CODEWITHSUNDEEP
phphtmlmysql
manju
manju

Reputation: 161

unable to insert data into mysql using php

i know this is a beginner's question .I am working on a bloodbank database project with html,php and mysql. Here as an administrator,i am trying to send messages to users.At first i am trying to see if the user with the username is present in the database.if he is present i am inserting the username and messages into the table called usermessages But i am not able to insert the data.i am getting the message "message sent successfully",but in reality it is not getting updated in the database.So here is my code,i can assure all that no spelling mistake is present in database or in phpcode.

<?php
session_start();
$host="localhost"; // Host name 
$username="root"; // Mysql username 
$password=""; // Mysql password 
$db_name="bloodbank"; // Database name 
$tbl_name="users"; // Table name 
$tblname="usermessages"; 
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and messages is sent from form 
$username=$_POST['username']; 
$sql="SELECT * FROM $tbl_name WHERE username='$username'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

if($count==1)
{
$mysql="INSERT INTO tblname(username, messages)
VALUES
('$_POST[username]','$_POST[messages]')";
echo "Message Sent Successfully";
}
else
{
echo "No user with that username found in the database";
}

?>

Upvotes: 0

Views: 4160

Answers (2)

Awais Qarni
Awais Qarni

Reputation: 18006

Your query is good but you haven't executed it. Use mysql_query to execute your query.

Second please be careful about sql injection. Your code is shouting that come and hack me.

Upvotes: 0

GautamD31
GautamD31

Reputation: 28763

Try to execute the query 

$mysql="INSERT INTO $tblname(username, messages)
VALUES ('$_POST[username]','$_POST[messages]')";
$return = mysql_query($my_sql);
echo "Message Sent Successfully";

You just forgotted to execute this insert query

And my advice is dont use mysql_* functions as they are depricated,use either mysqli_* functions or PDO Statements,and while you are playing with the post variables try to escape them like

mysql_real_escape_string($_POST['messages']);

Upvotes: 3

Related Questions