Data does not show up in the database when sent through php

Question

I'm new to php and dealing with databases. I have accomplished sending data from one arduino sensor to the database using PHP and XAMPP. My problem is sending data from multiple sensors.

The PHP code in file "write_data_w2"

<?php

$dbusername = "w123";  
$server = "localhost"; 

$dbconnect = mysqli_connect($server, $dbusername);
$dbselect = mysqli_select_db($dbconnect,"weather1");


$sql = "INSERT INTO weather1.weather (temperature, humidity, rain) VALUES ('".$_GET["temperature"].",".$_GET["humidity"].",".$_GET["rain"]."')";    


mysqli_query($dbconnect, $sql);
?>

I'm not using a password for the user "w123".

I wanted to check everything and tried inserting some made up data through browser with "http://localhost/write_data_w2.php?temperature=32&humidity=45&rain=N"

and nothing happens, no warnings, no errors, no data. The database stays empty.

The database is named "weather1" consists of 1 table named "weather" and 5 columns named: "id", "time", "temperature", "humidity", "rain".

Solved

As a user suggested I added the line:

mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);

which displayed some errors that I then solved.

I also had to modify "$sql" a bit:

$sql = "INSERT INTO weather1.weather (temperature, humidity, rain) VALUES ('".$_GET['temperature']."', '".$_GET['humidity']."', '".$_GET['rain']."')";

You want to read about [SQL Injection](http://php.net/manual/en/security.database.sql-injection.php), your program is **vulnerable**! — sticky bit, Sep 01 '18 at 16:40
You're only sending a single column value, so you will be getting an error somewhere. — Jonnix, Sep 01 '18 at 16:45
Which again is a problem you wouldn't have had with [parameter binding](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) — mario, Sep 01 '18 at 16:49

score 1 · Answer 1 · answered Sep 01 '18 at 16:49

Just a suggestion

You should avoid the user of var or $GET/POST value directly in sql you are at risk for sql injection anyway you should check for error adding a $mysqli_error meggage ..

  $dbusername = "w123";  
  $server = "localhost"; 

  $dbconnect = mysqli_connect($server, $dbusername);
  $dbselect = mysqli_select_db($dbconnect,"weather1");


  $sql = "INSERT INTO weather1.weather (temperature, humidity, rain) VALUES ('".$_GET["temperature"].",".$_GET["humidity"].",".$_GET["rain"]."')";    


  mysqli_query($dbconnect, $sql);

  // for check the erro  try add  


  if (!$mysqli_query(dbconnect, $sql)) {
      printf("Errormessage: %s\n", $mysqli_error);
  }

?>

Data does not show up in the database when sent through php

Solved

1 Answers1