1

Hey I am trying to make a page that inserts some strings into a MySQL table but it just dosn't seem to be working for me. Here is the code I am using at the moment.

<?php
mysql_connect($address, $username, $password);
@mysql_select_db($database) or die("Unable to select database");
$query = "insert INTO user (movieid, moviename)('" . $id . "','" . $name . "') or die(mysql_error())"; 
mysql_query($query);
mysql_close();
?>

Where am i going wrong?

Improve this question

3 Answers 3

Reset to default
2

There should be no die() at all, but trigger_error() instead.
And data must be properly formatted for the query:

<?php
mysql_connect($address, $username, $password);
mysql_select_db($database);

$id    = mysql_real_escape_string($id);
$name  = mysql_real_escape_string($name);

$query = "insert INTO user (movieid, moviename) VALUES ('$id','$name')"; 
mysql_query($query) or trigger_error((mysql_error().$query);
?>

Always do any mysql job this way

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2
  • You have or die in the wrong place.
  • You have omitted the VALUES keyword. See the documentation for INSERT.

The query should just be this:

"INSERT INTO user (movieid, moviename) VALUES ('" . $id . "','" . $name . "')";

The or die should come after the call to mysql_query.

You may also have an SQL injection vulnerability. Consider using mysql_real_escape_string.

Improve this answer

Comments

1

Like this:

$query = "INSERT INTO user (movieid, moviename) VALUES ('" . $id . "','" . $name . "')";  
mysql_query($query) or die(mysql_error());
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.