a little iffy right now.

My issue at the moment is my CMS can't seem to submit data to a MySQL table. Here is my function:

    function newEntry() {
    $query = mysql_query("INSERT INTO entries VALUES(null,'name','description','content')") or die(mysql_error());
}

Here is my form for submitting content:

<form action="doNewEntry.php" method="post">
    <textarea name="entTitle" id="entTitle">Entry Title</textarea><br>
    <textarea name="entDesc" id="entDesc">Input Description Here</textarea><br>
    <textarea name="entCont" id="entCont">Type and format content here! What you see, is what you get.</textarea><br>
    <script>
    CKEDITOR.replace( 'entCont' );
    </script>
    <table><td colspan="2"><input type="submit" name="submit" /></td></table>
</form>

And here is the in between file to make the post:

    <?php
include('includes/functions.php');
if(isset($_POST['submit'])) {
            if(isset($_POST['entTitle'])) {
                newEntry($_POST['entTitle'],$_POST['entDesc'],$_POST['entCont']);
                header("Location: entries.php");
        } else {
            echo "Please fill out all fields!";
            include('newEntry.php');
    }
}
?>

I'm incredibly new to this, so it's no doubt a very simple fix. Maybe just missed something but I really cannot figure it out. ADD problems. :(

you have passed parameters to newEntry call but in newEntry function you did not get any parameters! — Awlad Liton, Feb 22 '14 at 17:27

score 1 · Answer 1 · answered Feb 22 '14 at 17:28

1

function newEntry()
You have passed the parameters to this function but dint received in definition.

function newEntry($title, $description ,$content){
      //your code here
}

Need to reform this query

$query = mysql_query("INSERT INTO entries VALUES(null,'name','description','content')") or die(mysql_error());

answered Feb 22 '14 at 17:28

Raviranjan Mishra

849
2
11
26

those values are static, he needs to use arguments passed to the function (Ex. $title, $desc, $content). – Dexa Feb 22 '14 at 17:29

score 0 · Answer 2 · edited May 23 '17 at 10:28

0

You need to pass your variables in your function so add arguments to your function, otherwise it won't work, also your variable should be prepended by $ in your query, so change the function as follow

function newEntry($name, $description, $content) 
{
    $query = mysql_query("INSERT INTO entries VALUES(null,'$name','$description','$content')") or die(mysql_error());
}

As side note i would say that your code is higly vulnerable to mysql injections. I would rather switch to either PDO or mysqli and use prepared statments to avoid any risk.

edited May 23 '17 at 10:28

Community

1
1

answered Feb 22 '14 at 17:29

Fabio

23,183
12
55
64

This function is in an admin panel, so it's not at risk from people without a password I don't think right? I figured I'd learn about PDO later if this system is useful. I also now get an error of: Column count doesn't match value count at row 1 – Jack Miller Feb 22 '14 at 17:35
@jack i wouls rather indicate all culms in the query so `INSERT INTO table (column1, column2, etc...) VALUES ('value1', 'value2', etc...)` – Fabio Feb 22 '14 at 18:05

PHP insert into table issue

2 Answers2