-1

I have one question. How can I insert data into a SQL?

Where is a Variable and String?

The problem starts in text: upload/photos/ . date("Y")...

Example code:

$sql = "INSERT INTO Users (post_id, user_id, postText, postFile , postPrivacy, time)
VALUES ('0', '$getid', '$b', 'upload/photos/ . date("Y") . / . date("m") . / . $c', '0', '$timer')";
Amit Gupta
  • 2,771
  • 2
  • 17
  • 31
Zdeněk Grůza
  • 13
  • 5

1 Answers1

-1

try to put compound variables in single variable and pass it to query and use null instead of 0 .

$photo = 'upload/photos/' . date("Y") . '/' . date("m") . '/' . $c;

$sql = "INSERT INTO Users (post_id, user_id, postText, postFile , postPrivacy, time)
VALUES ('null', '$getid', '$b', '$photo', 'null', '$timer')";
samehanwar
  • 3,280
  • 2
  • 23
  • 26
  • 3
    I'm not sure why you assume that `null` would be better than `0`; let alone the string `'null'`, which is almost certainly not what anyone wants. Also, it's extremely likely that some of these variables have come from user input of some sort, so this is wide open to SQL injection. – IMSoP Dec 14 '17 at 17:01
  • @IMSoP i assumed that the questioner has the field post_id a primary key and auto_increment and so it will not accept the 0 value. – samehanwar Dec 14 '17 at 17:04
  • exactly how you write it is so. I have to assign numbers to> $update = "UPDATE Users SET post_id=id"; – Zdeněk Grůza Dec 14 '17 at 17:06
  • @samehanwar In that case, the correct thing is not to mention that column in the INSERT list at all, so that it receives a default value. In any case, you meant `null` (the SQL keyword for "unknown value"), not `'null'` (with quotes, a 4-character string containing the letters `n` `u` `l` and `l`). The OP made the same mistake writing `'0'` instead of `0`. – IMSoP Dec 14 '17 at 17:45