-2

So here I come with another problem. I can't push strings into mysql table. If I use numbers it works fine. If I try to insert text as value it works as well. No luck with text that was put in textboxes in html. 

$current_user = wp_get_current_user();
$hostname = "XXX";
$username = "XXX";
$password = "XXX";
$dbname= "XXX";
$connect=mysqli_connect($hostname, $username, $password, $dbname);
$sql="insert into wypozyczenia (czy_wypozyczony, sn, model) values (2,"
.mysql_escape_string($_POST['SN']).",
".mysql_escape_string($_POST['model']).")";
if ($current_user->ID=2)
{
?><form name="form" method="post" >
Model:</br>
<input type="text" name="model"></br>
Numer Seryjny</br>
<input type="text" name="SN"></br>
<input type="submit" name="button1"  value="Send">
</form>
<?php
if(isset($_POST["button1"])){
$model=$_Post["model"];
$SN=$_Post["SN"];
?> <pre><?php var_dump($_POST); ?></pre><?php
mysqli_query($connect,$sql);}}
Adam Dominiak
  • 1
  • 3
  • Do you get any error? Is your column of proper type? – barbsan Jan 04 '19 at 09:02
  • 4
    Please use [prepared statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). – Jeto Jan 04 '19 at 09:03
  • 1
    Please change to prepared statements.They are safer and will prevent you from making such errors (missing quotes around strings) – Jeff Jan 04 '19 at 09:04
  • Possible duplicate of [When to use single quotes, double quotes, and back ticks in MySQL](https://stackoverflow.com/questions/11321491/when-to-use-single-quotes-double-quotes-and-back-ticks-in-mysql) – Qirel Jan 04 '19 at 10:13

2 Answers2

4

Try adding single quote before the double quote, like the following:

$sql = "insert into wypozyczenia (czy_wypozyczony, sn, model) values (2, 
       '".mysql_escape_string($_POST['SN'])."',
       '".mysql_escape_string($_POST['model'])."')";
Arulkumar
  • 12,966
  • 14
  • 47
  • 68
Wylls
  • 91
  • 8
0

You can use sprintf for beauty code or learning prepare statement in PHP PDO

$sql = sprintf("insert into wypozyczenia (czy_wypozyczony, sn, model) values (2,'%s','%s')"
       ,mysql_escape_string($_POST['SN'])
       ,mysql_escape_string($_POST['model']));
Nguyên Ngô Duy
  • 348
  • 1
  • 7