0
<?php

require "config.php";

/*
CREATE TABLE  `addnews` (
 `id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,
 `auther` VARCHAR( 255 ) NOT NULL ,
 `title` VARCHAR( 255 ) NOT NULL ,
 `content` LONGTEXT NOT NULL
) ENGINE = MYISAM ;
*/

$a = $_POST['author'];
$t = $_POST['title'];
$c = $_POST['content'];

if(isset($_POST["add"]) and $_POST["add"] == "news"){
    $insert = mysql_query('INSERT INTO addnews 
    (author,title,content)
    VALUES
    ("$a","$t","$c")') or die("error");
    if (isset($insert )){
        echo "<h3>Done</h3>";
    }
};

echo "
<form action='".$_SERVER['PHP_SELF']."' method='post'>
Author : <input type='text' name='author' /><br>
Title : <input type='text' name='title' /><br>
Content : <textarea name='content'></textarea>
<input type='submit' value='Add news' />
<input type='hidden' name='add' value='news' />
</form>
";


mysql_close($connectdb);
?>

i am getting error from this statment i think

if(isset($_POST["add"]) and $_POST["add"] == "news"){
    $insert = mysql_query('INSERT INTO addnews 
    (author,title,content)
    VALUES
    ("$a","$t","$c")') or die("error happend while trying to add information to database");
    if (isset($insert )){
        echo "<h3>Done</h3>";
    }
};

output is : error happend while trying to add information to database

and no problem with config.php file (the file that connect to database) i am using phpmyadmin

Asad Asa
  • 17
  • 8
  • Read this, please: http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?lq=1 – vhu Jun 30 '15 at 06:58
  • i dont care about security for now this is my first sql code i am just learning – Asad Asa Jun 30 '15 at 07:05
  • Especially in that case I'd suggest to learn it the _right_ way from the beginning. – vhu Jun 30 '15 at 07:22

5 Answers5

0

Use && instead of the actual word and:

if(isset($_POST["add"]) && $_POST["add"] == "news"){
    $insert = mysql_query("INSERT INTO addnews 
    (author,title,content)
    VALUES
    ('$a','$t','$c')") or die("error happend while trying to add information to database");
    if (isset($insert )){
        echo "<h3>Done</h3>";
    }
};
Spade
  • 591
  • 3
  • 20
0

Here you go try this one

if(isset($_POST["add"]) and $_POST["add"] == "news"){
    $insert = mysql_query('INSERT INTO addnews 
    (author,title,content)
    VALUES
    ("'. $a .'","'. $t .'","'. $c .'")') or die("error happend while trying to add information to database");
    if (isset($insert )){
        echo "<h3>Done</h3>";
    }
};

used "'. $a .'" instead "$a".

Ankit Pise
  • 1,243
  • 11
  • 30
0

I think the query statement is wrong, Double quotes inside the single quotes is not valid in php. So you will change the quotes in query like below code,

$insert = mysql_query("INSERT INTO addnews 
    (author,title,content)
    VALUES
    ('$a','$t','$c')") or die("error");

try this..:-)

sathish kumar
  • 116
  • 1
  • 8
0

Please do the correction in your code like as follow:

$insert = mysql_query("INSERT INTO addnews 
    (author,title,content)
    VALUES
    ('$a','$t','$c')") or die(mysql_error($link));//Where $link mysql resource object

You will get the answer why Mysql not inserting your data.

satish-a
  • 1
  • 1
0
  1. strings in sql are surrounded by ' (single quote) , not by " (double quote)
  2. strings in php will act two ways
    1. those in ' (single quote) will write literally as tyou typed them ($a stays $a - not $a value)
    2. those in " (double quote) will interpret values inside - so $a will be substituted with $a's value
  3. when failing DB operation - it is usually useful to see what was wrong - use mysql_error for that
murison
  • 3,640
  • 2
  • 23
  • 36