MYSQL INSERT problem

Question

$body = $_POST['post'];
$submit = $_POST['submit'];
$date = date("Y-m-d");
require('php/connect.php');

if($submit)
{

$query = mysql_query("INSERT INTO news (`id`, `body`, `date`) VALUES (NULL, '".$body."', '".$date."')");
header("Location: index.php");
}

I do not understand why this isn't working, I took the query straight from PHP my admin after writing a line simular myself before hand and it still isn't working, can someone hep?

Answer 1

Comment out your header("Location: index.php"); and append or die(mysql_error()); at the end of your query code that will show you what went wrong. You should also "mysql_real_escape_string" your user input before inserting it into your database.

$body = mysql_real_escape_string($_POST['post']);
$submit = $_POST['submit'];
$date = date("Y-m-d");
require('php/connect.php');

if($submit)
{

$query = mysql_query("INSERT INTO news (`id`, `body`, `date`) VALUES (NULL, '$body', '$date')") or die(mysql_error());
//header("Location: index.php");
}

Answer 2

I just suggest to handle mysql error

$query = mysql_query("INSERT INTO news (`id`, `body`, `date`) VALUES (NULL, '".$body."', '".$date."')")
 or trigger_error(mysql_error());

and if id is primary key that can not be null

you should escape user input using mysql_real_escape_string function.

What happen if I put "that's it " value in your $body input, your query will fail.

Answer 3

you definitely should escape your input values using mysql_real_escape_string

With mysql_error you can print out an error message but you need the connection identifier as a parameter.