PHP - Entering data into a database

Question

I've recently trying to add data into a database, (New to php), I've looked over to see where I've gone wrong, but can't find anything. The error is:

Unknown column 'FUMUKU' in 'field list'

Code:

$dbhost = 'localhost';
$dbuser = 'evocityi_admin';
$dbpass = 'password';
$database = 'evocityi_stocks';
$conn = mysql_connect($dbhost, $dbuser, $dbpass, $database);
if(! $conn )
{
  die('Could not connect: ' . mysql_error());
}

$Dtime = "30/04/16";
$StockName = "FUMUKU";
$FUMUKUPrice = 1000;
$sql = "INSERT INTO stocks".
       "(Stock,Price, TimeD) ".
       "VALUES ".
       "('$StockName,$FUMUKUPrice, $DTime')";
mysql_select_db('evocityi_stocks');
$retval = mysql_query( $sql, $conn );
if(! $retval )
{
  die('Could not enter data: ' . mysql_error());
}
echo "Entered data successfully\n";
mysql_close($conn);
?>

SQL Database: https://gyazo.com/fc97b686cfea79ea773d1796e912551e

mysql_ is deprecated, it's preferred to use PDO or mysqli_. Also, your code is vulnerable to SQL injection (if the fields Dtime, StockName or FUMUKUPrice can be altered by the user) — Erik Terwan, Apr 30 '16 at 11:22

score 0 · Answer 1 · edited Apr 30 '16 at 11:58

0

I managed to fix it using:

$sql = "INSERT INTO `stocks` (`Stock`,`Price`, `TimeD`) VALUES ('$StockName','$FUMUKUPrice', '".date('Y-m-d',strtotime($Dtime))."')";

edited Apr 30 '16 at 11:58

The Codesee

3,714
5
38
78

answered Apr 30 '16 at 11:19

PaulB12345

15
5

score 0 · Answer 2 · answered Apr 30 '16 at 11:20

'$StockName,$FUMUKUPrice, $DTime'

You should surround every variable with quotes:

'$StockName' ,' $FUMUKUPrice' , '$DTime'

Just know that when blindly concatenating variables into a SQL query and not preparing statements for user input makes your code vulnerable to SQL injection. Use Prepared Statements instead. Also, use the mysqli_* functions, the mysql_* functions are deprecated.

score 0 · Answer 3 · answered Apr 30 '16 at 11:21

Try this query, you are not using qoutes properly on the variables due to this It through error.

$sql = "INSERT INTO stocks".
       "(Stock,Price, TimeD) ".
       "VALUES ".
       "('".$StockName."', '".$FUMUKUPrice."', '".$DTime."')";

To avoid deprecation and SQL Injection you should use PDO or mysqli.

score 0 · Answer 4 · answered Apr 30 '16 at 11:23

You're using mysql_* functions, that's what's wrong.

Read the documentation and look into alternatives.

One such alternative may be:

$query = $pdoconnection->prepare("
    insert into `stocks`
    (`Stock`,`Price`,`TimeD`)
    values (?,?,?)
");
$query->execute([$StockName, $FUMUKUPrice, $Dtime]);

score 0 · Accepted Answer · answered Apr 30 '16 at 11:37

0

Use this It will helps you.

$sql = "INSERT INTO stocks(Stock,Price,TimeD) VALUES ('$StockName','$FUMUKUPrice', '".date('Y-m-d',strtotime($Dtime))."')";

answered Apr 30 '16 at 11:37

Manish Silawat

900
5
7

score 0 · Answer 6 · answered Apr 30 '16 at 11:44

0

Try this

    $sql = ("INSERT INTO stocks (Stock,Price, TimeD)
                VALUES('$StockName', '$FUMUKUPrice', '$DTime')");

answered Apr 30 '16 at 11:44

Venkatesh

31
7

PHP - Entering data into a database

6 Answers6