mysqli_query dies every time in INSERT INTO

Question

Every time i try to insert value in my mysql database from php script, the query fails.

Here are my codes.

if ( empty($_POST)) {
echo '<script type="text/javascript">
    alert("Tricky, you must have left something empty. That is why you are now will be redirected to Main page. Try again ;)");
    window.location.href ="index.php"</script>';


}else {
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$email_id = $_POST['email_id'];
$your_info = $_POST['your_info'];
$title = $_POST['title'];
$feed_area = $_POST['feed_area'];
$remote_addr = $_SERVER['REMOTE_ADDR'];
$type = $_POST['type'];   
 if(!empty($first_name) || !empty($last_name) || !empty($email_id) || !empty($your_info) || !empty($title) || !empty($feed_area) || !empty($type))
 {
    echo '<div id="header">
    <div id="middle_heading">Confirmed!!!</div></div>';
    $dbc = mysqli_connect('localhost', 'root', '', 'feed_update');
    $query = "INSERT INTO feed_info (id, first_name, last_name, email_id, your_info, title,type, feed_area, feed_date, remote_addr)" VALUES (0, '$first_name', '$last_name', '$email_id', '$your_info', '$title', '$type', '$feed_area', NOW(), '$remote_addr')";
   mysqli_query($dbc, $query)
   or die("<script type='text/javascript'>alert('query error alert');</script>");   
   mysqli_close($dbc);
   echo '<script type="text/javascript">window.location.href ="index.php"</script>';
   }else {
     echo '<script type="text/javascript">
     alert("Tricky, you must have left something empty. That is why you are now will be redirected to Main page. Try again ;)");
     window.location.href ="index.php"</script>';
      }
    }
    ?>

Note:

the html is not php self form.
I also installed wordpress in my database, is there any problem with it too ?

How does it fail? Perhaps it produces an error that you could include in the question. You should also edit the question and include the definition of `feed_info`. — Gordon Linoff, Jan 11 '15 at 16:10
i tried to see the error by `mysql_error()`. But, then that ass gave me another error about the `mysql_error()`. — MihirUj, Jan 11 '15 at 16:12
**Danger**: You are **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that you need to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. — Quentin, Jan 11 '15 at 16:16
`mysql_error` is from the `mysql_` API, you're using the `mysqli_` API. You can't mix and match database APIs. — Quentin, Jan 11 '15 at 16:17
If you're using MySQLi; then, for the love of , learn to use bind variables with prepared statements.... then you don't need to escape it, or even need to remember quotes around strings — Mark Baker, Jan 11 '15 at 16:27

MihirUj · Accepted Answer · 2015-01-13T09:51:10.427

-1

Got the answer , my data needs to be escaped. Short and Sweet use mysql_real_escape_string

for ex. $first_name = mysql_real_escape_string($_POST['first_name']); $last_name = mysql_real_escape_string($_POST['last_name']); and i know you must be thinking, i use mysqli but, when i tried mysqli_real_espace_string() it shows error.

Sorry, for disturbing you people.

edited Jan 13 '15 at 09:51

answered Jan 11 '15 at 16:24

MihirUj

43
1
11

Or use PDO to avoid this issue altogether. – siride Jan 11 '15 at 16:25
Are you playing around??? You have used mysqli But your are telling mysql_real_escape_string solved the issue ?? How can you mix mysql and mysqli – Indra Kumar S Jan 11 '15 at 16:25
1

You don't even need to use PDO to escape that issue, MySQLi supports bind variables – Mark Baker Jan 11 '15 at 16:28

mysqli_query dies every time in INSERT INTO

1 Answers1