PHP Mysql insert into GET method with two variables

Question

I would like to insert data from two variables to MySQL.

Here is my code:

<?php

// Prepare variables for database connection

$dbusername = "arduino";  // enter database username, I used "arduino" in step 2.2
$dbpassword = "arduinotest";  // enter database password, I used "arduinotest" in step 2.2
$server = "localhost"; // IMPORTANT: if you are using XAMPP enter "localhost", but if you have an online website enter its address, ie."www.yourwebsite.com"

// Connect to your database

$dbconnect = mysql_pconnect($server, $dbusername, $dbpassword);
$dbselect = mysql_select_db("test",$dbconnect);

// Prepare the SQL statement

$sql = "INSERT INTO test.sensor (homero, parat) VALUES ('".$_GET["homero"].", ".$_GET["parat"]."')";

// Execute SQL statement

mysql_query($sql); ?>

And when I click on http://localhost/write_data.php?homer=32&parat=43 it wont send any data to my database. Please can you help me? Is $sql line correct? thanks

**1.** Your quotes are missing. The right one should be: `"INSERT INTO test.sensor (homero, parat) VALUES ('".$_GET["homero"]."', '".$_GET["parat"]."')"`. **2.** Do not use `mysql_*` functions as they are deprecated. — Praveen Kumar Purushothaman, Mar 18 '16 at 09:46

Blaatpraat · Answer 1 · 2016-03-18T09:52:58.507

0

There is an error in your SQL statement, you don't have the correct quotes.
Also: please use backticks around variables.

Before I give the solution, I need to warn you about some other stuff.
First of all: your code is vulnerable to SQL injection.
More information about SQL injection: What is SQL injection?

Second of all: Mysql_* is deprecated in PHP5, and removed in PHP7. You can switch to Mysqli_* of even better: PDO. Please do some research about this.
More information about this: Why shouldn't I use mysql_* functions in PHP?

Anyway: here is the line of code that will fix your snippet, but it isn't that good:

$sql = "INSERT INTO `test`.`sensor` (`homero`, `parat`) VALUES ('".$_GET["homero"]."', '".$_GET["parat"]."')";

edited Mar 18 '16 at 09:52

answered Mar 18 '16 at 09:46

Blaatpraat

2,829
11
23

I really believe this should not be answered and closed as typo. But anyway, I appreciate your efforts. – Praveen Kumar Purushothaman Mar 18 '16 at 09:47
@PraveenKumar For the code problem itself: I agree. But I want to give the OP the advice to learn something about SQL injection and PDO. That's why I made an answer instead of ignoring it. – Blaatpraat Mar 18 '16 at 09:49
That's nice. Thanks. But there are tons of posts. Anyway, I will mark it as dupe. <-- Oops, can't do. Already closed it with a different reason. – Praveen Kumar Purushothaman Mar 18 '16 at 09:49
thanks for answer, I tried the code and when I open localhost/write_data.php?homer=32&parat=43 it posts only parat data – András Kiss Mar 18 '16 at 10:04
True, because there is $_GET["homero"], while you're providing "homer". Or you need to adapt the URL and put "homero" in it (instead of homer), or you need to change the SQL string, and put "homer" instead of "homero". – Blaatpraat Mar 18 '16 at 10:05
thanks, now its working :) – András Kiss Mar 18 '16 at 10:08

score 0 · Accepted Answer · answered Mar 18 '16 at 09:54

0

Your have two missing quotes first is after ".$_GET["homero"]." and second is before ".$_GET["parat"].". So try using below query:

$sql = "INSERT INTO test.sensor (homero, parat) VALUES ('".$_GET["homero"]."', '".$_GET["parat"]."')";

answered Mar 18 '16 at 09:54

Mubeen Ali

2,150
2
18
26

thanks for answer, I tried the code and when I open localhost/write_data.php?homer=32&parat=43 it posts only parat data. – András Kiss Mar 18 '16 at 10:03
can you show me your form? – Mubeen Ali Mar 18 '16 at 10:04
its working now, thank you – András Kiss Mar 18 '16 at 10:09

score 0 · Answer 3 · answered Mar 18 '16 at 10:12

Try this one:

<?php

// Prepare variables for database connection

$dbusername = "arduino";  // enter database username, I used "arduino" in step 2.2
$dbpassword = "arduinotest";  // enter database password, I used "arduinotest" in step 2.2
$server = "localhost"; // IMPORTANT: if you are using XAMPP enter "localhost", but if you have an online website enter its address, ie."www.yourwebsite.com"
$db =   "test";
// Connect to your database

$mysqli = mysqli_connect($server,$dbusername,$dbpassword,$test) or die("Error " . mysqli_error($mysqli)); 

// Prepare the SQL statement

$sql = "INSERT INTO test.sensor (homero, parat) VALUES ('".$_GET['homero']."', '".$_GET['parat']."')";

// Execute SQL statement

mysqli_query($mysqli, $sql) ?>

Use mysqli instead of mysql because the later is depricated

PHP Mysql insert into GET method with two variables

3 Answers3