mysqli_insert_id() through functions file

Question

Hello i have build a PHP file which is adding entries in a mysql database. My php call an include function file to add data (function sqlQuery)

I'm using incermental ID and i'd like to get the Id number just created. i'm trining unsing mysqli_insert_id() but it did not reply anything

my php file :

$query = "INSERT into publis (entry, bibTex";
  
foreach($fields as $field)
    if (isset($_GET["$field"]))
        $query .= ", $field";

    $query .= ") VALUES ('$_GET[entry]', '$bibTex'";
    foreach($fields as $field)
        if (isset($_GET["$field"]))
            $query .= ", '".LaTeXToIso(addslashes($_GET["$field"]))."'"; // Ajout de addslashes par Vincent le 26 juillet 2017
    $query .= ")";
    
    debug($query);
    sqlQuery($query);
    $id = mysqli_insert_id();

my function "sqlQuery" (in an other file funtions.php)

function sqlQuery($query)
{
    $database="basilic";
    $host="localhost";
    $name="xxx";
    $password="xx";
  
    if (!$link = mysqli_connect($host, $name, $password)){
        $msg = "Unable to connect to mySQL server\nHost=$host, Name=$name\n";
        sendMessage($msg);
        die($msg . "Administrator has been warnedb prb connexion.");
    }
  
    if (!mysqli_select_db($link, $database)) {
        sendMessage("Unable to select $database mySQL database");
        echo("Unable to select mySQL database. Administrator has been warned.");
        die("</body>\n</html>\n");
    }
    
    if ($result = mysqli_query($link,$query))
        return $result; 
    else {
        sendMessage("Invalid sql query : $query");
        echo("Invalid Sql query. Administrator has been warned\n");
        echo("Debug : Invalid Sql query : <br />\n<code>$query</code>\n");
        die("</body>\n</html>\n");
    }
}

the entry is well created in the database Can you help me to get this ID
thanks a lot and sorry for my english

try to get the last ID created

https://www.php.net/manual/en/mysqli.insert-id.php - you need to pass the connection object into the function. This should have generated a warning — ADyson, Aug 09 '23 at 09:32
Your script is open to [SQL Injection Attack](http://stackoverflow.com/questions/60174). Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187) You should always use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) in either the `MYSQLI_` or `PDO` API's instead of concatenating user provided values into the query. Never trust ANY user input! This will also remove the unescaped character issue like a `'` in a text string like `O'Neal'`. — RiggsFolly, Aug 09 '23 at 09:32
Good code indentation and layout ___is for life, not just for Christmas___ and would help us read the code and more importantly it will help **you debug your code** [Take a quick look at a coding standard](https://www.php-fig.org/psr/psr-12/) for your own benefit. You may be asked to amend this code in a few weeks/months and you will be glad you took the time in the end. — RiggsFolly, Aug 09 '23 at 09:35
If you are using PHP < 8.0, to get errors out of PHP _even in a LIVE environment_ add these 4 lines **temporarily, while debugging**, to the top of any `MYSQLI_` based script you want to debug `ini_set('display_errors', 1); ini_set('log_errors',1); error_reporting(E_ALL); mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);`. This will force any `MYSQLI_` errors to generate an Exception that you can see on the browser as well as normal PHP errors. — RiggsFolly, Aug 09 '23 at 09:36
General Rule: Make the connection to the database in the main flow of the code, if a function requires access to the database, pass the connection `$link` in your case to the function as a parameter. — RiggsFolly, Aug 09 '23 at 09:43

mysqli_insert_id() through functions file

0 Answers0