-3

This is my insert function. Database connected successfully and the parameters were also received successfully, but it is not inserting values in the table.

 public function insert($owner_fname,$owner_lname,$owner_phone,$owner_email,$owner_age,$owner_city,$owner_address,$owner_password,$owner_confirm_password,$owner_gender)
    {
        $con=new DB();
        $var=$con->connect();
        echo $owner_fname;
        echo $owner_lname;
        echo $owner_phone;
        echo $owner_email;
        echo $owner_age;
        echo $owner_city;
        echo $owner_address;
        echo $owner_password;
        echo $owner_confirm_password;
        echo $owner_gender;
      $res = mysql_query("INSERT INTO owner(o_name,o_last_name,o_phone,o_email,o_age,o_city,o_address,o_password,o_confirm_password,o_gender) VALUES('$owner_fname','$owner_lname','$owner_phone','$owner_email','$owner_age','$owner_city','$owner_address','$owner_password','$owner_confirm_password','$owner_gender')");
      return $res;
    }
developerwjk
  • 8,619
  • 2
  • 17
  • 33
Asif Mehmood
  • 473
  • 3
  • 16
  • 3
    [Little Bobby](http://bobby-tables.com/) says [your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard Jun 15 '16 at 19:45
  • 2
    Please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard Jun 15 '16 at 19:45
  • 1
    Have you checked your error logs? You're making an assumption the query is working. Add error reporting to the top of your file(s) right after your opening ` – Jay Blanchard Jun 15 '16 at 19:46
  • 1
    I'm voting to close this question as off-topic because it is a case of mixing either mysqli_* or PDO with deprecated mysql_* functions, which will not work. – developerwjk Jun 15 '16 at 19:47
  • Have you tried executing the query using a database tool? – Shago Jun 15 '16 at 19:52
  • @developerwjk Where do you see it using mysqli or PDO? – Barmar Jun 15 '16 at 20:36
  • @Barmar `$con=new DB(); $var=$con->connect();` Behind the scenes in this `DB()` object I imagine is mysqli_ or PDO code. And considering the `mysql_query` call at the bottom doesn't reference anything from the `$con` or `$var` objects, its an obvious case of mixing object-oriented mysqli_/PDO with procedural mysql_. Its possible he could just have made an attempt at abstracting mysql_ functions, but I'm doubting it. – developerwjk Jun 15 '16 at 20:50
  • @developerwjk You could be right, but lots of people make a DB class just to hide the `mysql_connect()` parameters. – Barmar Jun 15 '16 at 21:35

2 Answers2

0

You should use MySqli or Prepared Statements instead of Mysql and you're missing the connection parameter. Use something like this:

mysqli_query($connection, $string_query);

Where: $connection in your case is going to be $var And $string_query is going to be 'Select * From table' or 'Inserto Into table () values () '

Hope i help

Jose Flavio Quispe Irrazábal
  • 168
  • 4
  • 10
0
public function insert($owner_fname,$owner_lname,$owner_phone,$owner_email,$owner_age,$owner_city,$owner_address,$owner_password,$owner_confirm_password,$owner_gender)
{
    // $con=new DB();
    // $con->connect();
    echo $owner_fname;
    echo $owner_lname;
    echo $owner_phone;
    echo $owner_email;
    echo $owner_age;
    echo $owner_city;
    echo $owner_address;
    echo $owner_password;
    echo $owner_confirm_password;
    echo $owner_gender;
    $servername = "localhost";
    $username = "root";
    $password = "";
    $dbname = "orcs";
    $conn = new mysqli($servername, $username, $password, $dbname);
  $sql= "INSERT INTO owner(o_name,o_last_name,o_phone,o_email,o_age,o_city,o_address,o_password,o_confirm_password,o_gender) VALUES('$owner_fname','$owner_lname','$owner_phone','$owner_email','$owner_age','$owner_city','$owner_address','$owner_password','$owner_confirm_password','$owner_gender')";

  if ($conn->query($sql) === TRUE) {
        $last_id = $conn->insert_id;
        echo "New record created successfully.";
    } else {
        echo "Error: " . $sql . "<br>" . $conn->error;
    }

    $conn->close();

}

this works fine

Asif Mehmood
  • 473
  • 3
  • 16
  • Can you explain why the original code didn't work, and how your answer fixes it? Just switching from `mysql` to `mysqli` is not an answer, it's just a coding suggestion. – Barmar Jun 15 '16 at 20:35