php mysql data insert- missing value which from while loop

Question

i need insert 3 ('$asin', '$w_email', '$work_link') data in database but its inserts these 2 ('$asin', '$w_email') but ('$work_link') is missing. what wrong i am doing? or whats the solution to insert these all 3 data?

$results = mysql_query("SELECT asin_link FROM work WHERE email=$w_email");
      while($row = mysql_fetch_array($result)) {
      $work_link = $row['asin_link'];
      echo '<a href="'.$work_link.'" target="'.$work_link.'">Visit Work link<br></a>';
      echo '<form action="" method="post">
        ASIN Number: <input type="text" name="asin"><br>
        <input type="submit" value="Submit" name="submit">
      </form>';}
      if (isset($_POST['submit'])) {
        $asin = $_POST['asin'];
        $qu ="INSERT INTO work (asin, email, asin_link) VALUES ('$asin', '$w_email','$work_link')";
        if (mysql_query($qu)) {
        echo "Your ASIN was received! Thanks";
      }
      }

**WARNING**: If you're just learning PHP, please, do not use the [`mysql_query`](http://php.net/manual/en/function.mysql-query.php) interface. It’s so awful and dangerous that it was removed in PHP 7. A replacement like [PDO is not hard to learn](http://net.tutsplus.com/tutorials/php/why-you-should-be-using-phps-pdo-for-database-access/) and a guide like [PHP The Right Way](http://www.phptherightway.com/) explains best practices. Your user parameters are **not** [properly escaped](http://bobby-tables.com/php) and there are [SQL injection bugs](http://bobby-tables.com/) that can be exploited. — tadman, May 22 '16 at 08:44
`WHERE email=$w_email` that's likely to be a string, so treat it as such. — Funk Forty Niner, May 22 '16 at 12:55

score 0 · Answer 1 · edited May 22 '16 at 08:45

0

Try to echo all values ($asin, $w_email, $work_link), for example, above $qu string (and perhaps use die() as well to easily see what it prints).

EDIT: you should not be using PHP's mysql_ API anymore. Instead, try mysqli because mysql is deprecated.

EDIT2: I know it's not that related right now, but you should also escape your variables as right now query is vulnerable. :)

Good luck!

edited May 22 '16 at 08:45

Strawberry

33,750
13
40
57

answered May 22 '16 at 07:56

Gynteniuxas

7,035
18
38
54

php mysql data insert- missing value which from while loop

1 Answers1