0

Guys help me with this tried each and everything possible. created a html page in which there are four fields ID, Name, Age and location . I want to store the entered data into database when user clicks submit button. Although i am not getting any kind of error in this code but still data is not stored into the database.!

<?php 
$hn = 'localhost';
$db = 'sapata_php';
$un = 'root';
$pw = '';
$conn = new mysqli($hn, $un, $pw, $db);
if ($conn->connect_error) die($conn->connect_error);
    $Id   = $_POST['Id'];
    $Name  = $_POST['name'];
    $Age = $_POST['age'];
    $Location    = $_POST['location'];
    mysql_select_db('sapata_php');
     $query = "INSERT INTO 'info' ('Id', 'Name', 'Age', 'Location') VALUES ($Id, $Name, $Age, $Location)";
if(mysql_query($query))
 {
echo "<script>alert('INSERTED SUCCESSFULLY');</script>";
}
else
 {
 echo "<script>alert('FAILED TO INSERT');</script>";
}

 ?>
Eddy sapata
  • 121
  • 1
  • 10
  • 1
    FYI, [you shouldn't use `mysql_*` functions in new code](http://stackoverflow.com/questions/12859942/). They are no longer maintained [and are officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). See the [red box](http://php.net/manual/en/function.mysql-connect.php)? Learn about [*prepared statements*](https://en.wikipedia.org/wiki/Prepared_statement) instead, and use [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) - [this article](http://php.net/manual/en/mysqlinfo.api.choosing.php) will help you decide which one is best for you. – John Conde Jul 06 '17 at 19:03
  • 1
    Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). – John Conde Jul 06 '17 at 19:04
  • 1
    You're also mixing mysql and mysqli APIs which you cannot do – John Conde Jul 06 '17 at 19:04
  • 1
    You don't know what's wrong because you don't check for errors in your code. Never assume the code is always going to work flawlessly. Use [`mysqli_error()`](http://php.net/manual/en/mysqli.error.php) to get a detailed error message from the database. – John Conde Jul 06 '17 at 19:04
  • Thanks for your suggestion mate , this is my first experience working with database.! – Eddy sapata Jul 06 '17 at 19:06

0 Answers0