0

I am having a little difficulty in saving values via the URL into a SQL database. I can explicitly put in values into the the INSERT command, but that is not what I want. Say I had a URL like the following:
and code like the following:

<?php
include 'curr.php';
$url = curPageURL();
$query_str = parse_url($url, PHP_URL_QUERY);
$query = parse_str($query_str, $query_params);
$fn = $_REQUEST['Firstname'];$sn = $_REQUEST['Surname'];
$link = mysql_connect('server.co.li', 'username', 'pass333');
if (!$link) {
    die('Could not connect: ' . mysql_error());
}
echo 'Connected successfully';
$sql = 'INSERT INTO p_database '.
       '(Firstname, Surname) '.
       'VALUES ($fn, $sn)';

mysql_select_db('my_db');
$retval = mysql_query( $sql, $link );
if(! $retval )
{
  die('Could not enter data: ' . mysql_error());
}
echo "Entered data successfully\n";
mysql_close($link);
?>

I have tried $_Get and $_POST as well as $_REQUEST to get the information, and here is the error that is produced when I run: "Connected successfullyCould not enter data: Unknown column '$fn' in 'field list'"

Any assistance would be appreciated. (P.s. I know the code is not secure or safe, that will come after the functional parts are complete).

Cœur
  • 37,241
  • 25
  • 195
  • 267
user3608266
  • 21
  • 1
  • 1
  • 6

2 Answers2

1

Your quotes are incorrect,

$sql = "INSERT INTO p_database ".
       "(Firstname, Surname) ".
       "VALUES ('$fn', '$sn')";

Waring: Please, don't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.

Community
  • 1
  • 1
Rikesh
  • 26,156
  • 14
  • 79
  • 87
0

You need to escape your $fn and $sn like so:

$sql = "INSERT INTO p_database (Firstname, Surname) VALUES ('$fn', '$sn')";

laminatefish
  • 5,197
  • 5
  • 38
  • 70