Text not updating onto sql database

Question

I'm currently trying to create a comment section on my website. The code is almost done but I have run into an issue. When submiting the text, it is not going to my database. Here is the code to take the text and send it to MySQL database.

<?php
include 'dbh.inc.php';

function setComments($conn) {
     if(isset($_POST['commentSubmit'])){
        $uid = $_POST['uid'];
        $date = $_POST['date'];
        $message = $_POST['message'];

        $sql = "INSERT INTO comments (uid, date, message) VALUES ('$uid, 
$date, 
$message')";
        $result = $conn->query($sql);

    }


}

If you could provide me with an answer that would be great.

This is unrelated but you better get the date from the server to prevent manipulation of comment date in the browser e.g. writing a comment last or next week. — USER249, Jun 10 '18 at 22:59

Fawzan · Accepted Answer · 2018-06-10T23:50:13.020

You have wrong quotation marks around the values. You need to quote around each individual variable in the $sql string.

<?php
include 'dbh.inc.php';

function setComments($conn) {
    if(isset($_POST['commentSubmit'])){
        $uid = $_POST['uid'];
        $date = $_POST['date'];
        $message = $_POST['message'];

        $sql = "INSERT INTO comments (uid, date, message) VALUES ('$uid', 
'$date', 
'$message')";
        $result = $conn->query($sql);

    }


}

NOTE: Use parametrized queries. Read this post about sql injection.

Text not updating onto sql database

1 Answers1