0

hey guys i am a newbie in php therefore i need you help. as the title says i am trying to store variable value into database table.

this is my php code that i wrote however it doesn't seem to be working. it doesn't seem to be storing any values in the database. 

<?php
    // to connect to database 
    require("user_connection.php");

    $query = "INSERT INTO booked (date, computer_id, name, start_time, end_time) VALUES ('$date', '$select3', '$username', '$select1', '$select2')";

    mysqli_query($query);       
?>

can you please help me check if there is anything wrong with my code. the database table is called "booked" and the columns are "date, computer_id, name, start_time, end_time". below is the full code of the page

<?php

    // starts a session and checks if the user is logged in
    error_reporting(E_ALL & ~E_NOTICE);
    session_start();

    if (isset($_SESSION['id'])) {
        $userId = $_SESSION['id'];
        $username = $_SESSION['username'];


    } else {
        header('Location: index.php');
        die();

    }   

?>



<!DOCTYPE html>

<html>
<body>



                        <!-- heading -->
        <div id="intro">Thankyou for booking a slot using the booking system.</div>


                        <!-- echo out information -->

        <div id="fonts">

        <h4>Below is the information of your booking:</h4>

            </br>
            </br>

        <b>Student Name:</b> <?php echo $username; // echo's name ?>
            </br>
            </br>



        <b>Room No:</b> <?php $room = $_SESSION['g'];

                echo $room; // echo's room ?>
            </br>
            </br>



        <b>Computer No:</b> <?php 

                $select3 = $_POST['bike'];
                echo  $select3;
                ?>
            </br>
            </br>



        <b>Date:</b> <?php $date = $_POST['datepicker']; 
                echo $date; // echo's date 
                ?>
        </br>
        </br>



        <b>Start Session and End Session:</b> <?php 
                if(isset($_POST['select1']) && isset($_POST['select2'])) {
                $select1 = $_POST['select1'];
                $select2 = $_POST['select2'];
                echo $select1;
                echo "";
                echo $select2;
                }
                else{
                echo "not set";
                }
                ?>

        </div>





        <?php

            // to connect to database 
            require("user_connection.php");

            $query = "INSERT INTO booked (date, computer_id, name, start_time, end_time) VALUES ('$date', '$select3', '$username', '$select1', '$select2')";

            mysqli_query($query);


        ?>






    </body>


    <footer>
        <p>Copyright © 2016 MyComputer &nbsp; | &nbsp; Contact information: <a href="mailto:gurungmadan@hotmail.com">gurungmadan@hotmail.com</a></p>
    </footer>

</html>
Dov Benyomin Sohacheski
  • 7,133
  • 7
  • 38
  • 64
Madan Gurung
  • 15
  • 2
  • 5
  • Can you be more specific about “don't working”? Surely you perform the query even when nothing is submitted. You have to move the query inside previous `if` statement. – fusion3k Apr 17 '16 at 20:08

1 Answers1

1

First, I would recommend you to use PDO insteand of mysqli. You can see more informations about why here and here.

With the pdo way, your code would result with something like this :

    $sql = "INSERT INTO booked (date, computer_id, name, start_time, end_time) VALUES (?,?,?,?,?)";
    $data = array($date, $select3, $username, $select1 ,$select2);
    $sth = $this->_db->prepare($sql);
    $sth->execute($data);

By using the prepare statement, you're protected from sql injections.

Community
  • 1
  • 1
Sam
  • 323
  • 2
  • 8