0

I'm trying to insert some data into my mysql database. The connection is working fine but im having a problem with sending the query correctly to the database. Below you can find the code in my php file. I also post what for type of fields they are in the Database.

Fields in the mysql database:
Reservaties_id = int
Materialen_id = int
aantal = int
effectief_gebruikt = tinyint
opmerking = Varchar2
datum_van = date
datum_tot = date


$resID = $_REQUEST['resID'];
    $materialen_id = $_REQUEST['materialen_id'];
    $aantal = $_REQUEST['aantal'];
    $effectief_gebruikt = $_REQUEST['effectief_gebruikt'];
    $opmerking = $_REQUEST['opmerking'];
    $datum_van = date('YYYY-MM-DD',$_REQUEST['datum_van']);
    $datum_tot = date('YYYY-MM-DD',$_REQUEST['datum_tot']);



            $string = "INSERT INTO `materialen_per_reservatie`(`reservaties_id`, `materialen_id`, `aantal`, `effectief_gebruikt`, `opmerking`, `datum_van`, `datum_tot`) VALUES ($resID, $materialen_id, $aantal, $effectief_gebruikt, '$opmerking', $datum_van, $datum_tot)";
            mysql_query($string);
Cœur
  • 37,241
  • 25
  • 195
  • 267
Jimmy Geers
  • 670
  • 1
  • 13
  • 31

3 Answers3

1

Your code has some serious problems that you should fix. For one, it is not doing any error checking, so it's no surprise the query breaks silently when it fails. Check for errors and it will tell you what goes wrong - how to do it is outlined in the manual on mysql_query() or in this reference question.. Example:

$result = mysql_query($string);

// Bail out on error 
if (!$result)  
  { 
    trigger_error("Database error: ".mysql_error(), E_USER_ERROR); 
    die();
   }

In this specific case, I'm fairly sure it's because you are not putting your values into quotes after the VALUES keyword.

Also, the code you show is vulnerable to SQL injection. You need to escape every value you use like so:

$resID = mysql_real_escape_string($_REQUEST['resID']);

for this to work, you need to put every value in your query into quotes.

Community
  • 1
  • 1
Pekka
  • 442,112
  • 142
  • 972
  • 1,088
1

you have to include single quotes for the date fields '$dataum_van'

$string = "INSERT INTO `materialen_per_reservatie`(reservaties_id, materialen_id, aantal, effectief_gebruikt, opmerking, datum_van, datum_tot) VALUES ($resID, $materialen_id, $aantal, $effectief_gebruikt, '$opmerking', '$datum_van', '$datum_tot')";

and this is only a example query, while implementing don't forget to sanitize your inputs

Manigandan Arjunan
  • 2,260
  • 1
  • 25
  • 42
0

try this

$string = "INSERT INTO `materialen_per_reservatie`(`reservaties_id`) VALUES ('".$resID."')";
最白目
  • 3,505
  • 6
  • 59
  • 114