Insertion query in sql php function

Question

i'am beginner in php and i have problem in insertion query

if(isset($id)){
$qry = "insert into user_to_birds(user_id,tax_id)values( 1 ,'.$id .') ";
 $result = mysql_query($qry);
        }

I'am connected to the database but the query didn't work.

Why it is not working? how can i correct it?

Answer 1

You have some confusion in quotes: your string in " ", your sql value in ' ', but when you concatenate you need to close your string and write dot and variable, after this you need write dot, open string quotes again and write text if it needed. Your mistake - you didn't close string (") before concatenation and this leads to misinterpretation of the code. In this case your code will look like:

$qry = "insert into user_to_birds(user_id,tax_id)values( 1 ,'" .$id ."') ";

But you can not use concatenation,you can do it simply: PHP allows write your variable $id in string, without use concatenation:

$qry = "insert into user_to_birds(user_id,tax_id)values( 1 ,'$id') ";

Answer 2

Don't create queries this way. It is very vulnerable to SQL injection. Use a prepared statement instead. A prepared statement is precompiled, hence will not be subject to SQL injection.

$id = 99;
$tax = 8;
$stmt = $mysqli->prepare("insert into user_to_birds(user_id,tax_id)values(?,?)"));
$stmt->bind_param("ii", $user, $tax);
$stmt->execute();
.. work on it ..
$stmt->close();

ii stands for two integers. After that first part of the binding, telling which type of variables you use in which order, can you add the values of those variables to the statement. The values will be escaped automatically using this method.

Answer 3

As others have said, it looks like you're not using string concatenation correctly in your query. Try changing your query to something like:

$qry = "INSERT INTO user_to_birds (user_id,tax_id) VALUES ( 1 ,'$id') ";

Another possibility is that your $id variable isn't set. Try printing out the variale before doing the isset() check and that will tell you if you need to look at an earlier point in your code.

Finally, I'd recommend you look at mysqli functions rather than mysql.

http://php.net/manual/en/book.mysqli.php

Answer 4

For how to insert into there's a nice article here

http://www.w3schools.com/php/php_mysql_insert.asp

INSERT INTO table_name (column1, column2, column3,...) VALUES (value1, value2, value3,...)

//not sure if this will make a difference buy i would try a space between tax_id) and values(

also, im not sure if the way youve done it is wrong but i would have written like this

if(isset($id))
{
$qry = "insert into user_to_birds (user_id, tax_id) 
        values( '1' ,'".$id ."') ";

 $result = mysql_query($qry);
}

look at string concatination aswell either have " ' ' ".$variable." ' ' ";
in that fashion

Answer 5

I think your single quotes should be double quotes:

$qry = "insert into user_to_birds(user_id,tax_id )values( 1 ,".$id .") ";

You are confusing strings in PHP with strings in SQL (which is, admittedly, easy to do).

Answer 6

if(isset($id)){
$qry = "insert into user_to_birds(user_id, tax_id)values('1','$id') ";
 $result = mysql_query($qry);
        }

Work like a charm.