CODEWITHSUNDEEP
phpmysqlinsert
Christian
Christian

Reputation: 111

MySQL INSERT INTO doesn't do anything - not even error

I have this query:

mysql_query("INSERT INTO `63_Activity` (`username`, `time`) VALUES (`$usernann2`, `$date`)");

However, it doesn't do anything. Even when I tried correcting the variables to

". $variable ."

I checked the variables.

I copied the little line of code from somewhere it works.

The database and tables are existing.

I just thought I had things under control, then that happened -.-

Thank you in advance.

PS: I tried adding or die() - but no error. Nothing.

Upvotes: 0

Views: 137

Answers (3)

Desirea Herrera
Desirea Herrera

Reputation: 431

You would be better off using Paramaterized queries as in the following example:

 <?php

try {
    $usernann2 = "whateverUsernameFits";
    $date = new DateTime('2000-01-01');
    $stmt = $this->db->prepare ( "INSERT INTO 63_Activity (username, time) VALUES (:usernann2, :date)");
    $stmt->bindParam ( ':usernann2', $usernann2 );
    $stmt->bindParam ( ':date', $date );        
    $stmt->execute ();
}catch ( PDOException $e ) 
        {
            throw new Exception ( $this->db->errorInfo () . 'Problem inserting object ' );
        } catch ( Exception $e ) {
            throw new \Exception ( 'Problem inserting object ' );
        }

        ?>

Bound parameters are a staple in preventing SQL Injection attacks. The exceptions thrown would give you a clue as to what might be the problem in your query if there is one. I normally check the query first to make sure it's working with real values. From there it is a process of elimination.

PS. https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet for more information on SQL Injection. You should also be able to find some excellent information and questions here on Stackoverflow regarding SQL Injection.

Upvotes: 0

omars
omars

Reputation: 8694

try to put the query in a variable and echo it, and see if anything wrong, try to run it on php my admin also

Upvotes: 0

jprofitt
jprofitt

Reputation: 10964

Values need to be in single quotes ('), not backticks (`)

mysql_query("INSERT INTO `63_Activity` (`username`, `time`) VALUES ('$usernann2', '$date')");

You should also make sure you're sanitizing your inputs, as well as preferably not using the mysql_ functions in place of mysqli_

Upvotes: 1

Related Questions