0

I have this SQL statement that i'm trying to get to save new students to a table of students, however it simply isn't doing it, I don't get any error messages when I run error reporting and I ran the Query in sqlbuddy with values swapped in and it worked fine. Any ideas on what im doing wrong will be appreciated.

Heres the code:

<?php
session_start();
ini_set('display_startup_errors',1);
ini_set('display_errors',1);
error_reporting(-1);
$default = 'default';
$ClassID = $_GET['ID'];
$Surname = $_POST['Surname'];
$Firstname = $_POST['Firstname'];
$Firstletter = $Firstname[0];
$Username = $Firstletter + $Surname;
$sql_link = mysqli_connect('localhost', 'root', 'password', 'GameData');
$counter = mysqli_query($sql_link,"SELECT * FROM IDCounter");
$counter = mysqli_fetch_array($counter);
mysqli_query($sql_link,"INSERT INTO tblStudents(StudentID, StudentFirstName,    StudentSurname, ClassID, UserName, Password, CharacterSelect)
VALUES ('$counter[Counter]', '$_POST[Firstname]', '$_POST[Surname]', '$ClassID',  '$Username', '$default', 1)");
mysqli_close($sql_link);
header ("Location: TeacherSide.php");
?>

The POST values come from the form that directs to this page

Benjamin Sealy-Minto
  • 39
  • 10
  • 3
    Remove the `header()` call and add `echo mysqli_error($sql_link);` — Do you get any errors? – Amal Murali Apr 28 '14 at 19:42
  • Upon using the error check I got this error message: Warning: mysqli_error(): Couldn't fetch mysqli in /var/www/game/classmod.php on line 18 – Benjamin Sealy-Minto Apr 28 '14 at 19:45
  • allow me to correct myself, I put it after the sql_close, apologise for any confusion, after putting it somewhere more suitable no issues were displayed – Benjamin Sealy-Minto Apr 28 '14 at 20:09
  • 1
    When using `mysqli` you should be using parameterized queries and [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add user data to your query. **DO NOT** use string interpolation to accomplish this because you will create severe [SQL injection bugs](http://bobby-tables.com/). `$_POST` data **never** goes directly in the query. – tadman Apr 28 '14 at 20:13
  • For reasons I dont understand the page temporarily worked, then I changed $_POST[Firstname] and $_POST[Surname] to there respective variable stated earlier in the code and now the statement fails to work again. – Benjamin Sealy-Minto Apr 28 '14 at 20:21
  • thanks everyone for there help, I appreciate it – Benjamin Sealy-Minto Apr 28 '14 at 20:24

1 Answers1

0

I just worked out the issue I was having and I regret to inform you it was a rather stupid one, I was not updating my counter, So every time I tried to add a new student it would try with the same StudentID, and thus would fail, an easy fix

Benjamin Sealy-Minto
  • 39
  • 10