-3

i am adapting this code to Mysqli, but is gives an error, i cannot see the error, please help.

$sql = "INSERT INTO test_xml ('title', 'artist', 'duration') VALUES ('$title', '$artist', '$duration')";        
$result = mysqli_query($con, $sql);

the old code worked good:

$sql = "INSERT INTO `test_xml`  (`title`, `artist`, `duration`)"
            . "VALUES ('$title', '$artist', '$duration')";
$result = mysql_query($sql);
Handsome_devil
  • 27
  • 9
  • 2
    Use backticsk for column names not quotes.See the difference?Also learn about prepared statements,mysqli is not more secure by default. – Mihai Jan 10 '15 at 16:29
  • 1
    There is a difference between a backtick ` and a single quote `'` – RiggsFolly Jan 10 '15 at 16:30
  • 1
    *"the old code worked good:"* - So use that and use `$result = mysqli_query($con, $sql);`. Plus, in case you haven't been told about it (edit: Oops, you have by Mihai, my bad), or have any knowledge of; your code is open to [**SQL injection**](http://stackoverflow.com/q/60174/). Use [**prepared statements**](http://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php), or [**PDO with prepared statements**](http://php.net/pdo.prepared-statements), *they're much safer*. – Funk Forty Niner Jan 10 '15 at 16:35
  • whwre is your mysqli_connect initialization? – Alex Jan 10 '15 at 16:38
  • *"i cannot see the error"* - That's because you're not checking for them. Add `or die(mysqli_error($con))` to `mysqli_query()` and you will see them. – Funk Forty Niner Jan 10 '15 at 16:38

2 Answers2

1

Risking downvotes, but I can't comment at my level so in order to try help I'll assume the question is "how can I see the error" and try answer that, as there's not much else to go on;

First, is $con created successfully?

$con = new mysqli("sql server hostname or ip", "user", "password", "schema/db name");
        if($con->connect_errno > 0)
            {
                die('Unable to connect to database [' . $con->connect_error . ']');
            }

As per comments, problem solved due to ' vs ` for column names.

$sql = "INSERT INTO test_xml (`title`, `artist`, `duration`) VALUES ('$title', '$artist', '$duration')";        

if(!$result = $con->query($sql)) {
    die('There was an error running the query [' . $con->error . ']');
} else {
  echo "Successful query.";
       }

this portion was really to include the error handling to see what the error was.

Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
user2213361
  • 87
  • 9
  • 1
    `('title', 'artist', 'duration')` that's incorrect. Those are columns, and not to be treated as string (values). – Funk Forty Niner Jan 10 '15 at 16:41
  • @user2213361 - Look at the comments under the OP's question. You haven't gotten downvoted "yet", but if you don't fix it, you will. – Funk Forty Niner Jan 10 '15 at 16:45
  • seemed kinda pointless after the problem was solved, but fixed anyway. For interest sake, the error that would have been thrown was "Error Code: 1064. You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''title....at line 1 – user2213361 Jan 10 '15 at 16:52
  • 1
    Well, you did submit a (now) correct answer, so may as well leave it intact. @user2213361 – Funk Forty Niner Jan 10 '15 at 16:53
  • 1
    By the way, I fixed a syntax error in your answer. It's `$con->error` and not `$sql->error`. The DB connection is to be passed as the variable and not the query. – Funk Forty Niner Jan 10 '15 at 17:13
0

ok it was in the line:

$sql = "INSERT INTO test_xml ('title', 'artist', 'duration')

in the columms, the ' must be ` like @Mihai and @RiggsFolly said.

Handsome_devil
  • 27
  • 9