MySQLi insert not working correctly

Question

if(isset($_POST['submit']))
{
    extract($_POST);

    $query = "INSERT INTO Messages VALUES(null,'$user_id','$subject','$msg')";
    mysqli_query($conn,$query) or die (mysqli_error($conn));
}

Questions seeking debugging help (‘**why isn't this code working?**’) must include the desired behaviour, a specific problem or error and the shortest code necessary to reproduce it **in the question itself**. Questions without **a clear problem statement** are not useful to other readers. See: [How to create a Minimal, Complete, and Verifiable example](http://stackoverflow.com/help/mcve). — Biffen, Jul 09 '16 at 22:28
This code has all sorts of security issues. From the manual `Warning Do not use extract() on untrusted data, like user input` -http://php.net/manual/en/function.extract.php also see http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php — chris85, Jul 09 '16 at 22:29
Too many unknown things here to answer that "question". Also this is not a debugging-site. We don't know what's in $_POST, we don't know what your db looks like,... and finally _"not working"_ can mean _anything_. — Jeff, Jul 09 '16 at 22:29

score 0 · Answer 1 · edited Jul 10 '16 at 08:18

0

You can try this code (check if $_POST is not empty first and then execute):

if ( !empty($_POST['submit'])) {
    $query = "INSERT INTO"
        ."Messages"
        ."VALUES"
           ."(null,'$user_id','$subject','$msg')";
    mysqli_query($conn,$query) or die (mysqli_error($conn));
}

edited Jul 10 '16 at 08:18

Gynteniuxas

7,035
18
38
54

answered Jul 09 '16 at 23:42

levi

1,566
3
21
37

2

While code often speaks for itself, it's good to add some explanation to your code. This popped up in the review queue, as code-only answers tend to. – Will Jul 10 '16 at 00:58

MySQLi insert not working correctly

1 Answers1