php - Why do only number field get inserted into my table?

Question

I've got an HTML form with 10 fields, they are all text inputs, with 1 password input. I don't have a problem getting them from $_POST however - only the fields that contain numbers and no letters or spaces get inserted into the table and the ones with actual text are not inserted at all. This is the command I use to set up the table:

$sql = "CREATE TABLE `basicInfo` (ID INT, type VARCHAR (100), value VARCHAR (100))";

This is the command I am using to insert data from an array (which consists of values from $_POST).

$sql = "INSERT INTO `basicInfo` (`id`, `type`, `value`) VALUES (2, \"Username:\", ".$basicInfo[1].");";

What is going on?

`$sql = 'INSERT INTO `basicInfo` (`id`, `type`, `value`) VALUES (2, "Username:", "'.$basicInfo[1].'");';` — splash58, Jun 12 '16 at 17:39

score 0 · Answer 1 · answered Jun 12 '16 at 17:48

0

Change your query

  $sql = "INSERT INTO `basicInfo` (`ID`, `type`, `value`) VALUES (2, 'Username:', '".$basicInfo[1]."');";

Also are you sure its Username: and not Username ?

answered Jun 12 '16 at 17:48

Niklesh Raut

34,013
16
75
109

Hawkens VonShriek · Answer 2 · 2016-06-12T18:08:20.053

Incorporating/building upon Rishi's response, whenever you're inserting strings, you should enclose them in single quotes so that they are not falsely interpreted as integers or another non-string type that does not need quotes to be inserted. For example, as Rishi said, your SQL should look like this:

$sql = "INSERT INTO `basicInfo` (`ID`, `type`, `value`) VALUES (2, 'Username:', '".$basicInfo[1]."');";

Or, as I would write it:

$user = $basicInfo[1];
$sql = "INSERT INTO `basicInfo` (`ID`, `type`, `value`) VALUES (2, 'Username:', '$user');";

I like to take advantage of PHP's ability to insert variables directly into double-quoted strings almost to the point of fault; it's easier to read and feels more natural.

However, if you know ahead of time all of the fields in the form, you should make a table that has them as columns instead of doing what you're doing. This should make queries faster, easier to write, and more "correct" because you'll be using the database as it's intended (sorry, don't mean to be rude, it's just the truth). For example:

$sql = "CREATE TABLE `basicInfo` (ID INT, username VARCHAR (100), password VARCHAR (100), otherField VARCHAR (100), etc...)";

score 0 · Answer 3 · edited Jun 12 '16 at 18:09

0

Try this one.

$sql = "INSERT INTO `basicInfo` (`id`, `type`, `value`) VALUES (2, \"Username:\", \"".$basicInfo[1]."\");";

edited Jun 12 '16 at 18:09

Funk Forty Niner

74,450
15
68
141

answered Jun 12 '16 at 18:09

Shailesh Chauhan

559
3
14

php - Why do only number field get inserted into my table?

3 Answers3