PHP和MYSQL将信息插入数据库，无法正常工作。

Question

<?php
  $sent = $_GET['sent'];

  if($sent == "yes") {

      require('database_connection.php');
      $name = $_GET['name'];
      $desc = $_GET['desc'];
      $email = $_SESSION['Memberid'];

      date_default_timezone_set('Europe/London');
      $date = date("d.m.y"); 



      $sql = 'INSERT INTO `'.$email.'` (`id`, `Note`, `Share Url`, `Name`, `Description`, `Date`, `Type`) VALUES (\'\', \'Enter Note Here.\',  \'\',  \''.$name.'\', \''.$desc.'\', \''.$date.'\', \'Text\')';
      $i = mysqli_query($dbc, $sql);

        if($i) {
            echo '<h2>Created note.</h2>';
            header( 'Location: https://daccaa.com/edits' ) ;
        } else {
            echo '<h2>Failed to create a note for you.</h2>';
            echo $name.'<br />';
            echo $desc.'<br />';
            echo $email.'<br />';
            echo $date.'<br />';
            echo $sql.'<br />';
            echo $i.'<br />';
            echo '<h1 style="visibility: hidden;">_</h1>';
            echo '<a href="https://daccaa.com/contact" class="new">Let us Know.</a>';
        }

  } else {
      echo '<div class="holder">
    <h1>Lets create a new note:</h1>
    <h3 style="visibility: hidden;">_</h3>
        <form method="GET" action="#">
            <input type="text" name="name" class="myBox" placeholder="Enter Name Here" />
            <input type="text" name="desc" class="myBox" placeholder="Enter Description Here" /> <br />
            <input type="hidden" value="yes" name="sent" />
            <input type="submit" value="Generate" class="select" /><br />
            <a href="https://daccaa.com/edits/" class="select">Go Back</a> 
        </form>
    </div>
  </div>';
  }

  ?>

The code above is from my website, the idea behind the code is that it will create a new row in the database with the information upon its execution.

This is what the testing upon failure will echo:

new_test_name
new_test_desc
49
02.07.14
INSERT INTO `49` (`id`, `Note`, `Share Url`, `Name`, `Description`, `Date`, `Type`) VALUES ('', 'Enter Note Here.', '', 'new_test_name', 'new_test_desc', '02.07.14', 'Text')

But I still cannot seem to get the value to enter, This similar method works fine on another page, I can pretty much eliminate the fact that it could be in the database file as it works fine on another page in the same directory.

The structure of the MYSQL database is:

id | Note | Share Url | Name | Description | Date | Type

Please note I will be going over this later to add more ways to prevent SQL injection, I just want to get the basic code sorted out first.

Answer 1

From your error message: Duplicate entry '0' for key 'PRIMARY'

I'm assuming id is your primary key. Make sure you have auto increment setup on this column and then just exclude the id field completely in the query.

Right now your inserting a blank ID. Without strict enforcement, MySQL will convert an empty value to a 0 for an integer field. So you are trying to insert into ID 0 every time rather than creating a new row.

Dangers of your query

You are using unsanitized user input in your query (GET). GET, POST, REQUEST, and COOKIE variables should always be used with prepared queries.

Right now I could load your url with something like ?name="'; DELETE FROM 49 WHERE 1;" and wipe out your entire table. Research SQL injections and how to use MySQLi to make prepared queries.