I'm trying to add a personal contact from the general contacts db table
A user will click the EDIT button then they will view the info before deciding to add it into the personal contact.
I think my problem is that my PHP code can't enter the SESSION name of the logged in user in my SQL INSERT INTO Statement.
Here is the SQL code
if (isset($_POST['add'])) {
$user = $_POST['u_username'];
$contact_username = $_POST['contact_username'];
$savesql2 = "INSERT INTO personal_contacts (id,contact_username, u_username)
VALUES ( '$id','$contact_username', '$user')";
mysqli_query($db, $savesql2);
$_SESSION['message'] = "Contact saved";
header('location: index.php');
}
Your code
$savesql2 = "INSERT INTO personal_contacts (id,contact_username, u_username)
VALUES ( '$id','$contact_username', '$user')";
assumes that there is an $id
, a $contact_username
and a $user
variable. While $contact_username
and $user
exists indeed, $id
is not defined which will lead to troubles. If $id
is automatically set by your table, then you can do the following:
$savesql2 = "INSERT INTO personal_contacts (contact_username, u_username)
VALUES ( '$contact_username', '$user')";
If not, then you will need to properly set $id
as well.
IMPORTANT
Your code is vulnerable to SQL injection, please read about it and refactor your code to make it more secure.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.