PHP SQL: I cant transfer data from 1 table to another table in database sql using UI button in php file

Question

I'm trying to add a personal contact from the general contacts db table

A user will click the EDIT button then they will view the info before deciding to add it into the personal contact.

I think my problem is that my PHP code can't enter the SESSION name of the logged in user in my SQL INSERT INTO Statement.

Here is the SQL code

WEBPAGE

PHP CODE

if (isset($_POST['add'])) {
    $user                   = $_POST['u_username']; 
    $contact_username       = $_POST['contact_username'];
    
    
    $savesql2 = "INSERT INTO personal_contacts (id,contact_username, u_username) 
    VALUES ( '$id','$contact_username', '$user')";

    mysqli_query($db, $savesql2); 

    $_SESSION['message'] = "Contact saved"; 
    header('location: index.php');
    

}

Please post code, not images. If you're editing it should be an `update`, not an `insert`, no? I also don't see `$id` being set so that could be an issue. Looks like there isn't error reporting being used. — user3783243, Jul 26 '20 at 12:17
yes, i am still a newbie in php coding i'm still learning how to use those — Struggling Coder, Jul 26 '20 at 12:23
Also use [prepared statments to avoid SQL injections](https://stackoverflow.com/a/60496/1066240) — biesior, Jul 26 '20 at 12:33
While developing, always add this to the very top of your script (or config include): `ini_set('display_startup_errors', true); ini_set('display_errors', true); error_reporting(E_ALL);`, and if working with mysqli, add `mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);`. — IncredibleHat, Jul 26 '20 at 12:43

score -1 · Answer 1 · answered Jul 26 '20 at 16:31

Your code

$savesql2 = "INSERT INTO personal_contacts (id,contact_username, u_username) 
VALUES ( '$id','$contact_username', '$user')";

assumes that there is an $id, a $contact_username and a $user variable. While $contact_username and $user exists indeed, $id is not defined which will lead to troubles. If $id is automatically set by your table, then you can do the following:

$savesql2 = "INSERT INTO personal_contacts (contact_username, u_username) 
VALUES ( '$contact_username', '$user')";

If not, then you will need to properly set $id as well.

IMPORTANT

Your code is vulnerable to SQL injection, please read about it and refactor your code to make it more secure.

Can someone point out why this answer has been downvoted? Thanks! — Lajos Arpad, Jul 26 '20 at 19:32

PHP SQL: I cant transfer data from 1 table to another table in database sql using UI button in php file

1 Answers1