Can't insert array variables into MySQL DB from $_POST input

Question

as always, I have tried to research and solve the problem based on already existing questions but can't wrap my head around it. I am probably doing many things wrong. In the html form, I have input types text,number, title, as well as textarea, so maybe that might account for things not working too?

Here's a link to the thing I'm trying to build: http://postimg.org/image/9mgm6l9hj/

Here's my INSERT query function

    function register_hangout($register_hangout_data) {
    array_walk($register_hangout_data, 'array_sanitize');

    $hangout_fields = '`' . implode('`, `', array_keys($register_hangout_data)) . '`';
    $hangout_data = '\'' . implode('\', \'', $register_hangout_data) . '\'';

    mysql_query("INSERT INTO hangouts ($hangout_fields) VALUES ($hangout_data)");
}

And here's the code, which, as of now, it does redirect me to hangout.php?success, but doesn't echo "Successssss" or insert into the DB:

    if (empty($_POST) === false) {
    $required_fields = array('title','dd' ,'mm','yyyy', 'hour', 'minutes', 'location', 'aim', 'description');
    foreach($_POST AS $key=>$value) {
        if (empty($value) && in_array($key, $required_fields) === true) {
            $errors[] = 'Fields marked with an asterisk are required.';
            break 1;
        }
    }  

    print_r($errors);
}

?> 

<?php 
if (isset($_GET['success']) && empty($_GET['success'])) {
    echo 'Successssssss.';
} else {
  // there's one curly brace after the html form tied to this else right above
    if (empty($_POST) === false && empty($errors) === true) {
        //insert hangout data in mysql database
        $register_hangout_data = array(
            'title'             => $_POST['title'],
            'dd'                => $_POST['dd'],
            'mm'                => $_POST['mm'],
            'yyyy'              => $_POST['yyyy'],
            'hour'              => $_POST['hour'],
            'minutes'           => $_POST['minutes'],
            'location'          => $_POST['location'],
            'aim'               => $_POST['aim'],
            'description'       => $_POST['description']
            );
        register_hangout($register_hangout_data);
        header('Location: hangout.php?success');
        // exit
    }
    elseif (empty($errors) === false) {
        //output errors
        echo output_errors($errors);
    }

I can't get my head around why these aren't even inserted into the DB, let alone using proper integer functions, sanitization, proper date time functions and format, so please help me solve my actual problem before diving into what other things I should do to this code.

Why you guys keep using deprecated mysql_*? I see it in almost every question. — Inurosen, Dec 28 '15 at 13:33
As mentioned by @Inurosen, [**mysql_* functions should be avoided**](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). You should also take a look at [How can I prevent SQL-injection in PHP?](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) — FirstOne, Dec 28 '15 at 13:36
Hi Inurosen. I have been learning a lot on my own, I'm still very much a beginner and don't understand many things. So I followed some online tutorials for a login and registration system because the guy was a very good teacher, it only happened that the videos were old, 2012. I simply extrapolated code from there onwards. Deprecated, non-deprecated, I am looking to understand programming logic for now and simply be able to make things functional, I wouldn't use it in a real world app. Hope this makes sense to more advanced programmers and they forgive me. — J. Doe, Dec 28 '15 at 13:40
Also, I am a virgin, PHP is my first and we're only at second base. — J. Doe, Dec 28 '15 at 13:47
which MySQL API are you using to connect with, `mysql_`? `mysqli_`? PDO? Other? you're also not checking for errors here. — Funk Forty Niner, Dec 28 '15 at 13:58
Fred, I can confirm the connection works. If anything, I am using xampp and phpmyadmin, but the connections and queries like create database and tables are written straight into the code. — J. Doe, Dec 28 '15 at 14:03
Ok, now I know (edit, you deleted your comment about the connection being mysql_) Edit #2, you re-added it below. We also have no idea where those POST arrays are coming from or if they hold values. Your query could also contain errors, which I suspect it does. Add error reporting to the top of your file(s) right after your opening PHP tag for example ` — Funk Forty Niner, Dec 28 '15 at 14:09
I am not entirely sure I understand what MySQL API means, but based on what I read, I'll assume this is what you're talking about? $conn = mysql_connect('localhost', 'root', '') or die($connect_error); — J. Doe, Dec 28 '15 at 14:10
so, my comment above yours here, yielded anything? about error reporting/checking. — Funk Forty Niner, Dec 28 '15 at 14:18
The $_POST array comes from, well, the form below my code with method="post", which is tied to that else where I commented in the code, as you can see. If it is any help, once submitted, this query works for example: mysql_query(" INSERT INTO hangouts (title), VALUES (' ".$_POST['title']." ') "); And then, when I tried the same query with dd and $_POST['dd'], it wouldn't work. dd field is INT, not VARCHAR. — J. Doe, Dec 28 '15 at 14:19
Oh well, I added your suggestions, the code works like before, it "successfully" redirects me to hangout.php?success with no error reporting, but still doesn't do what it's supposed to do. — J. Doe, Dec 28 '15 at 14:28
What is the exact query being executed? Can you either get it from MySQL general log, or dump the value of `"INSERT INTO hangouts ($hangout_fields) VALUES ($hangout_data)"`? — Richard St-Cyr, Dec 28 '15 at 16:59
Start by **checking for errors!** `mysql_query(..) or die(mysql_error());` — deceze, Dec 30 '15 at 13:31
Is anybody willing to spend some 10 minutes with me on teamviewer please... ? — J. Doe, Jan 05 '16 at 13:57

Can't insert array variables into MySQL DB from $_POST input

0 Answers0