-1

I want to display the datas inserted by the user to be saved into 2 tables in the database. But this code is not working for me.

  $query = "INSERT INTO partnumber (Partnumber, Description, Min, Max) VALUES
        ('" . $_POST ["part"] . "', '" . $_POST["description"] . "', '" . $_POST["min"] . "', '" . ($_POST["max"]) . "')INSERT INTO forecast (Partnumber, Min, Max) VALUES 
        ('". $_POST ["part"] . "', '" . $_POST["min"] . "','" . ($_POST["max"]) . "')";

    $result = $db_handle->insertQuery($query);
    if(!empty($result)) {
        $error_message = "";
        $success_message = "Saved successfully!";   
        unset($_POST);
    } else {
        $error_message = "Problem in saving. Try Again!";   
    }

    $sql = "INSERT INTO forecast (Partnumber, Min, Max) VALUES 
    ('". $_POST ["part"] . "', '" . $_POST["min"] . "','" . ($_POST["max"]) . "')";

    $result = $db_handle->insertQuery($sql);
    if(!empty($result)) {
        $error_message = "";
        $success_message = "Saved successfully!";
    } else {
        $error_message = "Problem in saving. Try again!";
    }

The error was

Invalid query

Can someone help?

syera rasyad
  • 15
  • 6
  • 3
    Your first two queries don't have any delimiters to separate them. You'd benefit from splitting the two inserts. Also, please be aware that your code is **vulnerable** to [**SQL injection**](https://en.wikipedia.org/wiki/SQL_injection). You should use [**prepared statements**](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) to prevent this. You can refer to [**this post**](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) for further information on how to prevent SQL injection in PHP :) – Obsidian Age Dec 18 '17 at 00:58

1 Answers1

-1

Your first two queries are separated by anything and it is not understood by SQL. You can use multi queries. Here is an example: bool mysqli_multi_query ( mysqli $link , string $query ). You can read more about it here.

td_simpson
  • 52
  • 1
  • 4