0
     require_once 'dbconn.php';
     $conn = new mysqli($db_host, $db_user, $db_pass, $db_name);
     if ($conn->connect_error) die($conn->connect_error);

     $ref = "CPL";
     $ida = ($_GET["id"]);
     $vc = ($_GET["points"]);

//this is just for me to see some output, will be removed later
echo 'ID: '   . $ida   . '<br>';
echo 'Points: '    . $vc    . '<br>';


$query = "INSERT INTO 'my_database' ( 'some_id', 'ref_id') VALUES ( '".$ida."', '".$ref."' );";
$result = mysqli_query($conn,$query);
if($result){echo 'it works';} else {echo 'nope, try again';}

The connection to the mysql database is setup correctly, I can also output the current data that is stored inside however I am trying to insert data into the database but I'm failing miserably. I've read a book and took a udemy course (dumbass, i know) to figure this out and I still can't.

What I'm trying to do is this; I'll get a thing (sorry, newbie) from a 3rd party server in format of https://myurl/mycode.php?id=5&points=150

I grab that data and store it into my $ida and $vc variables. I can echo them out and they return the correct values but I also want to store them in my database, but so far without success. I'm using the exact same code as the dude in the udemy course but it doesn't work. :( Can anyone help me out please or point me in the right direction?

JackDunn
  • 1
  • 1
  • 1
    You are wide open for SQL injection. Since you're using mysqli, take advantage of [prepared statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [bind_param](http://php.net/manual/en/mysqli-stmt.bind-param.php). This will fix any quoting issues you might have. – aynber Apr 05 '17 at 15:02
  • Also, your quotes for tables and columns are wrong. – aynber Apr 05 '17 at 15:02
  • 1
    And how exactly is it failing? Note that `'nope, try again'` isn't a *particularly* useful error message. If the query is failing, see what `mysqli_error()` has to say about it. – David Apr 05 '17 at 15:02
  • Well I'm checking the database through phpmyadmin and the entries I'm trying to add aren't showing up. Like I said I'm a complete newbie just following examples that I found in O'reilly book and an udemy course so I still have much to learn. :) – JackDunn Apr 05 '17 at 15:06
  • `my_database` is a table or database? – chris85 Apr 05 '17 at 15:06
  • How are my qoutes for tables and columns wrong please? Like I said I'm following a book and a video course and the exact same code works in their example but doesn't for me. :\ – JackDunn Apr 05 '17 at 15:08
  • Quotes are for strings. Backticks are for tables/columns/databases. e.g. `my_database`, `'some_id`, and `ref_id` are encapsulated incorrectly. Depending on their real names they may not need to be in backticks. If they are reserved terms they will need to be, or use non-standard characters. – chris85 Apr 05 '17 at 15:09
  • my_database is a table, i just changed the name of it for personal reasons. let's call it something_points_entry instead. Sorry :) – JackDunn Apr 05 '17 at 15:09
  • The linked duplicate explains the differences between the types of quoting. – aynber Apr 05 '17 at 15:13
  • It explains bollocks if you don't know wtf you're doing. To throw a newbie into a thread with charts and loads of info that's not relevant to a single query is just bizarre but ok I'll go read the whole thing. – JackDunn Apr 05 '17 at 15:42
  • got the correct syntax thanks to none of you. Thanks anyway. – JackDunn Apr 05 '17 at 16:29

0 Answers0