CODEWITHSUNDEEP
phpmysqlisql-insertinsert-update
Firman Styono
Firman Styono

Reputation: 1

Saving data into a table

I try to save the data into a table but it doesn't work. But another program with similar code does, why?

<?php
    $nik =  $_POST['nik'];
    $no_kk =  $_POST['no_kk'];
    $nama =  $_POST['nama'];
    $lahir =  $_POST['lahir'];          
    $jenis_kelamin =  $_POST['jk'];
    $nope =  $_POST['no_hp']; 
    $no_tps =  $_POST['no_tps'];
    $pekerjaan =  $_POST['pekerjaan']; 
    $pendidikan =  $_POST['pendidikan'];
    $agama = $_POST['agama'];
    $tgl = $_POST['tgl'];      

    $simpan=$_POST['simpan'];
    $sql = "INSERT INTO tb_tj_beringin (NIK, NO_KK, NAMA_LENGKAP, JENIS_KELAMIN, TEMPAT_LAHIR, TANGGAL_LAHIR, AGAMA, PENDIDIKAN_AKHIR, JENIS_PEKERJAAN, NO_HP, NO_TPS) VALUES ('$nik', '$no_kk', '$nama','$alamat','$jenis_kelamin','$lahir','$tgl', '$agama', '$pendidikan', '$pekerjaan', '$nope', '$no_tps')";
    $data = mysqli_query('$koneksi, $sql');
    if(isset($simpan)){
         $data = $koneksi->query($sql);
         if($data){
             ?>
             <script type="text/javascript">
                alert ("Data Berhasil Disimpan");
                window.location.href="?page=anggota";
             </script>

             <?php
         }
         else{
              echo "error";
         }
    }
?>

Upvotes: 0

Views: 33

Answers (1)

paulsm4
paulsm4

Reputation: 121669

This is wrong: ...VALUES ('$nik', '$no_kk', '$nama'...).

The problem that in PHP, single quotes prevent variable expansion. So you're never actually inserting the value of $nik (or anything else).

A second problem is that you should never, EVER insert data from the web request directly into your database. NEVER TRUST USER DATA. That's a HUGE vulnerability.

A neat solution to BOTH problems is simply to use prepared statements.

Upvotes: 1

Related Questions