PHP script doesen't insert data in MySQL

Question

I've created this script to insert some data from PHP to MySQL, but it doesen't work, and I don't know why.

if (isset($_SESSION['userSession'])!="") {
  $session_created=1;
  $session_query = "SELECT * FROM users WHERE user_id=".$_SESSION['userSession'];
  $session_query_result = $DBcon->query($session_query);
  $user_row=$session_query_result->fetch_array();
}
  if(isset($_POST['create_post_button'])){
    $post_name = $DBcon->real_escape_string(strip_tags($_POST['post_title']));
    $post_content = $DBcon->real_escape_string(strip_tags($_POST['post_content']));
    date_default_timezone_set('Europe/Athens');
    $post_date=date("Y-m-d h:i:sa");
    $post_categ_id = $DBcon->real_escape_string(strip_tags($_POST['post_category']));
    $post_creator = $user_row['user_name'];
    $pass_flag=0;
    $error_msg_cp = "Posted!";
      $create_post_query = "INSERT INTO posts(post_name,post_content,post_date,
        post_categ_id,post_user_name) VALUES ('$post_name','$post_content','$post_date','
        $post_categ_id','$post_creator')";
        echo "<br><br><br><br>".$create_post_query;
        if($DBcon->query($create_post_query)){
          $error_msg_cp="Error, pug!";
        }
        echo $error_msg_cp;
  }

Thank you! Edit: The result of this code is: Even with ini_set('display_errors', 'stdout'); it doesen't display the error...

This is the structure of the posts table in MySQL:

no error message ? can't say and won't guess. Unless by reading in cards or crystal ball. first set errors to display on screen with `ini_set('display_errors', 'stdout');` — Pierre, Feb 24 '18 at 08:14
what is the value of `$_POST['create_post_button']`. Plus you need to nest that second If statement into the first or check `$user_row` exists — Coxeh, Feb 24 '18 at 08:18
Sorry, the screenshot is so small I didn't catch the request. It seems there's a space or newline before the `1` (post_categ_id), as @Syscall said — Pierre, Feb 24 '18 at 08:36

Syscall · Accepted Answer · 2018-02-24T08:50:14.517

Seems to have a newline in your integer field.

Change your query like this. Single quote around '$post_categ_id' has changed.

$create_post_query = "INSERT INTO posts(post_name,post_content,post_date,
  post_categ_id,post_user_name)
  VALUES ('$post_name','$post_content','$post_date',
          '$post_categ_id','$post_creator')";
  echo "<br><br><br><br>".$create_post_query;
  if (!$DBcon->query($create_post_query)){
      $error_msg_cp="Error, pug!";
  }

NB I suggest you to read this post How can I prevent SQL injection in PHP? to prevent your queries against SQL injections.

score -2 · Answer 2 · answered Feb 24 '18 at 08:15

-2

Change your insert query as follows, use '{$variable}' instead of '$variabe'

$create_post_query = "INSERT INTO posts(post_name,post_content,post_date,
        post_categ_id,post_user_name) VALUES ('{$post_name}','{$post_content}','{$post_date}','
        {$post_categ_id}','{$post_creator}')";

answered Feb 24 '18 at 08:15

Jayasanka Weerasinghe

155
7

1

don't think that will make the difference, php engine is smart enough to capture `$xxxx` until it encounters characters who can't be part of an identifier (and that's the case for `'`). I never user brackets in such case – Pierre Feb 24 '18 at 08:18
We can try for a better solution if you can provide your mysql error message. – Jayasanka Weerasinghe Feb 24 '18 at 08:21
There isn't a mysql error message. I've tried this INSERT in PhpMyAdmin and it worked. So i think that the problem comes from the php code. – Feb 24 '18 at 08:24
Try to change your date to $post_date = date('Y/m/d H:i:s'); – Jayasanka Weerasinghe Feb 24 '18 at 08:33

PHP script doesen't insert data in MySQL

2 Answers2