-5

When I run my code, the navegator show me that:

Notice: Use of undefined constant datos1 - assumed 'datos1' in C:\xampp\htdocs\formulario\conexion1.php on line 8

Warning: mysqli_select_db() expects exactly 2 parameters, 1 given in C:\xampp\htdocs\formulario\conexion1.php on line 8 No se pudo conectar a la base de datos Notice: Undefined index: Teachers_Name in C:\xampp\htdocs\formulario\conexion1.php on line 13

Notice: Undefined index: School_Name in C:\xampp\htdocs\formulario\conexion1.php on line 14

Notice: Undefined variable: Implementation_Quality in C:\xampp\htdocs\formulario\conexion1.php on line 15

Notice: Undefined variable: Implementation_Quality in C:\xampp\htdocs\formulario\conexion1.php on line 17

Fatal error: Uncaught Error: Call to undefined function mysql_query() in C:\xampp\htdocs\formulario\conexion1.php:19 Stack trace: #0 {main} thrown in C:\xampp\htdocs\formulario\conexion1.php on line 19

What I do?

<?php
$conexion = new mysqli("localhost", "root", "");

if(!$conexion){
echo "Conexión no exitosa";
} else {

$base= mysqli_select_db(datos1);
    if(!$base){
        echo "No se pudo conectar a la base de datos";
    }
 }
$Teachers_Name=$_POST['Teachers_Name'];
$School_Name=$_POST['School_Name'];
$Implementation_Quality['Implementation_Quality'];

$sql= "INSERT INTO datos_1 VALUES('$Teachers_Name', 'School_Name', 
'$Implementation_Quality')";

$ejecutar = mysql_query($sql);

if(!$ejecutar){
echo "Hubo algun error";
} else {
 echo "Datos guardados correctamente<br><a href='index.html'>Volver</a>";
}
?>
Dharman
  • 30,962
  • 25
  • 85
  • 135
Marinovsky
  • 37
  • 2
  • 8
  • 2
    You're mixing up `mysqli_*` and `mysql_*`, which are different libraries. MYSQL_* is deprecated and no longer available at PHP 7 or larger. – KhorneHoly Nov 15 '17 at 16:32
  • in here you must set name filed of your table..(You must specify your name field from your table)) $sql= "INSERT INTO datos_1 (filde1, filde2, filde3) VALUES('$Teachers_Name', 'School_Name', '$Implementation_Quality')"; – pedram shabani Nov 15 '17 at 16:35
  • 3
    You've posted a variety of different error messages, as well as code with a variety of different problems. The help you're looking for is in the form of introductory tutorials on PHP and MySQL. Google is a good place to find those. – David Nov 15 '17 at 16:35
  • @pedramshabani: That's not required if the supplied values successfully map to the table structure. (Though it's still a good idea to explicitly specify column names.) – David Nov 15 '17 at 16:36
  • Ok.Thank you David.i don't know it before...... – pedram shabani Nov 15 '17 at 16:39
  • 2
    @Marinowsky: Welcome to the StackOverflow community! As a programmer, it is imperative that you develop the skills needed to debug code that you've written. I strongly recommend you do a read of this https://ericlippert.com/2014/03/05/how-to-debug-small-programs/ and the information on the "how to ask" page. StackOverflow is a question answer site. And "Here's my code, it's not working, please help me!" isn't really a *question*. I've provided some tips in an answer, I hope you find it helpful. – spencer7593 Nov 15 '17 at 17:11

1 Answers1

1

Replace this:

$base= mysqli_select_db(datos1);

With this:

$base= mysqli_select_db($conexion,'datos1');

replace this:

$sql= "INSERT INTO datos_1 VALUES('$Teachers_Name', 'School_Name', '$Implementation_Quality')";

With this:

$sql= 'INSERT INTO datos_1 (col1, col2, col3) VALUES ( ?, ?, ? )';

Replace col1,col2 and col3 with the names of columns in the datos_1 table.
e.g. ... datos_1 (teacher_name, school_name, implementation_quality) VALUES ...

Note that this is a static string literal. There's no variable substitution. The question marks are bind placeholders which we will reference later.

Replace this:

$ejecutar = mysql_query($sql);

With this:

$sth = mysqli_prepare($conexion,$sql);
mysqli_stmt_bind_param($sth,'sss', $Teachers_Name, $School_Name, $Implementation_Quality);
$ejecutar = mysqli_stmt_execute($sth);

Don't mix mysql_ functions with mysqli_ functions. That won't work. (We shouldn't be using any mysql_ functions in new development; the mysql_ interface functions have been deprecated a long time ago, and are finally removed in newest versions of PHP.

Do NOT incorporate potentially unsafe values in SQL text. Use prepared statements with bind placeholders. (Or less optimally, properly escape any values that are incorporated into the text.)

Recommended:

Little Bobby Tables - Exploits of a Mom https://xkcd.com/327/

OWASP SQL Injection https://www.owasp.org/index.php/SQL_Injection

spencer7593
  • 106,611
  • 15
  • 112
  • 140