Not able to INSERT data to mysql database

Question

I am using AWS EC2
My Security Groups Inbound rules are :

Mysql User Tables is:

mysql> select user,host from mysql.user;

+------------------+-----------+
| user             | host      |
+------------------+-----------+
| debian-sys-maint | localhost |
| mysql.session    | localhost |
| mysql.sys        | localhost |
| root             | localhost |
+------------------+-----------+

I can access database by using SELECT, and able to print on php webpages.
The Problem is INSERT query.

Code is :

$queryb = "INSERT INTO contact_us (name,contact,email,message) 
           VALUES ('$_POST[contact_person]', 
                   '$_POST[mobile]',
                   '$_POST[email]',
                   '$_POST[messages]')";
if (mysql_query($queryb))
{
    $success='Thank You ';
}
else
{
    $error='Error Occured ! Try after sometime';
}

Need Suggestion !!!

Is the user who you are logged in with allowed to perform insert commands? — Lajos Arpad, Jun 14 '18 at 11:39
How did you determine that the system is "not able" to do something? Why don't you check for error codes? Most probably, [`mysql_query` is deprecated](https://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) — Nico Haase, Jun 14 '18 at 11:44
@NicoHaase Because it works fine at another server like godaddy and local server too — helpdoc, Jun 14 '18 at 11:51
If the above code works on other hosts, it's likely because you're running php 7+. Get [PHP errors to display](https://stackoverflow.com/questions/1053424/how-do-i-get-php-errors-to-display) and move away from that god awful method — IsThisJavascript, Jun 14 '18 at 11:53
And why don't you check for error codes if you assume that en error occurs? — Nico Haase, Jun 14 '18 at 12:46

score 2 · Answer 1 · answered Jun 14 '18 at 12:07

You will need to check at the error you get while trying to execute that statement. Let's see the problems and possible problems:

Rights

You will need to make sure the MySQL user you try to execute the query with has the necessary rights to do so. Try to hard-code an insert statement along with all parameters. Are you able to do so? Or do you get an error that you do not have the rights to do so?

Deprecation

mysql_ functions are deprecated. You will need to use either mysqli_ functions or PDO.

SQL Injection

Your code has high risks of security due to possibility of SQL Injection. You will need to escape your query via mysqli_real_escape_string or parameterize your query via PDO. If you do not do so, users will be able to damage your database if they want to hack your site, or even steal data.

XSS Injection

Your code has high risks of security due to possibility of XSS injection as well. You will need to make sure no scripts will be injected into your fields unless you explicitly want to allow that. XSS injection is a possible means to steal data from other users.

Is it message or messages

Check what is inside your $_POST["messages"]. Is it an array? If so, you try to use an array as a string and hence you get an exception.

Check your logs

You will need to check the server logs to find the exact problem you face. If server logging is not enabled, then you will need to enable it and run the PHP code again.