1

I got this code 

    <form action="MyCurrentPage.php" method="post" >
    <label for="name_of_trainer"> Name Trainer </label>
    <input type="text" name="name_of_trainer" id="name_of_trainer"/>
    <label for="double"> yearly Income </label>
    <input type="text" name="yearly_income id="yearlyincome"/>
<input type= "submit" value="submit" name="submit" />
</form>

?php
 if (isset($_POST['submit'])) {
     $yearly_income_adition=$_POST['name_of_trainer'];
     $yearly_income=$_POST['yearly_income'];
     $mysqli->select_db("trainers");

    $sql="INSERT INTO trainers (titleCD, yearly_income) VALUES ('".$yearly_income_adition."','".$yearly_income.'")";
    $mysqli->query($sql);

     }

?>

and I am using it to insert new values into my database but it is not working, the values are not being added and I dont get any error. Do I have a syntax error?

user12654809
  • 19
  • 2
  • this that code on the same page or different pages? – Webeng Apr 29 '16 at 19:29
  • You can do select queries? Please check that – Sibidharan Apr 29 '16 at 19:30
  • 1
    Your code is vulnerable to sql injection, which means that if a hacker manages to walk by and play with your code, they can do things like delete all the tables in your database, or worse, obtain the information and find a way to profit from it. – Webeng Apr 29 '16 at 19:30
  • After $yearly_income...I'm pretty sure it is supposed to be " then ' so: $yearly_income."')"; – Kyle Hawk Apr 29 '16 at 19:30
  • you don't get any errors because you're not checking for them. unless you explicitly enable exceptions. mysqli fails by returning boolean false. – Marc B Apr 29 '16 at 19:34
  • @MarcB - I think that's a PHP error there, not a mysql one – Tudor Constantin Apr 29 '16 at 19:36
  • **WARNING**: When using `mysqli` you should be using parameterized queries and [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add user data to your query. **DO NOT** use string interpolation or concatenation to accomplish this because you have created a severe [SQL injection bug](http://bobby-tables.com/). **NEVER** put `$_POST` or `$_GET` data directly into a query, it can be very harmful if someone seeks to exploit your mistake. – tadman Apr 29 '16 at 20:00

3 Answers3

1

try with:

$sql="INSERT INTO trainers (titleCD, yearly_income) VALUES ('".$yearly_income_adition."','".$yearly_income."')";

Notice the last new position of the last '

Also, as @Webeng commented, learn about avoiding MySQL injection in your code. It's very important to have it as a habit.

Community
  • 1
  • 1
Tudor Constantin
  • 26,330
  • 7
  • 49
  • 72
1

You are missing two things:

?php should be <?php

and

'".$yearly_income.'")"; should be '".$yearly_income."')";

Let me know if that works for you.

Webeng
  • 7,050
  • 4
  • 31
  • 59
0

Why do you check this?

if (isset($_POST['submit'])) {

change it to:

if (isset($_POST['yearly_income'])) {
Ing. Gerardo Sánchez
  • 1,607
  • 15
  • 14