PHP not inserting array into MySQL database

Question

My php script is not inserting the contents of my array into MySql database.Here's a code snippet.

<?php

session_start();

$host="localhost";
$user="root";
$password="";
$database="burudani db";
$con=mysqli_connect($host,$user,$password,$database);

if(!$con or !$database){
        echo'Connection to MySQL failed!';
        echo json_encode(0);
    }else{


        $datx=$_POST['data'];
        if(isset($_POST['data'])){

        $title=$datx[0];
        $year=$datx[1];
        $format=$datx[3];
        $type=$datx[5];
        $genre=$datx[6];
        $desc=$datx[7];
        $actors=$datx[11];
        $imi=$datx[8];
        $imr=$datx[9];
        $pos=$datx[10];
        $comments=$datx[2];
        $price=$datx[4];

        $sql="insert into `movies` values(NULL,'$title','$year','$format','$type','$genre','$desc','$actors','$imi','$imr','$pos','$comments','$price') or die(mysql_error());";
        $result=mysqli_query($con,$sql);

        if(!$result){
            echo json_encode(1);
        }
        else{
            echo json_encode(2);
        }
        }
        else if(!isset($_POST['dat'])){
            echo json_encode(3);
        }   
}

mysqli_close($con);
?>

The array $datx is sent via ajax from javascript. Now it only inserts a record if the title exists in the database. For example, if I try to insert a record with the title as 'Harry Potter' and there is no record in the database with title 'Harry Potter', it won't insert. I have tried using unset($datx); but no success. The title field is of type text in MySQL. Please help, thanks.

Answer 1

Don't mesh up between mysql and mysqli .

Also you have mixed up query and mysql error function

$sql="insert into `movies` values(NULL,'$title','$year','$format','$type','$genre','$desc','$actors','$imi','$imr','$pos','$comments','$price')";

//echo $sql ; die; try to print and debug it before executing

  $result=mysqli_query($con,$sql) or die(mysqli_error($con));

Answer 2

There is an error in your SQL. or die(mysql_error()) does not belong there.

I suspect that you mean to write:

$sql="insert into `movies` values(NULL,'$title','$year','$format','$type','$genre','$desc','$actors','$imi','$imr','$pos','$comments','$price')";
$result=mysqli_query($con,$sql) or die(mysqli_error());

But note that your script is vulnerable to SQL injection attacks

Please read up on prepared statements . Your code will become something like this:

// create a statement with placeholders for variables
$statement = mysqli_prepare($con, "insert into `movies` values(NULL, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");

// bind the variables to the placeholders
// note: I do not know what datatypes you're expecting, so have assumed strings. 
// modify the 'ssssssssssss' as required
mysqli_stmt_bind_param($statement, 'ssssssssssss', $title, $year, $format, $type, $genre, $desc, $actors, $imi, $imr, $pos, $comments, $price);

// execute the statement or show error (on production environment
// consider logging instead of displaying errors
mysqli_stmt_execute($statement) or die(mysqli_error());

// clean up the statement
mysqli_stmt_close($statement);