0

I have the following code:

<?php
  include("phpconnect.php");

  $name = $_GET["name"];
  $date = $_GET["date"];
  echo $name;
  echo $date;

  $sql = "INSERT INTO main (name, visits, visitDate, lastVisit) 
  VALUES ('$name', '1', '$date', '$date')";

?>

When the code runs I get a message from phpconnect.php saying that it successfully connected. However, when I check the database there is no information in it. If anyone knows why this is happening or how I could fix it please let me know. Thanks!

Barbaros Özhan
  • 59,113
  • 10
  • 31
  • 55
kiozorg
  • 29
  • 4
  • perhaps you need to issue a `commit` at the end. – Barbaros Özhan Nov 04 '19 at 22:57
  • Probably not if a transaction was not initiated. Henry, we'll almost certainly need the code (minus credentials) in `phpconnect.php`, as well as what you're expecting to see in the database and what you actually see in there via your code, and what query you're using to check what is in the database. – zbee Nov 04 '19 at 23:02
  • 2
    @BarbarosÖzhan PHP doesn't require that, you're thinking of Python. – Barmar Nov 04 '19 at 23:13
  • 1
    You never actually execute the query, you just declare a string which contains it. Find a basic mysqli or PDO tutorial and/or read the official documentation which contains dozens of examples. And make sure you learn about prepared statements and parameterised queries in the process, because this code is currently vulnerable to SQL injection attacks (if the query ever gets executed!). – ADyson Nov 04 '19 at 23:13
  • I don't see a statement that insert data into the database. How do you expect the data to appear in the database? – Eric Nov 05 '19 at 01:04
  • Does this answer your question? [How to include a PHP variable inside a MySQL statement](https://stackoverflow.com/questions/7537377/how-to-include-a-php-variable-inside-a-mysql-statement) – Dharman Nov 05 '19 at 07:16

2 Answers2

0

The reason your code is not doing anything is because you haven`t actually executed it yet. Now assuming that the "phpconnect" file establishes a database connection for you. I suggest you check out this page in case you are using MYsqli check out this one.

If you have any further questions i`d be happy to help.

Code Cannibal
  • 5
  • 4
  • 1
    Whilst this may theoretically answer the question, [it would be preferable](//meta.stackexchange.com/q/8259) to include the essential parts of the answer here, and provide the link for reference. – Barmar Nov 04 '19 at 23:12
0

Your code creates an SQL command but doesn't send it to the database to execute. Exactly how it should do that depends on what happened in phpconnect.php. Assuming that the latter contains something along the lines of....

 <?php
 ...
 $dbh=mysqli_connect($host, $user, $pass, $database);
 ...

Then your script should end with...

 $result=mysqli_query($dbh, $sql); // this sends your command to the DBMS
 if (false===$result) {  // because you should always check the outcome
    print mysqli_error($dbh);
 } else {
    print "added " . mysqli_num_rows($result) . " rows";
 }
 mysqli_close($dbh); // not required but good practice

 ?>

You need to take some time to learn about SQL Injection before putting your code on the internet.

symcbean
  • 47,736
  • 6
  • 59
  • 94
  • I added the code you provided for the end of the script and it outputs `added rows` but nothing is added to the database. Any idea on why this could be happening? – kiozorg Nov 05 '19 at 01:41
  • whoops - should be mysqli_affected_rows($dbh). As to nothing being added to the database - the answer is in your log files / database. – symcbean Nov 05 '19 at 08:50
  • It is a very bad idea to use `print(mysqli_error($conn));` in your code, because it could potentially leak sensitive information. See this post for more explanation: [mysqli or die, does it have to die?](https://stackoverflow.com/a/15320411/1839439) – Dharman Nov 09 '19 at 23:31
  • It is a very bad idea not to instrument your code, if we were going to critique the code presented here, we'd be busy for a very long time. – symcbean Nov 10 '19 at 01:13