-1

I'm trying to insert the user and cursus id in the database on submit the current user is defined in the second part(see comment) and connection with the database is made in the require once on top of the file. When i press the button now its echoing success but in the database noting is showing up. Console is not showing up anything and when i echo $a or &b its giving me the correct id's. What is it that im doing wrong?

<?php
session_start();
require_once('includes/mysql_config.php');

//getting user data/id
$id = isset($_SESSION['id']) ? $_SESSION['id'] : header('location: login.php');
$result = mysqli_query($con, "SELECT * FROM users WHERE id =".$_SESSION['id']);
$user = mysqli_fetch_array($result);
require_once('header.php');

$id = $_GET['id'];
$result = mysqli_query($con, "SELECT * FROM cursus c LEFT OUTER JOIN cursussoort cr ON (c.cursussoort_ID = cr.id)  WHERE c.ID = $id ORDER BY c.begindatum ASC");
$amount = mysqli_affected_rows($con);

for ($i = 0; $i < $amount; $i++) {
  $cursus = mysqli_fetch_array($result);

$a = $cursus['id'];
$b = $user['id'];
//$a = mysqli_real_escape_string($a);
//$b = mysqli_real_escape_string($b);

  if(isset($_POST['submit'])){
      if($user['id']) {
          $sql = "INSERT INTO aanmeldingen (users_id, cursus_id) VALUES ('$b', '$a')";
          $result = mysqli_query($sql);
          echo "success";
      } else {
          echo "failed";
      }
  }

?>

<div class="main-nav">
  <div class="container">
    <div class="navbar-header">
      <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
        <span class="sr-only">Toggle navigation</span>
        <span class="icon-bar"></span>
        <span class="icon-bar"></span>
        <span class="icon-bar"></span>
      </button>
      <!-- <a class="navbar-brand" href="index.html">
        <h1><img class="img-responsive" src="images/logo.png" alt="logo"></h1>
      </a> -->
    </div>
    <div class="collapse navbar-collapse">
      <ul class="nav navbar-nav navbar-right">
        <li class="scroll active"><a href="index.php#home">Home</a></li>
        <li class="scroll"><a href="index.php#services">Over ons</a></li>
        <li class="scroll"><a href="index.php#pricing">Cursussen</a></li>
        <li class="scroll"><a href="index.php#contact">Contact</a></li>
        <?php if(isset($_SESSION['id'])) {
          echo '<li><a href="myaccount.php"><span>Mijn account</span></a></li>';
          echo '<li><a href="logout.php"><span>Log Out</span></a></li>';
        } else {
          echo '<li><a href="login.php"><span>Log In</span></a></li>';
        } ?>
      </ul>
    </div>
  </div>
</div><!--/#main-nav-->
<br><br>
<!-- Post Content -->
  <div class="container">
    <div class="row">
      <div class="col-lg-8 col-lg-offset-2 col-md-10 col-md-offset-1">
        <div class="col-lg-8 col-lg-offset-2 col-md-10 col-md-offset-1">
          <div class="post-preview">
          <h1>  <?php echo $cursus['naam_cursus'] . "<br />";?></h1>
          van: <?php echo $cursus['begindatum'] . "<br />";?>
          tot: <?php echo $cursus['begindatum'] . "<br />";?>
            <?php echo $cursus['beschrijving'] . "<br />";?>
          </div>
        </div>
      </div>
      <form method="post">
        <input type="submit" name="submit">
      </form>
    </div>
  </div>
 <?php } ?>

<hr>

If you guys need more information tell me.

Heis
  • 606
  • 5
  • 25
  • 2
    [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! [Don't believe it?](http://stackoverflow.com/q/38297105/1011527) – Jay Blanchard Dec 14 '16 at 20:27
  • Since you provide no errors I assume that you need to turn on error reporting by putting `error_report(E_ALL); ini_set('display_errors', 'on');` at the top of your page and if you still get nothing then check out [**`mysqli_error()`**](http://php.net/manual/en/mysqli.error.php) – MonkeyZeus Dec 14 '16 at 20:28
  • 1
    In the procedural way, `mysqli_query()` takes **at least** 2 arguments, first is your connection handler and second is your query. It should be `$result = mysqli_query($con, $sql);`. RTM, [http://php.net/manual/en/mysqli.query.php](http://php.net/manual/en/mysqli.query.php) – Rajdeep Paul Dec 14 '16 at 20:30
  • error_report(E_ALL); ini_set('display_errors', 'on'); gave me a blank page – Heis Dec 14 '16 at 20:32
  • i just did if($result){ echo "success"; }else{ echo "failed"; } and it gave me failed so i never executed the query – Heis Dec 14 '16 at 20:34
  • How are you setting `$user['id']`? – Jay Blanchard Dec 14 '16 at 20:35
  • on top of the page $user = mysqli_fetch_array($result); gives me an array with the id in there if i echo the $user['id'] its giving me the id of the current user, btw thanks fot the sql injection documentry ill take a look into it – Heis Dec 14 '16 at 20:37
  • As Rajdeep pointed out `$result = mysqli_query($sql);` should be `$result = mysqli_query($con, $sql);` – Knyri Dec 14 '16 at 20:38
  • If you're getting "failed" then `if($user['id']) {` failed. – Jay Blanchard Dec 14 '16 at 20:38
  • Please do not edit your code to reflect comments. It will keep us from being able to help you. – Jay Blanchard Dec 14 '16 at 20:41
  • Changed it back, I did change the $result = mysqli_query($sql); to $result = mysqli_query($con, $sql); still fails – Heis Dec 14 '16 at 20:44
  • i placed the $sql and $result out of the if statement and changed $user['id'] to if($result) before i changed to $result now its working – Heis Dec 14 '16 at 20:53

1 Answers1

1

With your code here:

$result = mysqli_query($sql);

mysqli_query() requires two arguments; The connection, and the query. Try replacing that with this and tell me if it fixing your issue:

$result = mysqli_query($con, $sql);

Matt

Matthew Bergwall
  • 340
  • 1
  • 12
  • I already did this i also placed the $sql and $result out of the if statement and changed $user['id'] to if($result) now its working – Heis Dec 14 '16 at 21:23
  • Alright that's good to hear! Do you mind marking my answer as correct so I get credit? – Matthew Bergwall Dec 14 '16 at 22:31