Trouble using MySQLi to update and insert to MySQL

Question

I believe I have an error in my syntax, but I'm not sure where. I've looked here for how to insert data, and here for how to update data....

This is the snippet which updates/inserts the data (PHP)...

if ($is_edit === true) {
          $update_query = "UPDATE `$blog_table` SET `title`=$title_value, `content`=$content_value WHERE $identifier";
          $connection->query($update_query);
          header('Location: .');
        } elseif ($is_edit === false) {
          $current_date = date('Y-m-d');
          $add_entry_query = "INSERT INTO $blog_table (date, title, content, comments) VALUES ($current_date, $title_value, $content_value, '')";
          $connection->query($add_entry_query);
          header('Location: .');
        }

I know the actual logic is functioning correctly, because I get the page is redirected when the logic is correct.

As far as I can tell, I have copied the syntax exactly, but I'm not getting any data added.

I know for a fact that $blog_table and the assorted value variables are correct because I've echoed them to see if they were valid. I also use the exact same $blog_table to view data on the same page with the same connection which works flawlessly.

What is the problem with my syntax?

Add a print statement before the ->query to see what exactly is being sent to your db. — useSticks, Aug 24 '15 at 21:23
You're missing quotes around the string values in the queries. — Barmar, Aug 24 '15 at 21:25
It would be better to use prepared statements, then you wouldn't have to worry about that. — Barmar, Aug 24 '15 at 21:26
You also MISSED the part of the tutorial that actually checks that a `->query()` suceeded and if not PRINTS THE ERROR which would have allowed you to solve this all on your own — RiggsFolly, Aug 24 '15 at 21:35

score 1 · Accepted Answer · answered Aug 24 '15 at 21:25

if you didn't escape strings like this: $title_value="'something'"; change your query to

if ($is_edit === true) {
          $update_query = "UPDATE `$blog_table` SET `title`='$title_value', `content`='$content_value' WHERE $identifier";
          $connection->query($update_query);
          header('Location: .');
        } elseif ($is_edit === false) {
          $current_date = date('Y-m-d');
          $add_entry_query = "INSERT INTO $blog_table (date, title, content, comments) VALUES ('$current_date', '$title_value', '$content_value', '')";
          $connection->query($add_entry_query);
          header('Location: .');
        }

also make sure your strings are safe, use function addslashes before using variables in sql

$str = addslashes($str);

That was all I needed. I was unaware that I needed to quote the variables. I assumed that the only reason it was like that on the statements was to create a string, which my variables already were. — Allenph, Aug 24 '15 at 21:33

Trouble using MySQLi to update and insert to MySQL

1 Answers1