mysql_query does not work

Question

Can someone help me figure out why this code isn't working.

I am connected to the DB. This snippet is within php tags.

$result=mysql_query("INSERT INTO attendeeser (firstName, lastName, shirtSize, title, organization, emailAddress, q1, q2, q3, refId)
             VALUES ('$_POST[firstName]', '$_POST[lastName]', '$_POST[shirtSize]', '$_POST[title]', '$_POST[organization]', '$_POST[emailAddress]', '$_POST[q1]', '$_POST[q2]', '$_POST[q3]', 'NULL')");

I figured it out. I didn't have q3 as a field in the table.

What George Cummins says. Also: Your code is vulnerable to [SQL injection](http://php.net/manual/en/security.database.sql-injection.php) — Pekka, Jun 30 '11 at 15:10
have you checked generated query string or mysql error message? 'NULL' ? — Karoly Horvath, Jun 30 '11 at 15:11
Please always explain what exactly isn't working and what errors you get. Otherwise, everything people can do is guess. — Pekka, Jun 30 '11 at 15:12

score 4 · Answer 1 · answered Jun 30 '11 at 15:10

4

Yeah, someone probably entered a quote or something. DO NOT INSERT THIS WAY, you are wide open to SQL injection attacks.

Use PDO, or mysql_real_escape_string() at a minimum.

answered Jun 30 '11 at 15:10

Brad

159,648
54
349
530

could you suggest a better way? – swl1020 Jun 30 '11 at 15:11
1

@user821843, I suggested two ways already. Use PDO. http://www.kitebird.com/articles/php-pdo.html – Brad Jun 30 '11 at 15:11
1

@user see here for a full example of Brad's first suggestion: [Reference: What is a perfect code sample using the mysql extension?](http://stackoverflow.com/q/6198104) – Pekka Jun 30 '11 at 15:12

score 3 · Accepted Answer · answered Jun 30 '11 at 15:10

3

execute this

if(!mysql_query("INSERT INTO attendeeser (firstName, lastName, shirtSize, title, organization, emailAddress, q1, q2, q3, refId)
             VALUES ('$_POST[firstName]', '$_POST[lastName]', '$_POST[shirtSize]', '$_POST[title]', '$_POST[organization]', '$_POST[emailAddress]', '$_POST[q1]', '$_POST[q2]', '$_POST[q3]', 'NULL')")){
echo mysql_error();
}

that will display the error generated by mysql.

answered Jun 30 '11 at 15:10

Pheonix

6,049
6
30
48

didn't have q3 as a field in the table. Facepalm. – swl1020 Jun 30 '11 at 15:19
@user821843: If this answer helped you solve your problem, you can upvote it and mark it as accepted by clicking the checkbox beside it. This will reward Pheonix for his work on your behalf, and will help future users of the site find solutions to their own problems. – George Cummins Jun 30 '11 at 15:32

mysql_query does not work

2 Answers2