0

I am using goDaddy server. This page doesn't work but when I copy paste SQL output to phpmyadmin SQL tab, it works. Some pages have same status. Some pages which has "insert into" query, it works. This page works on my computer seamlessly

include('database.php');

$resimurl="some url";

$sql = "INSERT INTO gruplar (grupadı,resim,uyesayı,gelenkutusayı) SELECT '" . $adı ."','" . $resimurl ."',1,0 FROM dual WHERE NOT EXISTS (SELECT idi FROM gruplar WHERE grupadı='". $adı. "')";

        $result = mysqli_query($conn, $sql);
die($sql);

databese.php

$servername = "bla bla";
$username = "bla";
$password = "bla";
$dbname = "db name";

$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
    die ("HATA"); //die("Connection failed: " . $conn->connect_error);
}

I want to remind that some pages which use this database.php works seamlessly.

Thanks for your help.

I solved problem with chancing table column name "ı" to "i". ex(grupadı => grupadi ) It was not about undefined variable. I think it is about comminication of databese and php works with $adı variable. Thanks for help

mmccaann
  • 21
  • 5
  • 7
    Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). – John Conde Apr 25 '17 at 20:55
  • 8
    You don't know what's wrong because you don't check for errors in your code. Never assume the code is always going to work flawlessly. Use [`mysqli_error()`](http://php.net/manual/en/mysqli.error.php) to get a detailed error message from the database. – John Conde Apr 25 '17 at 20:55
  • I see an undefined variable. Turn on error reporting. – John Conde Apr 25 '17 at 20:56
  • 2
    `$adı` is that a 1 or a l or what charterset? –  Apr 25 '17 at 20:58
  • INSERT INTO gruplar (grupadı,resim,uyesayı,gelenkutusayı) SELECT 'string','string',1,0 FROM dual WHERE NOT EXISTS (SELECT idi FROM gruplar WHERE grupadı='string') You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '�,resim,uyesayı,gelenkutusayı) SELECT 'sdsadassdasd','http://bla bla.c' at line 1 maybe it is about � this character ? – mmccaann Apr 25 '17 at 21:05
  • $adı is a string @johnConde "bla abdasd bla" – mmccaann Apr 25 '17 at 21:08
  • 2
    Per http://php.net/manual/en/language.variables.basics.php `$adı` is an invalid variable name. Your column name `grupadı` would also fall into the same category but for mysql column names. https://dev.mysql.com/doc/refman/5.7/en/identifiers.html – chris85 Apr 25 '17 at 21:14
  • that was my point, you seem to be using a "non standard" character-set there for php variables –  Apr 25 '17 at 21:14

0 Answers0