Reputation: 1
(MySQL/PHP) Inserting data into MySQL table using PHP
I'm developing a web app for movie reviews. I am writing the page where reviews are created and am having issues with the data for a new review being uploaded to the MySQL database. When I submit a new review I get the created successfully message, however the database remains unchanged.
The POST data is gathered by forms located on the same page.
Connect.php:
<?php
$connection = mysql_connect('localhost', 'root', '');
if (!$connection){
die("Database Connection Failed" . mysql_error());
}
$select_db = mysql_select_db('mydb');
if (!$select_db){
die("Database Selection Failed" . mysql_error());
}
?>
Here's my PHP code:
<?php
session_start();
require("connect.php");
if(isset($_SESSION['critic_name'])){
$movie_id=NULL;
if (isset($_POST['reviewmovie']) && isset($_POST['rating'])){
$movie_title = $_POST['reviewmovie'];
$review_title = $_POST['review_title'];
$movie_id = mysql_query("SELECT movie_id FROM Movies WHERE 'movie_title'=".$_POST['reviewmovie']." ") or die(mysql_error());
$mem_id = mysql_query("SELECT mem_id FROM Members WHERE 'critic_name'=".$_SESSION['critic_name']." ") or die(mysql_error());
$rating = $_POST['rating'];
$comments = $_POST['comments'];
$result = mysql_num_rows($movie_id);
$result2 = mysql_num_rows($mem_id);
if(!$result && !$result2){
$query = mysql_query("INSERT INTO `Reviews` (review_id, rating, comments, mem_id movie_id, review_title) VALUES ('$rating', '$comments', '$mem_id', '$movie_id', '$review_title')");
if($query){
$msg = "Review Created Successfully.";
}
}
}
}
?>
Upvotes: 0
Views: 166
Answers (1)
Reputation: 74216
Remove the quotes from both WHERE 'movie_title' and WHERE 'critic_name' those are column names and not variables. If you absolutely want to wrap them in something, use backticks `` `.
Plus, change ".$_POST['reviewmovie']." to '".$_POST['reviewmovie']."' and ".$_SESSION['critic_name']." to '".$_SESSION['critic_name']."'
You also forgot a comma in between mem_id and movie_id (which will break your query).
(review_id, rating, comments, mem_id movie_id, review_title)
^ // <- right there
Change it to:
(review_id, rating, comments, mem_id, movie_id, review_title)
Sidenote: Your present code is open to SQL injection. Use mysqli_* functions. (which I recommend you use and with prepared statements, or PDO)
Footnotes:
mysql_* functions deprecation notice:
http://www.php.net/manual/en/intro.mysql.php
This extension is deprecated as of PHP 5.5.0, and is not recommended for writing new code as it will be removed in the future. Instead, either the mysqli or PDO_MySQL extension should be used. See also the MySQL API Overview for further help while choosing a MySQL API.
These functions allow you to access MySQL database servers. More information about MySQL can be found at » http://www.mysql.com/.
Documentation for MySQL can be found at » http://dev.mysql.com/doc/.
Upvotes: 1
Related Questions
- inserting data from php to database mysql table
- Inserting data in mysql database with php
- Inserting data into database using php and mysql
- insert to sql with php
- Inserting data to db in PHP
- Inserting Data into MySQL Table via PHP
- php sql insert into table
- Inserting Data into MySql from php
- Inserting into mysql database with php
- Help - Insert into MySQL Database Using PHP