Data is not getting inserted in mysql through php

Question

I am trying to insert 1 element into a table(It contains 3 columns).

code:

<?php
require 'connect.db.php';

$msg = 'msg';
mysql_query("INSERT INTO messages('Message') VALUES ('$msg')");
$result1 = mysql_query("SELECT * FROM messages ORDER by Msg_ID DESC");
while ($extract = mysql_fetch_array(result1)) {
  echo $extract['Message'];
}


 ?>

When i run it I am getting this error:

Notice: Use of undefined constant result1 - assumed 'result1' in C:\xampp\htdocs\SocialNetwork\chat\chat.php on line 7

Warning: mysql_fetch_array() expects parameter 1 to be resource, string given in C:\xampp\htdocs\SocialNetwork\chat\chat.php on line 70

Data is not getting inserted to the db..

Error after using mysqli (replaced mysql):

Warning: mysqli_query() expects at least 2 parameters, 1 given in C:\xampp\htdocs\SocialNetwork\chat\chat.php on line 6

Warning: mysqli_query() expects at least 2 parameters, 1 given in C:\xampp\htdocs\SocialNetwork\chat\chat.php on line 7

Notice: Use of undefined constant result1 - assumed 'result1' in C:\xampp\htdocs\SocialNetwork\chat\chat.php on line 8

Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, string given in C:\xampp\htdocs\SocialNetwork\chat\chat.php on line 8

***Please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php).*** [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). — Jay Blanchard, Nov 03 '16 at 16:21
[Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)***. Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! ***SQL Injection!*** *It's not just for breakfast any more!* — Jay Blanchard, Nov 03 '16 at 16:21
The error is obvious here `(result1)` then your column name, well that's the wrong identifier qualifier. — Funk Forty Niner, Nov 03 '16 at 16:21
`mysql_fetch_array(result1)` should be `mysql_fetch_array($result1)` — Jay Blanchard, Nov 03 '16 at 16:22
This question contains so many (syntax) errors, it's NOT funny. — Funk Forty Niner, Nov 03 '16 at 16:23
Your most recent edit made this into another question entirely. Please do not edit posts to make them a different question, ask another ***only after you have researched any new errors***. — Jay Blanchard, Nov 03 '16 at 16:23
I knw it's not safe.. I was just trying to insert data fr testing @JayBlanchard — IamNOOB, Nov 03 '16 at 16:26
I hate when people say *"I'm not that far along..."* or *"This site will not be public..."* or *"It's only for school, so security doesn't matter..."*. If teachers and professors are not talking about security from day one, they're doing it wrong. Challenge them. They're teaching sloppy and dangerous coding practices which students will have to unlearn later. I also hate it when folks say, *"I'll add security later..."* or *"Security isn't important now..."* or *"Ignore the security risk..."*. If you don't have time to do it right the first time, when will you find the time to add it later? — Jay Blanchard, Nov 03 '16 at 16:27
Sure wasn't me @JayBlanchard *"mais, au contraire mon frère"* ;-) — Funk Forty Niner, Nov 03 '16 at 16:31
Trueeeeeeeeeee.. I am sorry :( @JayBlanchard .. Going to update code now... — IamNOOB, Nov 03 '16 at 16:35

Praveen Kumar Purushothaman · Accepted Answer · 2016-11-03T16:25:34.867

1

Wrong quotes. Use back-ticks ` for column names:

INSERT INTO messages(`Message`) VALUES ('$msg')
-- ------------------^-------^

Note: mysql_* is deprecated. Use either mysqli_* or PDO.

Also, for the other error, you forgot to add a $:

while ($extract = mysql_fetch_array($result1)) {

Okay, so now you switched to mysqli_ function, it is a different story here:

$conn = mysqli_connect($host, $user, $pass, $db);

// And change all the functions to:
mysqli_query($conn, "SELECT ...");
mysqli_query($conn, "INSERT ...");

edited Nov 03 '16 at 16:25

answered Nov 03 '16 at 16:14

Praveen Kumar Purushothaman

164,888
24
203
252

Sure, but it doesn't explain `Notice: Use of undefined constant result1 - assumed 'result1'` - which is here `mysql_fetch_array(result1)` << – Funk Forty Niner Nov 03 '16 at 16:20
Wait let me try using mysqli or pdo – IamNOOB Nov 03 '16 at 16:20
1

No problem, but we have another problem here `mysql_fetch_array()` is for SELECT, not for INSERT ;-) – Funk Forty Niner Nov 03 '16 at 16:22
1

@Fred-ii- There's only `SELECT` there. Check it out. – Praveen Kumar Purushothaman Nov 03 '16 at 16:23
1

I noticed they added that "after" I commented. Big rabbit hole here. – Funk Forty Niner Nov 03 '16 at 16:23
Aye the problem fixed... Accidentally omitted the $.. But what about those warnings :( – IamNOOB Nov 03 '16 at 16:24
Who reopened the question? – Jay Blanchard Nov 03 '16 at 16:27
@JayBlanchard I did. It seems like it's not just that dupe. – Praveen Kumar Purushothaman Nov 03 '16 at 16:27
@PraveenKumar .. Data succesfully inserted.. But it's not printing anything :( – IamNOOB Nov 03 '16 at 16:39
@IamNOOB Can you update the question with the current code you are using? – Praveen Kumar Purushothaman Nov 03 '16 at 16:40
Update or new quesstion ? – IamNOOB Nov 03 '16 at 16:40
1

@PraveenKumar .. No problem now I ffixed it B) – IamNOOB Nov 03 '16 at 16:42
@IamNOOB What was the issue? – Praveen Kumar Purushothaman Nov 03 '16 at 16:43
It was not printing anything.. Just bunch of warnings... Now i fixed – IamNOOB Nov 03 '16 at 16:49

Data is not getting inserted in mysql through php

1 Answers1