I can't upload text to Mysql with php

Question

I am trying to create a comment board. Here is my table create by PHPMyAdmin

I set the guestID as primary key and auto-increment, but every time I trying to input a new guest name by php, it only could create a new column with a new ID but without the name.

Here is my code:

<?php
mysql_connect("localhost","root","root");
mysql_select_db("guest");
mysql_query("set names utf8");

$guestName=$_POST['guestName'];


mysql_query("insert into guest value(`guestID`, `guestName`)");


?>
<!DOCTYPE html>


<body>
<div class="container">
<div class="top">
<h3>New comment</h3>
</div>
<form id="form1" name="form1" method="post" action="" class="form-horizontal">
    <div class="form-group">
        <label for="guestName" class="col-sm-4 control-label">Name：</label>
        <div class="col-sm-6">
            <input type="text" class="form-control" placeholder="guestName" name="guestName" id="guestName" />
        </div>


    <div class="button">
        <input type="submit" name="button" id="button" value="send" class="btn"/>
    </div>
</form>

Barmar · Answer 1 · 2017-10-14T07:38:26.550

You're not substituting the value of the variable into the query. And the keyword before the list of values is values, not value.

$guestName = mysql_real_escape_string($_POST['guestName']);

mysql_query("insert into guest (guestName) values ('$guestName')");

And notice that you must use single quotes around the string, not backticks. See When to use single quotes, double quotes, and backticks in MySQL

You should also upgrade to mysqli or PDO and use prepared statements instead of the obsolete mysql extension. But if you use mysql, you should escape user input to prevent SQL injection.

Himanshu Upadhyay · Answer 2 · 2017-10-14T07:40:11.903

0

As you have set Primary key and Autoincrement for guestID field then don't use it in insert query because it will get increment values automatically when you will insert a new row. And the other mistake you made is, You have not passed column names.

$guestName=$_POST['guestName'];


mysql_query("insert into guest (guestName) value(".$guestName.") ");

In above mentioned query, notice that there are two brackets, first is for column names, and in the same sequence you need to write values' bracket.

edited Oct 14 '17 at 07:40

answered Oct 14 '17 at 07:37

Himanshu Upadhyay

6,558
1
20
33

Thank you very much – seamas zhou Oct 14 '17 at 07:38
Backticks are wrong. See https://stackoverflow.com/questions/11321491/when-to-use-single-quotes-double-quotes-and-backticks-in-mysql – Barmar Oct 14 '17 at 07:39
@seamaszhou, happy to help. You may accept the answer. – Himanshu Upadhyay Oct 14 '17 at 07:39
yes @Barmar, I forgot to remove them. I just updated my answer. – Himanshu Upadhyay Oct 14 '17 at 07:40
Now it's wrong because you don't have any quotes around the string. – Barmar Oct 14 '17 at 07:42

I can't upload text to Mysql with php

2 Answers2