1

I have the following form:

<form id ="classadderform" action="formsubmit.php" method="POST">
     <input type ="checkbox" name="note" value = "Note1"></input> 
     <input type="submit"  value="Click Me" style="width:300px;">
</form>

Upon submit, the code redirects to formsubmit.php. Part of the code there is the following:

$db = new mysqli("sql...byethost8.com", "b8_163//....(database info));
$id = $_SESSION['id'];
.......
if(isset($_POST['note'])){
    if($id){
        $db->query("UPDATE answers SET WordLevel = 'Difficult' WHERE user_id=$id"); //<<<UPDATES SUCCESSFULLY
        $notevalue=$_POST['note'];
        $db->query("INSERT INTO answers (user_id, ValueColumn) VALUES ($id,'$notevalue')");  //<<<<<DOESN'T UPDATE

The WordLevel column updates successfully, but the value of the input named note does not insert into the column titled ValueColumn. This was working in my code a few days ago but it somehow stopped working. I tried different iterations of single quotes around $id and $notevalue but nothing seems to resolve the issue.

Any help would be much appreciated!

Be Bo
  • 11
  • 3
  • Please have a look at https://www.w3schools.com/sql/sql_injection.asp – Leonard Brünings Jul 01 '17 at 04:44
  • Can you chnage `'$notevalue'` to `"'" . $notevalue . "'"` and test ? – Prafulla Kumar Sahu Jul 01 '17 at 04:54
  • Thank you for the link @LeonardBrünings. I have read through that, which is how I originally got this to work a few days ago...but the insert function has stopped working on all of my forms and it's mind-boggling. If you look at the INSERT INTO statement that I posted, is there anything that jumps out at you? – Be Bo Jul 01 '17 at 04:55
  • @PrafullaKumarSahu When I do so, I get a `500 (Internal Server Error)` on the POST – Be Bo Jul 01 '17 at 05:03
  • 1
    How about enabling `error_reporting` or asking `mysqli_error` for once? Oh and let's not forget about parameter binding, btw. – mario Jul 01 '17 at 05:03
  • One more thing you can do is assign the query to a variable, echo it and try to run the query in phpmyadmin. – Prafulla Kumar Sahu Jul 01 '17 at 05:05
  • @mario I am trying my best to learn coding from the ground up without any education outside of the Internet, so please don't get nasty with me. I was not even aware that those existed; I Googled them and I'm not quite sure how to use them but I'm going to play around with them. – Be Bo Jul 01 '17 at 05:16
  • Thank you for the suggestion @PrafullaKumarSahu. I'm not quite sure how to do that, but I'll see what I can find related to that online. – Be Bo Jul 01 '17 at 05:18
  • `$query = "INSERT INTO answers (user_id, ValueColumn) VALUES ($id,'$notevalue')"; echo $query; exit;` use this before insert query . – Prafulla Kumar Sahu Jul 01 '17 at 05:19
  • Is `user_id` column the primary key of your table? – Rajdeep Paul Jul 01 '17 at 05:28
  • @PrafullaKumarSahu Thank you. I tried using that before the insert query but everything ran the same way it did before. Am I supposed to see an error alert somewhere? – Be Bo Jul 01 '17 at 05:29
  • you should see the query and you should try running the query directly in phpmyadmin. – Prafulla Kumar Sahu Jul 01 '17 at 05:31
  • try this $query = "INSERT INTO answers (user_id, ValueColumn) VALUES ('$id','$notevalue')"; – Prags Jul 01 '17 at 05:31
  • @Prags single quot can not parse variable . – Prafulla Kumar Sahu Jul 01 '17 at 05:33
  • Thank you so much for your help everyone. I don't even want to post what actually happened because it's so asininely stupid, but don't want to waste any more of your time on this issues. I didn't realize that only the first 100 rows of the MYSQL database were visible so it didn't appear as though it was updating....Alas, I am ashamed haha. Thank you so much for your time everyone! Sorry again – Be Bo Jul 01 '17 at 05:50
  • @BeBo In that case I would suggest you to delete this question, otherwise question with *unaccepted* answer will be floating around SO as *open* question. – Rajdeep Paul Jul 01 '17 at 06:04

1 Answers1

0

Execute and clear before the second query.

O you can try concating queries together using semicolon

$db->query("FIRST QUERY ; SECOND QUERY");

If you dont need the output of first query.

PDO multiple query

mysqli multiple query

might also help real_query

user2102266
  • 539
  • 3
  • 14