PHP MySQL Insert into table

Question

I've followed a tutorial tot he exact code and i can't seem to get this to work

When I submit the form nothing gets put into my table

I can't seem to find the problem, ive changed a bunch of stuff but i cant seem to find the answer.

If anyone can have a look at my code and help me resolve the issue i would be very thankfull

Code

<form class="form" method="post" action="index.php">
            <h2>
              Post new account...
            </h2>
              <div class="form-group">
                <label for="title">Title</label>
                <input required type="text" class="form-control" name="title"  placeholder="Enter a title for the account...">
              </div>
              <div class="form-group">
                <div class="row">
                  <div class="col-md-6">
                    <label for="server">Server</label>
                    <input required type="text" class="form-control" name="server"  placeholder="Enter Server...">
                  </div>
                   <div class="col-md-6">
                      <label for="price">Price</label>
                      <input required type="number" class="form-control" name="price"  placeholder="Enter Price...">
                   </div>  
                </div>
              </div>
              <div class="form-group">  
              <div class="row">
                  <div class="col-md-6">
                    <label for="Energy">Energy</label>
                    <input required type="number" class="form-control" name="energy"  placeholder="Enter Energy...">
                  </div>
                   <div class="col-md-6">
                      <label for="Stamina">Stamina</label>
                      <input required type="number" class="form-control" name="stamina"  placeholder="Enter Stamina...">
                   </div>  
                </div>
              </div>
              <div class="form-group">  
              <div class="row">
                  <div class="col-md-6">
                    <label for="Jewels">Jewels</label>
                    <input required type="number" class="form-control" name="jewels" placeholder="Enter Jewels...">
                  </div>
                   <div class="col-md-6">
                      <label for="honor">Stamina</label>
                      <input required type="number" class="form-control" name="honor" placeholder="Enter Honor...">
                   </div>  
                </div>
              </div>
              <div class="form-group">
                <label for="image">Image URL</label>
                <input required type="text" class="form-control" name="image" placeholder="Enter the image link...">
              </div>
              <div class="form-group">
                <label for="link">Link URL</label>
                <input required type="text" class="form-control" name="link" placeholder="Enter the payment link...">
              </div>
              <div class="form-group">
                <input class="btn btn-primary btn-md" type="submit" name="submit">
              </div>
          </form>

<?php
if (isset($_POST['submit'])) {     

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
    die("We're having problems at the moment, please come back later!");
} 

$query = "INSERT INTO accounts (title,price,energy,stamina,jewels,honor,damage,server,image,link) VALUES ('$_POST[title]','$_POST[price]','$_POST[energy]','$_POST[stamina]','$_POST[jewels]','$_POST[honor]','$_POST[damage]','$_POST[server]','$_POST[image]','$_POST[link]')";

mysql_query($query,$conn);
mysql_close($conn);
};
?>

You're mixing `mysql_*` and `mysqli_*` functions, which doesn't work. — Jay Blanchard, Apr 15 '16 at 20:46
You're mixing `mysql_*` and `mysqli_*` commands. Don't do that. — WillardSolutions, Apr 15 '16 at 20:46
[Little Bobby](http://bobby-tables.com/) says [your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! — Jay Blanchard, Apr 15 '16 at 20:46
For general dev skills: Check the return code (if mysql_query returns false then you can use mysql_error to find what went wrong). Also, var_dump is your friend (var_dump ($_POST) would let you know what's being sent up. A couple of useful pointers they probably don't have in the tutorial. Finally, look into PDO rather than mysql functions - they are being replaced. — Mike, Apr 15 '16 at 20:53

score 0 · Answer 1 · answered Apr 15 '16 at 20:52

Check your connection:

if (!$conn) {
   die("Connection failed: " . mysqli_connect_error());
}

Then check if it is inserting into the database or not. If there's an error, it will let you know as well.

if (mysqli_query($conn, $sql)) {
   echo "New record created successfully";
} else {
   echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}

Also, don't mix mysql_ with mysqli_. Start using mysqli_ instead of mysql_. mysql_ is deprecated.

PHP MySQL Insert into table

1 Answers1