3

I have a problem using a long INSERT request in SQL, my request were working perfectl before I updated it , but now the instruction doesn't insert anything in my database and also doesn't make any error message. Here's the code :

try
{
    /* On connecte à la base de données MySQL */
    $bdd = new PDO('mysql:host=myhost;dbname=mydbname', 'root', 'mypass');
    /* On définit la requête SQL à exécuter */
    $requeteInscription = 'INSERT INTO interventions 
                              (utilisateur_id, nom_proprietaire, 
                               num_tel_proprietaire, courriel_proprietaire, 
                               informations_bien, interet, delai,
                               plan_2D, plan_3D, visite_virtuelle, 
                               shooting_photo, annee_construction, 
                               installation_gaz, cle_agence, cave, 
                               garage, type_bien, surface, adresse) 
                      VALUES ("'.$utilisateurId.'","'.$nomProprietaire.'","'
                            .$numTelProprietaire.'","'.$courrielProprietaire.'","'
                            .$infosBien.'","'.$delai.'","'
                            .$plan2D.'","'.$plan3D.'","'.$visiteVirtuelle.'","'
                            .$shootingPhoto.'","'.$anneeConstruction.'","'
                            .$installationGaz.'","'.$cleAgence.'","'.$cave.'","'
                            .$garage.'","'.$typeBien.'","'.$surface.'","'.$adresse.'")';
    sleep(1);
    $requete = $bdd->prepare($requeteInscription);

    $requete->execute();
    echo '#1';
}
catch(PDOException $e)
{
    echo('Erreur! : '.$e->getMessage().'</br>');
    die();
}

And here is the request returned when I make an echo on requeteInscription : 

INSERT INTO interventions (utilisateur_id, nom_proprietaire, num_tel_proprietaire, courriel_proprietaire, informations_bien, interet, delai, plan_2D, plan_3D, visite_virtuelle, shooting_photo, annee_construction, installation_gaz, cle_agence, cave, garage, type_bien, surface, adresse) VALUES ("5","Cyrille ","946458","hidden.email@stackoverflow.com","Local d'activité","Entre 4 et 6 jours.","Oui","Non","1","Non","1","2","0","1","1","3","123","Hdhdhd")

I don't see where the syntax error is (I guess it's a syntax error because when I do one, it never give me back an error message)

RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
Orionss
  • 725
  • 2
  • 10
  • 26
  • 1
    Learn about prepared statements – Jens Sep 02 '16 at 08:41
  • 1
    Why do you think it is a Syntax error if you do not get an error message? – Jens Sep 02 '16 at 08:43
  • What have you changed after it works – Jens Sep 02 '16 at 08:43
  • Have you checked the error logs? – M. Eriksson Sep 02 '16 at 08:44
  • What should I learn about prepared statement ? I see I used it for nothing, so I replaced by a ->query. – Orionss Sep 02 '16 at 08:45
  • I explained that I thought it's a syntax error because when I do a syntax error in the SQL request, It never returns me an error, it's just a supposition. I just added some variables (the 8 last) in the SQL request, and yes I did but I have nothing. – Orionss Sep 02 '16 at 08:47
  • Well **obviously** the error was introduced by your last change. Undo the last change, get code working again, **then reapply your change MORE CAREFULLY this time** – RiggsFolly Sep 02 '16 at 08:47
  • You should learn about prepared statements because it reduces (eliminates) the risk of SQL Injections. Concatenating queries can leave to security holes, even if you escape your data first. – M. Eriksson Sep 02 '16 at 08:47
  • Okay, I'll look for this, but I really want to know what's wrong with this code – Orionss Sep 02 '16 at 08:49
  • 4
    I count 19 columns and only 18 values. – Jonnix Sep 02 '16 at 08:49
  • Oh you're right, I feel so dumb now :') – Orionss Sep 02 '16 at 08:51
  • You may actually get a useful error message if you `print_r($e->errorInfo);` instead of echoing `$e->getMessage()` – RiggsFolly Sep 02 '16 at 08:51
  • Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) – RiggsFolly Sep 02 '16 at 08:52

1 Answers1

1

you are missing one value in insert query. Please add one more value in insert query. Remaining query is fine.

INSERT INTO interventions (utilisateur_id, nom_proprietaire, num_tel_proprietaire, courriel_proprietaire, informations_bien, interet, delai, plan_2D, plan_3D, visite_virtuelle, shooting_photo, annee_construction, installation_gaz, cle_agence, cave, garage, type_bien, surface, adresse) VALUES ("5","Cyrille ","946458","hidden.email@stackoverflow.com","Local d'activité","Entre 4 et 6 jours.","Oui","Non","1","Non","1","2","0","1","1","3","123","Hdhdhd","");

chetan.mohol
  • 56
  • 7