CODEWITHSUNDEEP
phpmysql
Sami Khoury
Sami Khoury

Reputation: 28

Couldn't execute query

I wrote this simple php code to insert information into a databse:

$cxn = mysqli_connect($host,$user,$password,$database)
        or die ("Couldn't connect to server.");
$username = $_POST['username'];
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email = $_POST['email'];
$password = md5($_POST['password']);
$gender = $_POST['gender'];
$age = $_POST['age'];
$query="INSERT INTO users(username,firstname,lastname,email,password,gender,age) VALUES($username,$firstname,$lastname,$email,$password,$gender,$age)";
$result = mysqli_query($cxn,$query)
            or die ("Couldnt't execute query.");

Why isn't the query being executed ??

Upvotes: 0

Views: 1827

Answers (3)

woofmeow
woofmeow

Reputation: 2408

Can't say what error you are getting but try using the insert statements with single quotes like this 

$query="INSERT INTO users(username,firstname,lastname,email,password,gender,age) VALUES('$username','$firstname','$lastname','$email','$password','$gender','$age')";

Also prevent SQL injection (very important!!).

Upvotes: 1

peterm
peterm

Reputation: 92785

You have to use quotes around string values

Change 

$query="INSERT INTO users(username,firstname,lastname,email,password,gender,age) 
        VALUES($username,$firstname,$lastname,$email,$password,$gender,$age)";

to

$query="INSERT INTO users(username,firstname,lastname,email,password,gender,age) 
        VALUES('$username','$firstname','$lastname','$email','$password','$gender','$age')";

On a side note: Interpolating query strings and not sanitizing user input is a wide open door for SQL injections. Please learn and use prepared statements instead.

With prepared statement your code might look like

...
$query="INSERT INTO users(username,firstname,lastname,email,password,gender,age) 
        VALUES(?,?,?,?,?,?,?)";

// Prepare statement
if (!($stmt = $cxn->prepare($query))) {
    echo "Prepare failed: (" . $cxn->errno . ") " . $cxn->error;
}
// Bind parameters
if (!$stmt->bind_param("sssssss", $username,$firstname,$lastname,$email,$password,$gender,$age)) {
    echo "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error;
}
// Execute query
if (!$stmt->execute()) {
    echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
}

Upvotes: 5

Gordon Linoff
Gordon Linoff

Reputation: 1269873

Your query looks like:

INSERT INTO users(username,firstname,lastname,email,password,gender,age) 
    VALUES($username,$firstname,$lastname,$email,$password,$gender,$age)

In all likelihood, many values are strings, so they need to be surrounded by single quotes. And, in all likelihood, the variables themselves don't have the single quotes in them. Of course, parameter substitution is the way to go. But, in the meantime, you could try:

INSERT INTO users(username,firstname,lastname,email,password,gender,age) 
    VALUES('$username', '$firstname' , '$lastname', '$email', '$password', '$gender','$age');

Upvotes: 2

Related Questions