-3

I'm trying to create a PHP form where I can add values to a table in my database and this is my code:

<?php
  $host ="localhost";
  $db_nome = "my_farneseluca";
  $username = "farneseluca";

  // Create connection
  mysql_connect($host, $username) or die('Impossibile connettersi al server: ' . mysql_error());
  mysql_select_db($db_nome) or die ('Accesso al database non riuscito: ' . mysql_error());

  $table = $_POST['table'];
  $descr = $_POST['descr'];
  $certif = $_POST['certif'];

  $sql = "INSERT INTO $table (DESCRIZIONE, CERTIFICAZIONE) VALUES ('$descr', '$certif');";

  if ($con->query($sql) === TRUE) 
  {
    echo 'users entry saved successfully';
  }   
  else 
  {
    echo 'Error: '. $con->error;
  }

  mysqli_close($con);
?>

<form method="post" action="editdata.php" target="">
  Inserire tabella da modificare<br>
  <input type="text" name="table"><br>
  DESCRIZIONE<br>
  <input type="text" name="descr"><br>
  CERTIFICAZIONE<br>
  <input type="text" name="certif"><br>
  <input type="submit" value="Aggiorna">
</form>

When I click the "Aggiorna" button, the page gives this error:

Fatal error: Call to a member function query() on null in /membri/farneseluca/editdata.php on line 96

I tried to see in other posts or in google but i can understand what's the problem

Rory McCrossan
  • 331,213
  • 40
  • 305
  • 339
L. Farnese
  • 9
  • 4
  • 4
    What is `$con`, __where it is defined__? – u_mulder Mar 21 '19 at 15:50
  • 6
    mixing **mysql** and **mysqli** both on same code? – A l w a y s S u n n y Mar 21 '19 at 15:50
  • 3
    I would advise to use pdo anyway, not additionally though, stick to *one* library. – Jakumi Mar 21 '19 at 15:51
  • Possible duplicate of [Can I mix MySQL APIs in PHP?](https://stackoverflow.com/questions/17498216/can-i-mix-mysql-apis-in-php) – aynber Mar 21 '19 at 15:52
  • 2
    ...also, you should read up on [SQL Injection attacks](https://www.owasp.org/index.php/SQL_Injection). When you moved to either Mysqli, or the more commonly recommended PDO, then you should use parameterized prepared statements to help you prevent SQL injections. – M. Eriksson Mar 21 '19 at 15:55

1 Answers1

1

You tried to call query() on $con, but you haven't declared $con anywhere.

Fatal error: Call to a member function query() on null

Define $con:

 $con = mysqli_connect($host, $username) or die('Impossibile connettersi al server: ' . mysqli_error());
Rizki Hadiaturrasyid
  • 438
  • 4
  • 18