PHP SQL: I cant transfer data from 1 table to another table in database sql using UI button in php file

Question

I'm trying to add a personal contact from the general contacts db table

A user will click the EDIT button then they will view the info before deciding to add it into the personal contact.

I think my problem is that my PHP code can't enter the SESSION name of the logged in user in my SQL INSERT INTO Statement.

Here is the SQL code

WEBPAGE

PHP CODE

if (isset($_POST['add'])) {
    $user                   = $_POST['u_username']; 
    $contact_username       = $_POST['contact_username'];
    
    
    $savesql2 = "INSERT INTO personal_contacts (id,contact_username, u_username) 
    VALUES ( '$id','$contact_username', '$user')";

    mysqli_query($db, $savesql2); 

    $_SESSION['message'] = "Contact saved"; 
    header('location: index.php');
    

}

Answer 1

Your code

$savesql2 = "INSERT INTO personal_contacts (id,contact_username, u_username) 
VALUES ( '$id','$contact_username', '$user')";

assumes that there is an $id , a $contact_username and a $user variable. While $contact_username and $user exists indeed, $id is not defined which will lead to troubles. If $id is automatically set by your table, then you can do the following:

$savesql2 = "INSERT INTO personal_contacts (contact_username, u_username) 
VALUES ( '$contact_username', '$user')";

If not, then you will need to properly set $id as well.

IMPORTANT

Your code is vulnerable to SQL injection, please read about it and refactor your code to make it more secure.