0

For some strange reason I cannot insert a username into the database, but when I change the value into any integer it works once I click like, it works. 

$postid = $_POST['postid'];
$userid = $_GET['username'];
$result = mysqli_query($dbh,"SELECT * FROM user_images WHERE id=$postid");
$row = mysqli_fetch_array($result);
$n = $row['likes'];
mysqli_query($dbh,"INSERT INTO likes(username, postid) VALUES($userid, $postid)");
mysqli_query($dbh,"UPDATE user_images SET likes=$n+1 WHERE id=$postid");
echo $n+1;
exit();
Carrie Shower
  • 11
  • 4
  • You are open to SQL injections, which also is the reason why the strings fail to insert (although you could correct that another way). You also don't need `$n` just use the column value in the `update`. – chris85 Nov 11 '17 at 17:24
  • First breakdown the code to better debugging, Check what is the result of that query in PHPMYADMIN or adminer and do var_dump() all variables like row and $n – Thamaraiselvam Nov 11 '17 at 17:25
  • You're fetching the parameters that you want to insert from `$_GET` and from `$_POST` - it should be the same for both depending on how you do the actual request (otherwise one of them will be empty). Or use the `$_REQUEST` collection to retrieve them. – zefixlluja Nov 11 '17 at 17:25
  • mysqli_query($dbh,"INSERT INTO likes(username, postid) VALUES('$userid', '$postid')"); – John Doe Nov 11 '17 at 17:27
  • Thank you so much! – Carrie Shower Nov 11 '17 at 17:33

0 Answers0