My php script is not inserting the contents of my array into MySql database.Here's a code snippet.
<?php
session_start();
$host="localhost";
$user="root";
$password="";
$database="burudani db";
$con=mysqli_connect($host,$user,$password,$database);
if(!$con or !$database){
echo'Connection to MySQL failed!';
echo json_encode(0);
}else{
$datx=$_POST['data'];
if(isset($_POST['data'])){
$title=$datx[0];
$year=$datx[1];
$format=$datx[3];
$type=$datx[5];
$genre=$datx[6];
$desc=$datx[7];
$actors=$datx[11];
$imi=$datx[8];
$imr=$datx[9];
$pos=$datx[10];
$comments=$datx[2];
$price=$datx[4];
$sql="insert into `movies` values(NULL,'$title','$year','$format','$type','$genre','$desc','$actors','$imi','$imr','$pos','$comments','$price') or die(mysql_error());";
$result=mysqli_query($con,$sql);
if(!$result){
echo json_encode(1);
}
else{
echo json_encode(2);
}
}
else if(!isset($_POST['dat'])){
echo json_encode(3);
}
}
mysqli_close($con);
?>
The array $datx is sent via ajax from javascript. Now it only inserts a record if the title
exists in the database. For example, if I try to insert a record with the title as 'Harry Potter' and there is no record in the database with title 'Harry Potter', it won't insert. I have tried using unset($datx);
but no success. The title
field is of type text in MySQL. Please help, thanks.
Don't mesh up between mysql
and mysqli
.
Also you have mixed up query and mysql error function
$sql="insert into `movies` values(NULL,'$title','$year','$format','$type','$genre','$desc','$actors','$imi','$imr','$pos','$comments','$price')";
//echo $sql ; die; try to print and debug it before executing
$result=mysqli_query($con,$sql) or die(mysqli_error($con));
There is an error in your SQL. or die(mysql_error())
does not belong there.
I suspect that you mean to write:
$sql="insert into `movies` values(NULL,'$title','$year','$format','$type','$genre','$desc','$actors','$imi','$imr','$pos','$comments','$price')";
$result=mysqli_query($con,$sql) or die(mysqli_error());
But note that your script is vulnerable to SQL injection attacks
Please read up on prepared statements . Your code will become something like this:
// create a statement with placeholders for variables
$statement = mysqli_prepare($con, "insert into `movies` values(NULL, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
// bind the variables to the placeholders
// note: I do not know what datatypes you're expecting, so have assumed strings.
// modify the 'ssssssssssss' as required
mysqli_stmt_bind_param($statement, 'ssssssssssss', $title, $year, $format, $type, $genre, $desc, $actors, $imi, $imr, $pos, $comments, $price);
// execute the statement or show error (on production environment
// consider logging instead of displaying errors
mysqli_stmt_execute($statement) or die(mysqli_error());
// clean up the statement
mysqli_stmt_close($statement);
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.