Parameter error with mysqli_query

Question

I have found this a sticky problem, since running into it. Would love to know whether you can help me spot the error in posting this form to a database, it connect but a parameters error keeps reoccurring.

<?php
    mysql_select_db("members");


    if(isset ($_POST['submit'])){

         $f_name = $_POST['first_name'];
         $l_name = $_POST['last_name'];
         $user_email = $_POST['email'];



         $query = "INSERT into members (first_name,last_name,email) VALUES ('$f_name','$l_name','$user_email')";

         if (!mysqli_query ($conn,$sqlinsert)) {

            die('error inserting new record');


          } // end of nested if state

          $newrecord = "1 record added success";


    } // end of 1st if state

Please post the error you are receiving. I do notice that your variable is called `$query` but you are calling `mysqli_query($conn, $sqlinsert)` instead - `$sqlinsert` is not defined here. See also [How can I prevent SQL injection in PHP](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) and the examples there on using `prepare()/bind_param()/execute()` with MySQLi to improve security against injection attacks. — Michael Berkowski, Jan 17 '15 at 19:42

score 0 · Accepted Answer · edited May 23 '17 at 12:20

0

if (!mysqli_query ($conn, $sqlinsert)) {

Should be

 if (!mysqli_query ($conn, $query)) {

Don't see anything wrong with the query although you should note it'll be vulnerable to SQL injections (see this topic).

edited May 23 '17 at 12:20

Community

1
1

answered Jan 17 '15 at 19:41

Tom Tom

3,680
5
35
40

Thank you, appreciate your time sincerely! – Kash Smith Jan 17 '15 at 19:55

Parameter error with mysqli_query

1 Answers1