-3

'I already searched this but didn't find any answer to this question. Actually, i want to add a data in my DB with a PHP / HTML Form. It's a method="post", and the data i have seems to be right.. But the insert simply doesn't work. Is my query bad ? Or it's something with the Data Base ?

The echo doesn't return me null values.

Thanks a lot for answering my question ! :) This is my code : 

$sport = $_POST['sport'];
$level = $_POST['level'];
$date = $_POST['date'];
$firsthour = $_POST['first'];
$lasthour = $_POST['last'];

echo "sport: " . $sport . " Level" . $level . " Date ". $date . " first hour" . $firsthour. " last hour " . $lasthour;

$connexion = mysqli_connect("localhost", "root", "", "database");
$reqadd = "insert into commandes ('name', 'id_sport', 'id_niveau', 'date', 'heure_début', 'heure_fin') values ('Amendera Lochan','$sport','$level','$date','$firsthour':00,'$lasthour':00)";
echo $reqadd;
mysqli_query($connexion, $reqadd);
Aliënor
  • 5
  • 4
  • Do you have any error messages that you can post with this, by any chance? – Martin May 27 '18 at 11:18
  • 1
    Never concatenate SQL strings, especially from data sent by the user. Learn to use parameters immediately. They will make things a lot easier and safer. And check for errors when executing queries. They will immediately show you the error. – Sami Kuhmonen May 27 '18 at 11:21
  • don't use single quote for column name .. – ScaisEdge May 27 '18 at 11:23
  • [when-to-use-single-quotes-double-quotes-and-back-ticks-in-mysql](https://stackoverflow.com/questions/11321491/when-to-use-single-quotes-double-quotes-and-back-ticks-in-mysql) – Paul Spiegel May 27 '18 at 11:49
  • [how-can-i-prevent-sql-injection-in-php](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Paul Spiegel May 27 '18 at 11:50
  • Possible duplicate of [When to use single quotes, double quotes, and back ticks in MySQL](https://stackoverflow.com/questions/11321491/when-to-use-single-quotes-double-quotes-and-back-ticks-in-mysql) – Nick May 27 '18 at 12:15
  • I have downvoted this because your code contains no exception handling. You can't expect to get stuff like this to work if you don't check for exceptions and look at returned error messages. If it can go wrong, it will go wrong. Especially while you're still developing it. – MandyShaw May 27 '18 at 12:52
  • You can also think about this : am I new to PHP? Maybe I dont know how to check for exceptions, because, where i'm studying at, they didn't learn how to do it. That's why i posted it : i checked if the variables was null, but actually, don't know how to check for exceptions when executing a query. I'm actually looking for it on web to do it But thanks for the advice, even if it's with a downvote XD Thanks all for the links ! I'm going to prevent sql injection by the way, and i read the first link. At the moment, it doesn't work yet, but i'm going to continue my research. – Aliënor May 27 '18 at 14:14
  • Fair enough, would reverse if SO would let me (it won't), but nonetheless in my view you /always/ need to do appropriate exception handling from the start if you are to get your code working quickly- google will provide examples in relation to mysqli. (This is not about php, it is a general principle of software development.) – MandyShaw May 27 '18 at 17:01

1 Answers1

0

you should wrap your column name with this " ` ",like below :

$sport = $_POST['sport'];
$level = $_POST['level'];
$date = $_POST['date'];
$firsthour = $_POST['first'];
$lasthour = $_POST['last'];

echo "sport: " . $sport . " Level" . $level . " Date ". $date . " first hour" . $firsthour. " last hour " . $lasthour;

$connexion = mysqli_connect("localhost", "root", "", "database");
$reqadd = "INSERT INTO commandes (`name`, `id_sport`, `id_niveau`, `date`, `heure_début`, `heure_fin`) values ('Amendera Lochan','{$sport}','{$level}','{$date}','{$firsthour}','{$lasthour}')";

mysqli_query($connexion, $reqadd);
Aqil
  • 104
  • 10