Member Avatar for CreatorZeus

My Error info isnt being clear enough for me to understand the problemIs there anything worng here so i can continue on lookng for the probelm:

$sql = "INSERT INTO boards (
    title, genre, creator, tagline, intro, remessage, visability, recruitment, reqsheet, reqdice, reqgroup, ppweek)
    VALUES (
    $title, $genre, $creator, ". $tagline . ", $scene, $message, $vis, $rcrt, $sheet, $dice, $group, $ppw)";

    if ($conn->query($sql) === TRUE) 
    {
        echo "New record created successfully";
    } 
    else 
    {
        echo "<br>Error: " . $sql . "<br>" . $conn->error;
    }
  • 3 Contributors
  • 4 Replies
  • 412 Views
  • 1 Hour Discussion Span
  • Latest Post Latest Post by diafol

Recommended Answers

All 4 Replies

Member Avatar for diafol

Enclose fieldnames in backticks and non-numerical values (some of your variables) in single quotes.

Member Avatar for cereal

// ops! I just saw your reply Diafol! :D

Hi,

can you share the error with us? Also: are you using MySQLi or PDO? The former returns boolean TRUE for successful inserts, the latter instead will return an object and your IF statement would fail because you're using the identical comparison operator === rather than the equal comparison operator ==.

See:

Edited by cereal
Member Avatar for CreatorZeus

IT WORKED!
@diafol if you dont mind, can you tell me why i needed those? for future reference.

Member Avatar for diafol

OK. Sometimes fieldnames or tablenames for that matter share their names with reserved words:

https://dev.mysql.com/doc/refman/5.7/en/keywords.html

In this case, it could be ambiguous to the query parser, so we enclose fieldnames and tablenames in backticks.

Also, text-based fields, could break the query if they contained certain types of punctuation, especially commas. For this reason, all non-numericals are required to be enclosed with quotes.

It is vitally important that when you are using a bog-standard mysqli_query that all your variables are santized, or it could lead to SQL injection - very serious.

Consider using prepared statements, where this issue will not occur. I created a tutorial of various issues withregard to mysql here:

https://www.daniweb.com/programming/web-development/tutorials/499320/common-issues-with-mysql-and-php

I should state, that most examples use PDO, but mysqli has equivalents.

commented: +1 by the way, I missed that MySQLi in the title +14
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.