Data not inserted into database

Question

I'm trying to put data into a MySQL database using PHP if a condition is verified, but it doesn't work.

The first condition works well but the second doesn't insert into the database, it only displays "ENTRATA IN LISTA, DA PAGARE".

What am I doing wrong?

Here is the code:

<?php
$DBhost = "localhost";
$DBuser = "bestparty";
$DBpass = "";
$DBName = "my_bestparty";

$disco  = $_GET['disco'];
$string = $_GET['string'];
$type   = $_GET['type'];

if ($type == 'ticket') {

    $cons = mysql_connect($DBhost, $DBuser, $DBpass) or die("Impossibile collegarsi al server");
    @mysql_select_db("$DBName") or die("Impossibile connettersi al database $DBName");        

    $sqlquery = "SELECT * FROM `ticket` WHERE `Disco` = '$disco' && `string` = '$string'";
    $result   = mysql_query($sqlquery);
    $number   = mysql_num_rows($result);

    $status = mysql_result($result, $i, "Entrato");        

    if ($status == '0') {

        $query = "UPDATE `ticket` SET `Entrato`= 1 WHERE `Disco` = '$disco' && `string` = '$string'";

        if (mysql_query($query)) {

        } else {

        }

        echo "<font color=\"#4CAF50\" align=\"center\"> OK </font>";

    } else if ($status == '1') {

        echo "<font color=\"#E53935\" align=\"center\"> QR CODE GIA' SCANNERIZZATO </font>";

    }

    mysql_close($cons);

}
else if ($type == 'lista') {

    $DBhost = "localhost";
    $DBuser = "bestparty";
    $DBpass = "";
    $DBName = "my_bestparty";
    $consa = mysql_connect($DBhost, $DBuser, $DBpass) or die("Impossibile collegarsi al server");
    @mysql_select_db("$DBName") or die("Impossibile connettersi al database $DBName");

    $sqlquery = "INSERT INTO `Liste`(`Stringa`, `Disco`) VALUES ('$string','$disco')";

    echo "<font color=\"#795548\" align=\"center\"> ENTRATA IN LISTA, DA PAGARE </font>";

    mysql_close($consa);

}

?>

If you can, you should [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). They are no longer maintained and are [officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) [statements](http://php.net/manual/en/pdo.prepared-statements.php) instead, and consider using PDO, [it's really not hard](http://jayblanchard.net/demystifying_php_pdo.html). — Jay Blanchard, Jun 15 '15 at 16:13
[Your script is at risk for SQL Injection.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) — Jay Blanchard, Jun 15 '15 at 16:13
You never bothered defining `$i`... Plus... why connect to the DB? twice? — Marc B, Jun 15 '15 at 16:23

score 1 · Answer 1 · answered Jun 15 '15 at 17:07

In the liste portion you have created the SQL statement but you have not tried to execute it.

Adding mysql_query($sqlquery); after defining the statement might do the trick.

$sqlquery = "INSERT INTO `Liste`(`Stringa`, `Disco`) VALUES ('$string','$disco')";
mysql_query($sqlquery);

However, please note, as others have commented getting it working won't mean that it is suitable for use on a publicly accessible web site.

score 0 · Answer 2 · answered Jun 15 '15 at 17:07

0

You do not actually execute the second $query, you define it as a string but don't use it.

answered Jun 15 '15 at 17:07

Mark B

649
5
11

Data not inserted into database

2 Answers2