mysqli_query insert not generating any response, the connection is working, but no data is inserted

Question

This is the code in my PHP script on a very basic html page with a form. I have tried every possible variation of single quotes, double, single and double for the values. I didn't get any response at all. I have tested to make sure the connection is made, but nothing is inserted in the DB. I just don't know what I'm doing wrong.

// Check our connection
if (mysqli_connect_errno($con)) {
    print_r("Connect failed: %s\n", mysqli_connect_error());
    exit();
}

if(isset($_POST["submit"])){
    $name = $_POST['name'];
    $company = $_POST['company'];
    $email = $_POST['email'];
    $comment = $_POST['comment'];

     // Insert our data
    $query = mysqli_query("INSERT INTO 'contacts' ('id','name', 'company', 'email', 'comment')  VALUES ('','$name', '$company', '$email', '$comment')", $con);
    $result = ($query); 


    if( $result )
    {
        print_r('Success');
    }
    else
    {
        print_r('Query Failed');
    }
    mysqli_close($con);
}

score 1 · Answer 1 · edited May 23 '17 at 12:14

Your order is inverted, http://php.net/manual/en/mysqli.query.php.

connection first, then query.

mixed mysqli_query ( mysqli $link , string $query [, int $resultmode = MYSQLI_STORE_RESULT ] )

You also incorrectly used single quotes around the column names; those should be backticks; When to use single quotes, double quotes, and backticks in MySQL.

Additionally you should never pass user input directly to SQL. This is how injections occur. You should look into using prepared statements. How can I prevent SQL injection in PHP?

if (mysqli_connect_errno($con)) {
        print_r("Connect failed: %s\n", mysqli_connect_error());
        exit();
}
if(isset($_POST["submit"])){ 
     $name = mysqli_real_escape_string($con, $_POST['name']);  
     $company = mysqli_real_escape_string($con,$_POST['company']);  
     $email = mysqli_real_escape_string($con,$_POST['email']);  
     $comment = mysqli_real_escape_string($con,$_POST['comment']);
     // Insert our data
     $query = mysqli_query($con, "INSERT INTO `contacts` (`name`, `company`, `email`, `comment`)  VALUES ('$name', '$company', '$email', '$comment')"); 
     if($query) {
          print_r('Success');
     } else {
          print_r('Query Failed');
     }
     mysqli_close($con);
}

If downvoting, post why (current standings 2 DVs; 2 UVs). – chris85 Oct 15 '15 at 23:01 — chris85, Oct 15 '15 at 23:01

score 0 · Answer 2 · edited May 23 '17 at 11:44

You don't need to use apostrophe (') for your table and column name. Remove the apostrophe in your contacts table. You can use backticks (`) for column names.

$query = mysqli_query($con, "INSERT INTO contacts (id, name, company, email, comment)  
                                     VALUES ('','$name', '$company', '$email', '$comment')");

You are also prone to SQL injections, so use *_real_escape_string.

$name = mysqli_real_escape_string($con, $_POST['name']);  
$company = mysqli_real_escape_string($con, $_POST['company']);  
$email = mysqli_real_escape_string($con, $_POST['email']);  
$comment = mysqli_real_escape_string($con, $_POST['comment']);

While you are at it, using mysqli_* API, you might want to check on prepared statement.

All quotes/apostrophes should be removed from columns. Quotes are for strings. Backticks are for columns. — chris85, Oct 15 '15 at 00:47

mysqli_query insert not generating any response, the connection is working, but no data is inserted

2 Answers2