0

I've been inserting entries into a database using PHP for about a year now, then all of a sudden today they stop inserting. I can't work out why. Nothing has changed (as far as I know anyway!) Can anyone tell me what's wrong please:

include('db_functions.php');
connect_to_db();
$query="insert into mixtable (date, djname, title, description, music, tracklist, deleted) values ('".$date."','".$djname."','".$title."','".$description."','".$music."','".$tracklist."', 0)";
$result=mysql_query($query);

if(mysql_affected_rows()==1){
Header("Location:admin.php?op=admin&mix=added&news=null");
}
else{
    die("there was a problem");
}

The db_functions work fine, I know this because on another page I call up the database info using the db_functions and it works fine. All of the variables exist as do the table entries. Like I said, this has been working fine for about a year now.

The problem I get is the "there was a problem" error. I've tried showing all errors, but that doesn't show anything either. I can't work out what it is. Any ideas?

Thanks in advance.

nutman
  • 569
  • 3
  • 9
  • 22
  • 6
    You are not doing any error checking. How do you expect to be told of what goes wrong? See `mysql_error()` and for full reference: [Reference: What is a perfect code sample using the mysql extension?](http://stackoverflow.com/q/6198104) – Pekka Nov 18 '11 at 10:52
  • thanks Pekka. I was doing php error checking like a noob. After doing sql error checking I found out the problem was because there were a couple of apostrophes in the info. I've used apostrophes in the info before though, so why the errors now? any idea? – nutman Nov 18 '11 at 10:58
  • the reason may be this: http://php.net/manual/en/security.database.sql-injection.php – Pekka Nov 18 '11 at 11:07
  • Answer your own question, explain what went wrong, and accept it. – Gustav Bertram Nov 18 '11 at 11:10

3 Answers3

0

try to put "date" in single-quotes because date is a keyword in the current version of MySQL. The error might have happened because of database version upgrade (probably from 4 to 5).

belgther
  • 2,544
  • 17
  • 15
0

There are few things which you need see.

-> See the below query

"insert into mixtable (date, djname, title, description, music, tracklist, deleted) values ('{$date}','{$djname}','{$title}','{$description}','{$music}','{$tracklist}', 0)";

When you are using double quote you need not use "." to append strings.

-> From the above explanation its quite clear that your query is not executing, try echoing the query and check it in sql editor you should be able to debug it quickly.

Raghunath
  • 61
  • 1
  • 5
  • While you're perfectly correct, I find concatenating the strings easier to read (and I also tend to sanitize my values in the query string itself, ie VALUES(".dbs($date)." ...). – Grim... Nov 18 '11 at 12:33
0

If your table has an auto-increment ID, have you got to the maximum number allowed in that field?

Grim...
  • 16,518
  • 7
  • 45
  • 61