PHP newbie unsure of mistake. Might be my INSERT?

Question

I am new to PHP. For me PHP was always a plugin or script I could find, but now I have reasons to actually learn it. Anyways. I have this system built for a league on a certain game I like to play, and I have created a page that allows you to create teams. The form functions, and tells me the team is made, but in my database it is nowhere to be seen. I am sure I have messed something up, possibly my INSERT.

Here's a SS of the database tables; https://gyazo.com/96c061f9ee8c5bd4599a4e096364c6c9

Here's some code;

//insert the row into the database
$query = mysqli_query("INSERT INTO team (Name, Abbreviation) VALUES('$teamname', '$TeamAbbrev')");

//display the success message
successMsg("Team added");
logActivity(onlineUser(), "Added", '$TeamID');
                }
            }
        }
    }

?>

<form method="post" action="<?php echo $PHP_SELF;?>">

    <p>
        <label>Team Name</label><br />
        <input type="text" class="text small" name="Name" /> 
    </p>

    <p>
        <label>Team Abbreviation</label><br />
        <input type="text" class="text small" name="Abbreviation" /> 
    </p>

    <BR />
    <div class="tableactions">
        <input type="submit" name="AddTeam" class="submit mid" value="Add Team" />
    </div>      <!-- .tableactions ends -->

</form>

</div>      <!-- .block_content ends -->

You're using mysqli, so take advantage of prepared statements. It will help prevent SQL injection, and just might fix your insert. `mysqli_error` is also a big help when debugging. — aynber, Jul 08 '16 at 17:03
`mysqli_query()` requires two parameters, the first being the connection: http://php.net/manual/en/mysqli.query.php — Qirel, Jul 08 '16 at 17:04
As per the documentation [`mysqli_query`](http://php.net/manual/en/mysqli.query.php) requires the link as the first parameter. — Script47, Jul 08 '16 at 17:04
[Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! — Jay Blanchard, Jul 08 '16 at 17:09
yada yada, sql injection, yada yada, placeholders, yada yada.... Besides that whats above the insert, where do those values come from.... — ArtisticPhoenix, Jul 08 '16 at 17:14

Aniruddha Chakraborty · Accepted Answer · 2016-07-08T17:16:34.347

0

To query using mysqli you have to pass the connection varible into the mysqli_query function

$link = mysqli_connect("127.0.0.1", "my_user", "my_password", "my_db"); 

$query = mysqli_query($link,"INSERT INTO team (Name, Abbreviation) VALUES('$teamname', '$TeamAbbrev')");

Note: learn some security stuff in the web , if you don't sanitize data before inserting it . it will be easy to use sql injection in your script.

edited Jul 08 '16 at 17:16

answered Jul 08 '16 at 17:07

Aniruddha Chakraborty

1,849
1
20
32

1

*using raw sql* - What do you mean by that? – Script47 Jul 08 '16 at 17:13
Sorry , maybe i explained it wrong . i edited my answer . Thank you @Script47 buddy for pointing my mistake ! :) – Aniruddha Chakraborty Jul 08 '16 at 17:18

PHP newbie unsure of mistake. Might be my INSERT?

1 Answers1