1
$sql = "INSERT INTO `liftcentrale`(`timedate`,`vraagaanbod`, `date`, `from_place`, `to_place`, `name`, `email`, `gender`, `smoke`, `extra`, `freeyesno`, `price_euro`, `firsttimeryesno`, `seats_offered`)
VALUES (CURRENT_TIMESTAMP,\'$vraagaanbod\',\'$date\',\'$from_place\',\'$to_place\',\'$name\',\'$email\',\'$gender\',\'$smoke\',\'$extra\',\'$freeyesno\',\'$price_euro\',\'$firsttimeryesno\',\'$seats_offered\');";

echo $sql; //CHECK QUERY STRING

if ($conn->query($sql) === TRUE) {
  echo "New record created successfully";
} else {
  echo "Error: " . $sql . "<br>" . $conn->error;
}

I tried using phpMyAdmin to create php statements. Changed the single parentheses that phpMyAdmin created for 'normal' ones. Tried and tested over & again. Can't find a working solution otherwise would not be here. For some reason, I can not even see the query string.

Bas Freewheeler
  • 19
  • 3
  • What does `$conn->error` say? – Barmar Dec 13 '22 at 04:21
  • 2
    Welcome to Stack Overflow! Your script is vulnerable to [SQL Injection Attack](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). Even if [you are escaping variables, its not safe](https://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string%5D)! You should always use [prepared statements and parameterized queries](https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php) in either MYSQLI or PDO instead of concatenating user provided values into the query. – Barmar Dec 13 '22 at 04:22
  • You don't need to escape single quotes when you're using double quotes as the string delimiters. – Barmar Dec 13 '22 at 04:22
  • If you don't see the output of `echo $sql;` then you're probably getting a syntax error somewhere. Check your PHP error log on the server. – Barmar Dec 13 '22 at 04:24
  • What is the error? – Atena Dadkhah Dec 13 '22 at 04:29
  • try this: $sql = "INSERT INTO `liftcentrale`(`timedate`,`vraagaanbod`, `date`, `from_place`, `to_place`, `name`, `email`, `gender`, `smoke`, `extra`, `freeyesno`, `price_euro`, `firsttimeryesno`, `seats_offered`) VALUES (CURRENT_TIMESTAMP,'$vraagaanbod\','$date','$from_place','$to_place','$name','$email','$gender','$smoke','$extra','$freeyesno','$price_euro','$firsttimeryesno','$seats_offered')"; – Indrajeet Singh Dec 13 '22 at 04:36

2 Answers2

0

Try like this

$sql = "INSERT INTO `table_name` (`a`, `b`, `c`) VALUES (CURRENT_TIMESTAMP, '". $value1 ."', '". $value2 ."');";
Sankar Subburaj
  • 4,992
  • 12
  • 48
  • 79
  • I still get an error msg after using Sankar's solution, "Error: INSERT INTO `liftcentrale` (`timedate`, `vraagaanbod`, `date`) VALUES (CURRENT_TIMESTAMP, '', '');" – Bas Freewheeler Dec 13 '22 at 23:43
  • In the MySQL DB I use a column 'LiftID' which auto increments. I use a form with POST method and fields that I use with these lines: $name=($_REQUEST['name']); $email=($_REQUEST['email']); $date=($_REQUEST['date']); $from_place=($_REQUEST['from_place']); $to_place=($_REQUEST['to_place']); $vraagaanbod=($_REQUEST['vraagaanbod']); Hope together with Stack Overflow we can use this and provide a great service! – Bas Freewheeler Dec 13 '22 at 23:47
  • I found the error log, which has 'command not found' in every line. – Bas Freewheeler Dec 15 '22 at 19:03
  • php_error.log says: 'Undefined variable: mysqli' ?? something in my installation must have failed. But the setup log doesn't show errors. – Bas Freewheeler Dec 15 '22 at 19:05
  • mysql error log says 'Unknown database 'liftcentrale'' – Bas Freewheeler Dec 15 '22 at 19:14
0

Checking my error logs definitely helped, after I installed MAMP on my own laptop to see what these logs said. DB name was wrong, and the date format. I now can insert data into MySQL. Thanks for all the help!

Bas Freewheeler
  • 19
  • 3