1

I am trying to send data from input to a my sqldata base. Here is the coding for it trying to send the information to the database. It doesn't appear in the database; what is wrong with the coding?

    <?php
$con=mysqli_connect(/*hostname*/"localhost",
                    /*username*/"user",
                    /*password*/"pass",
                    /*database name*/"dbase");

// Check connection
if (mysqli_connect_errno()) {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
}

$a =  mysqli_real_escape_string($con, $_POST['a']);
$b =  mysqli_real_escape_string($con, $_POST['b']);
$c =  mysqli_real_escape_string($con, $_POST['b']);
$d =  mysqli_real_escape_string($con, $_POST['d']);
$e =  mysqli_real_escape_string($con, $_POST['e']);
$f =  mysqli_real_escape_string($con, $_POST['f']);
$g = 10 + ($e - $f);

mysql_query("INSERT INTO 'mensscore', (Name, Club, Level, App, Score);
    VALUES ('".$a."',
            '".$b."',
            '".$c."',
            '".$d."'
            '".$g."')");
    ?>
user2672165
  • 2,986
  • 19
  • 27
The Okay Man
  • 133
  • 1
  • 7

6 Answers6

1

You are mixing mysql and mysqli. Change:

mysql_query("INSERT INTO 'mensscore', (Name, Club, Level, App, Score);
    VALUES ('".$a."',
            '".$b."',
            '".$c."',
            '".$d."'
            '".$g."')");

To:

mysqli_query($con, "INSERT INTO `mensscore` (Name, Club, Level, App, Score)
    VALUES ('$a',
            '$b',
            '$c',
            '$d',
            '$g'
    );");

Also see How can I prevent SQL injection in PHP and PHP: mysqli_stmt - Manual because using POST is not always safe as people can do SQL injection.

Community
  • 1
  • 1
I hate Stack Overflow
  • 11
  • 9
0

You have some errors in the query. Firstly use mysqli_query() as here, you are using mysqli. Remove the unwanted , and ; from the query and try with this,

mysqli_query($con,"INSERT INTO 'mensscore' (Name, Club, Level, App, Score)
    VALUES ('$a',
            '$b',
            '$c',
            '$d'
            '$g')");
Jenz
  • 8,280
  • 7
  • 44
  • 77
0

Try this

mysqli_query($con,"INSERT INTO mensscore (Name, Club, Level, App, Score)VALUES ('".$a."',
        '".$b."',
        '".$c."',
        '".$d."',
        '".$g."')");
AVM
  • 592
  • 2
  • 11
  • 25
0

Try this

mysqli_query("INSERT INTO mensscore  (Name, Club, Level, App, Score)
    VALUES ('{$a}','{$b}','{$c}','{$d}','{$g}'");
sshet
  • 1,152
  • 1
  • 6
  • 15
0

try like this

<?php
    $con=mysqli_connect("localhost","user","pass","dbase");

    // Check connection
    if (mysqli_connect_errno()) {
      echo "Failed to connect to MySQL: " . mysqli_connect_error();
    }

    $a =  mysqli_real_escape_string($con, $_POST['a']);
    $b =  mysqli_real_escape_string($con, $_POST['b']);
    $c =  mysqli_real_escape_string($con, $_POST['b']);
    $d =  mysqli_real_escape_string($con, $_POST['d']);
    $e =  mysqli_real_escape_string($con, $_POST['e']);
    $f =  mysqli_real_escape_string($con, $_POST['f']);
    $g = 10 + ($e - $f);
    $sql = "INSERT INTO mensscore(Name, Club, Level, App, Score)VALUES('".$a."','".$b."','".$c."','".$d."''".$g."')";
    $result = $con->query($sql) or die("Error executing query" . mysqli_error($conn));
        ?>
Dexter
  • 1,804
  • 4
  • 24
  • 53
0

  1. don't single quote the table name mensscore

  2. don't use semicolon before VALUES keyword

Xing Fei
  • 287
  • 1
  • 6