0

I have a problem with INSERT SQL sentence. It just do nothing! (and not showing any error). When I am printing $qry, it looks just fine. what can be the problem? This is the code:

<?php 
include('conn.php');
$result=mysql_query("SET NAMES utf8 COLLATE utf8_general_ci",$mysql_link);
$result=mysql_query("SELECT * FROM users where userID=".$_SESSION['IDENT'],$mysql_link);
if (!$result)
{

    echo "ERROR: error occured in MySQL query.";

}
else 
{

    if(mysql_num_rows($result)==1)
    {

    //This will be shown only to registered users.
    while ($row=mysql_fetch_array($result))
        {
            if (($row['userRank']==100)||($row['userRank']==10))
                {
                    $qry="INSERT INTO users (NickName, username, userpass, userEmail, userRank, userOOlamR, userPhone, userPhone2, userStr, userCity, userMikud, userOOlamID) VALUES ('" . $_POST['nname'] . "', '" . $_POST['username'] . "', '" . md5($_POST['userpass']) . "', '" . $_POST['email'] . "', 2, 1, '" . $_POST['cellphone1'] . "', '" . $_POST['cellphone2'] . "', '" . $_POST['street'] . "', '" . $_POST['city'] . "', " . $_POST['mikud'] . ", " . $_POST['oolam'] . ")";
                    $res=mysql_query($qry ,$mysql_link);
                    ?><div align="center">
                    <table width="50%" height="20%" style="Border-Style:dotted;Border-Width:1px;Border-Color:a01220;background-color: rgba(190, 200, 230, 0.5);">
                    <td><div align="Center"><font face="Arial" size="2" color="Black"> SUCCESS!<br></div></td>
                    </table>
                    </div><div align="left">
                    <?php
                    echo $qry; ?>
                    </div><?php
                }
            Else
                {
                    //SECURITY
                }



        }
    }
}
include('cconn.php');
?>

The problem was I had another field in the table that I didn't treat in my INSERT statement at all.

Improve this question
11
  • 3
    Your indentation style is horrible. Put your curly brackets on the same indentation level as the control statement they belong to. Besides that, your large if..else blocks can be optimized and you need to fix the SQL injection issues in your code. And you might want to consider not using HTML elements that are deprecated for years now (<font>). Commented Jan 5, 2012 at 1:25
  • As for the identation style, sorry I'm a newbie to PHP. I just whant it to work and then continue with sql injections issues... it just adding nothing to the DB... Commented Jan 5, 2012 at 1:28
  • Are you sure your input isn't terminating the query? You'll likely be lectured on security for blindly accepting session and post data in your query. look into mysql_real_escape_string Commented Jan 5, 2012 at 1:29
  • 1
    @Tzahi: I don't understand what you expect to happen in this code that is not happening. You mentioned "update SQL" but I don't see any updates. Is it failing to insert a record into the users table? Did I understand correctly that it is echoing out the insert statement to the screen, or is it not getting to that point in the code? Commented Jan 5, 2012 at 1:30
  • where is the update statement Commented Jan 5, 2012 at 1:30

1 Answer 1

Reset to default
2

In your query the mistake lines here..

$qry="INSERT INTO users (NickName, username, userpass, userEmail, userRank, userOOlamR, userPhone, userPhone2, userStr, userCity, userMikud, userOOlamID) VALUES ('" . $_POST['nname'] . "', '" . $_POST['username'] . "', '" . md5($_POST['userpass']) . "', '" . $_POST['email'] . "', 2, 1, '" . $_POST['cellphone1'] . "', '" . $_POST['cellphone2'] . "', '" . $_POST['street'] . "', '" . $_POST['city'] . "', " . $_POST['mikud'] . ", " . $_POST['oolam'] . ")";

use this

  $nickname=mysql_real_escape_string($_POST['nname']);
    $username=mysql_real_escape_string($_POST['username']);
    $userpass=md5(mysql_real_escape_string($_POST['userpass']));
    $useremail=mysql_real_escape_string($_POST['email']);
    $userrank=2;
    $useroolamR=1;
    $userphone=mysql_real_escape_string($_POST['cellphone1']);
    $userphone2=mysql_real_escape_string($_POST['cellphone2']);
    $userstr=mysql_real_escape_string($_POST['street']);
    $usercity=mysql_real_escape_string($_POST['city']);
    $usermikud=$_POST['mikud'];
    $useroolamid=$_POST['oolam'];

    $qry="INSERT INTO users (NickName, username, userpass, userEmail, userRank, userOOlamR, userPhone, userPhone2, userStr, userCity, userMikud, userOOlamID) VALUES ('$nickname','$username','$userpass','$useremail', $userrank, $useroolamR,'$userphone','$userphone2','$userstr','$usercity',$usermikud,$useroolamid)";
Improve this answer
Sign up to request clarification or add additional context in comments.

10 Comments

Well, thank you for your answer, it is more arranged this way, but still it isn't working, and echoing it OK, just as it was before...
That wasn't a mistake because "userMikud" and "userOOlamID" are setted to be an int in the MySQL DB.
now it says: Parse error: syntax error, unexpected '=' [on the line $qry="INSERT INTO users...]
if you can let us know the table structure so it will be easy to solve the issue
OOPS, I've pasted it without the "$" sign so that was why the error appeared. now I fixed it and it still the same... :(
|

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.