1

I am using the below code to enter data into my DB but there is no error generated even the data is not inserting in db. Please help me

<?php
$dbhost = "localhost";
$dbuser = "root";
$dbpassword = "root";

$conn = mysqli_connect($dbhost, $dbuser, $dbpassword);
if(! $conn )
{
  die('Could not connect: ' . mysqli_error());
}

$post_enroll = $_POST['enroll'];
$post_mobile = $_POST['mobile'];
$post_email = $_POST['email'];
$post_password = $_POST['password'];

$sql = "INSERT INTO login (enroll, mobile, email, password) VALUES ('".$post_enroll."','".$post_mobile."','".$post_email."','".$post_password."')";

mysqli_select_db('rgpv');
$retval = mysqli_query( $sql, $conn );
if(! $retval )
{
  die('Could not enter data: ' . mysqli_error());
}

mysqli_close($conn);
?>
Kushagra Varade
  • 87
  • 7
  • Because `mysqli_query( $sql, $conn );` is wrong, it should be `mysqli_query($conn, $sql);`. RTM, [http://php.net/manual/en/mysqli.query.php](http://php.net/manual/en/mysqli.query.php) – Rajdeep Paul May 12 '16 at 17:17
  • What would happen if I changed my password to `x');SELECT * FROM login; --`? – ElGavilan May 12 '16 at 17:19
  • Also, your query is susceptible to SQL injection. Always **prepare**, **bind** and **execute** your queries to prevent any kind of SQL injection. [This is how you can prevent SQL injection in PHP](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). – Rajdeep Paul May 12 '16 at 17:20
  • Also look into SQL Injection. You shouldn't concatenate POST or GET data into your SQL string. –  May 12 '16 at 17:20
  • *but there is no error generated*, that's probably because of this statement `mysqli_error()`. You need to pass the connection handler to [`mysqli_error()`](http://php.net/manual/en/mysqli.error.php) function, like this: `mysqli_error($conn);` – Rajdeep Paul May 12 '16 at 17:31

2 Answers2

0

Change

mysqli_select_db('rgpv');

$retval = mysqli_query( $sql, $conn );

To

mysqli_select_db($conn , "rgpv");

$retval = mysqli_query( $conn , $sql);

Instead of using:

if(! $retval )

Use:

if (mysqli_errno($conn) != 0){
Misunderstood
  • 5,534
  • 1
  • 18
  • 25
0

Many Experts here in SO have strongly adviced against using mysql/i functions. Their advice is to embrace PDO instead. I'd fall in line with their advice, though. In this light; i'd suggest the following: 

<?php   

    //DATABASE CONNECTION CONFIGURATION:
    defined("HOST")     or define("HOST",   "localhost");           //REPLACE WITH YOUR DB-HOST
    defined("DBASE")    or define("DBASE",  "rgpv");                //REPLACE WITH YOUR DB NAME
    defined("USER")     or define("USER",   "root");                //REPLACE WITH YOUR DB-USER
    defined("PASS")     or define("PASS",   "root");                //REPLACE WITH YOUR DB-PASS


    $post_enroll    = isset($_POST['enroll'])   ? htmlspecialchars(trim($_POST['enroll']))      : null;  //PROTECT AGAINST ATTACKS
    $post_mobile    = isset($_POST['mobile'])   ? htmlspecialchars(trim($_POST['mobile']))      : null;  //PROTECT AGAINST ATTACKS
    $post_email     = isset($_POST['email'])    ? htmlspecialchars(trim($_POST['email']))       : null;  //PROTECT AGAINST ATTACKS
    $post_password  = isset($_POST['password']) ? htmlspecialchars(trim($_POST['password']))    : null;  //PROTECT AGAINST ATTACKS

    try {
        $dbh        = new PDO('mysql:host='.HOST.';dbname='. DBASE,USER,PASS);
        $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
        $stmt       = $dbh->prepare("INSERT INTO login (`enroll`, `mobile`, `email`, `password`) VALUES (:enroll, :mobile, :email, :password)");
        $stmt->bindParam(':enroll',     $post_enroll);
        $stmt->bindParam(':mobile',     $post_mobile);
        $stmt->bindParam(':email',      $post_email);
        $stmt->bindParam(':password',   $post_password);
        $status     = $stmt->execute();

        if(! $status ) {
            die('Something went wrong...');
        }

        //GARBAGE COLLECTION
        $dbh        = null;
    }catch(PDOException $e){
        echo $e->getMessage();
    }
?>

I hope this helps a bit...

Poiz
  • 7,611
  • 2
  • 15
  • 17