it is not inserting a value in the database

Question

I am trying to insert a value in the database but when I open up the database the value is not inserted in the table. Now all of the code is correct in terms of no misspelling or anything like that but why isn't it inserting a value in the DB table?

I just have to say that this field is not a primary key field, I am just testing this field which is a non primary key field, will it not insert a value in the db table if the primary key value is not inserted?

Below is the code:

<?php
    session_start();

    $username="xxx";
    $password="xxx";
    $database="mobile_app";

    mysql_connect('localhost',$username,$password);

    @mysql_select_db($database) or die( "Unable to select database");


    $sql="INSERT INTO Session (Course)
    VALUES
    ('$_POST[course]')";

    mysql_close();

    if (isset($_POST['course'])) {

    $_SESSION['course'] = $_POST['course'];

    }

    ?>

Answer 1

Well .. you have to execute the query, to actually that INSERT statement to take effect.

As for the code in general, you must have learned from so ancient tutorial. The mysql_* function now are more then 10 years old, and no longer maintained. You should not write any new code with mysql_* functions. PHP community is already moving to make them deprecated. You should be using PDO or MySQLi instead.

And stop abusing the error suppression operator @. It is slow and considered to be harmful in most cases.

Instead yo should write something like:

// connect to database
$connection = new PDO('mysql:host=localhost;dbname=mobile_app;charset=UTF-8', 
                      'username', 'password');
$connection->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);

// set up the query 
$query = 'INSERT INTO Session (Course) VALUES(:course)';
$statement = $connection->prepare( $query );
$statement->bindParam( ':course', $_POST['course'], PDO::PARAM_STR, 63 );
// last parameter is max length of field in the table

// perform the query
if ( $statement->execute() )
{
     // everything worked
}

If you want to learn how to use PDO with MySQL: this tutorial will help. If think that MySQLi API would be a better choice, then you will have to find some on your own.

Answer 2

Change your given segment of code to this:

<?php
  session_start();
  $username="xxx";
  $password="xxx";
  $database="mobile_app";
  mysql_connect('localhost',$username,$password);
  @mysql_select_db($database) or die( "Unable to select database");
  if (isset($_POST['course'])) {
    $_SESSION['course'] = $_POST['course'];
    $sql="INSERT INTO Session (Course) VALUES (' ". mysql_real_escape_string( $_POST['course'] ) . "' );";
  }
  mysql_query( $sql );
  mysql_close();
?>

Answer 3

Are you missing the "mysql_query" statement ?

  mysql_query($sql);

You must change the way you wrote the query. It is OPEN for Attacks !

Answer 4

Shouldn't you execute the SQL query somewhere? At the moment, all you do is to assign the sql query to a variable. It is never executed.

(Also, do a google search for Bobby Tables...)

Answer 5

The answer to your question is NO . You cannot insert a value into the database like this (w/o inserting some value for the primary key)

Answer 6

You will need to add the Primary Key in there. You can't add a row to the database without specifying the Primary Key, unless the Primary Key is auto-generated (an Identity).

Edit: as Damien pointed out, you'll need to add the following line after you define the $sql variable.

mysql_query($sql)