0

Can anyone tell me why the following code is giving me an error page 500. And also how, can I correct it. 

mysql_connect("xxx", "xxx", "xxx") or die(mysql_error());
mysql_select_db("xxx") or die(mysql_error());

$sql = "INSERT INTO oc2_ads (id_user, id_category)
VALUES ('$id_user', '$id_category')";
mysql_query($sql);

if ($conn->query($sql) === TRUE) {
    echo "New record created successfully";
} else {
    echo "Error: " . $sql . "<br>" . $conn->error;
}

$conn->close();

Thank you

Szabó Tamás
  • 55
  • 1
  • 7
  • what server are you using? – oliver Mar 04 '16 at 20:02
  • 4
    Please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard Mar 04 '16 at 20:02
  • 2
    [Your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Jay Blanchard Mar 04 '16 at 20:02
  • You're mixing API's, started with `mysql_*` and then went to some OOP API here `if ($conn->query($sql)`. That'll never work. Not even in Cleveland. – Jay Blanchard Mar 04 '16 at 20:03
  • What does your error log show? Did you define `$conn`? – chris85 Mar 04 '16 at 20:04
  • Can you see the error log? I'm pretty sure this error is related with how you wrote your query. Just for start, your PHP variables containing the values to be set to do database fields are enclosed in single quotes ('). It happens that there is NO substitution of variable's values when you are inside single quotes! – Ed de Almeida Mar 04 '16 at 20:06
  • 1
    @JayBlanchard - Great article!!! on PDO, I will finish reading it when I get home. – yardie Mar 04 '16 at 20:07
  • http://stackoverflow.com/questions/3446216/what-is-the-difference-between-single-quoted-and-double-quoted-strings-in-php – Ed de Almeida Mar 04 '16 at 20:07
  • It wouldn't matter if the OP did @chris85 – Jay Blanchard Mar 04 '16 at 20:10
  • @EddeAlmeida variables in single quotes *do* get interpolated correctly. You can easily test. [EXAMPLE](http://phpfiddle.org/main/code/1m3a-ycnv) – Jay Blanchard Mar 04 '16 at 20:13
  • http://php.net/manual/en/language.types.string.php#language.types.string.syntax.single But I'm not the one to discuss the matter @JayBlanchard . PHP is not my best language and I seldom use it. – Ed de Almeida Mar 04 '16 at 20:18
  • @JayBlanchard Couldn't `$conn` be a valid PDO or mysqli connection and still work? – chris85 Mar 04 '16 at 20:19
  • It could @chris85, but the connection here *seems* obvious. ¯\\_(ツ)_/¯ – Jay Blanchard Mar 04 '16 at 20:20
  • Yea, looks like you solved; I thought OP might have left something out. – chris85 Mar 04 '16 at 20:21

1 Answers1

3

You cannot mix database API's. You start with older mysql_* functions and then move to some OOP version API (either MySQLi or PDO). If you want to use the older API all the way through you would do this:

mysql_connect("xxx", "xxx", "xxx") or die(mysql_error());
mysql_select_db("xxx") or die(mysql_error());
$sql = "INSERT INTO oc2_ads (id_user, id_category)
VALUES ('$id_user', '$id_category')";
$result = mysql_query($sql);

if ($result === TRUE) {
    echo "New record created successfully";
} else {
    echo "Error: " . mysql_error();
}

Your script is at risk for SQL Injection Attacks.

Please stop using mysql_* functions. These extensions have been removed in PHP 7. Learn about prepared statements for PDO and MySQLi and consider using PDO, it's really pretty easy.

Community
  • 1
  • 1
Jay Blanchard
  • 34,243
  • 16
  • 77
  • 119