1

Thanks for taking a look:

Here is the php I'm using to insert the data into the table

<?php

session_start();

//sets a variable from a session value
if (isset($_SESSION['sv_01'])) {$sv_01=$_SESSION['sv_01'];} else {$sv_01="";}

//to test that the variable has been set and is not empty
echo $sv_01;

//define database log in stuff
$username="username123";
$password="password123";
$database="database01";
$table="my_table";
$dbaddress="123.123.123.123";

//connect to dbserver
$con=mysql_connect($dbaddress,$username,$password); 

if (!$con) 
{ 
die('Could not connect:' .mysql_error()); 
} 

//select the db
mysql_select_db($database) or die( "Unable to select database"); 

//insert data from variables
mysql_query("INSERT INTO $table 
(
$sv_01
)
VALUES 
(
'$sv_01'
)");

mysql_close($con);

?>

I run this, and then go to check out the contents of the DB. Using MySQL workbench I open the connection and the database and table in question, select all rows and there is no data contained in the table.

MySQL info: Collation: latin1 - default collation Engine: MyISAM datatype: sv_01 VARCHAR (255) default: NULL

Any ideas what I am doing incorrectly?

Improve this question
5
  • 1
    Please stop whatever you're doing now and learn to use the newer mysqli or PDO interfaces to MySQL. mysql_query SHOULD NOT BE USED because it is extremely dangerous. You have a SQL injection bug in this example here that needs immediate attention. Commented Aug 1, 2012 at 22:22
  • Change your code to $res = mysql_query(...); if (!$res) die(mysql_error()); it will tell you why the data isn't being inserted. Commented Aug 1, 2012 at 22:24
  • er, ok! have removed this straight away. Care to point me in the right direction for what to do here? I'll look up what you mention, thanks. Commented Aug 1, 2012 at 22:27
  • 1
    @ drew010 ah ha thanks! great tip. Sounds like I need to resolve this securit risk @tadman mentions first, will look into both Commented Aug 1, 2012 at 22:28
  • PDO isn't that hard and will make it almost impossible to expose yourself to a SQL injection bug if you do it properly, it's safe by default. It also makes your queries easier to read since the query and the data are usually kept separate. Sorry to be so severe but mysql_query is very dangerous unless you know how to use it properly. Side effects of mis-use may include: job loss, disruption of company operations and destruction of stock valuation. Commented Aug 1, 2012 at 22:31

2 Answers 2

Reset to default
5

I believe that the name of the field is sv_01 not $sv_01

I would try:

$query = "INSERT INTO $table (sv_01) VALUES ('$sv_01')";

Update (dedicated to tadman):
A small piece of advice: DO NOT use mysql_query

Improve this answer
6
  • 1
    Unescaped user input injected into SQL directly? Using mysql_query? What could possibly go wrong? Commented Aug 1, 2012 at 22:28
  • 3
    @tadman +1 of course you're right, but I'm tired of telling people to use PDO/MySqli cause they're just "inviting" sql-injections. Btw, why -1 ? Commented Aug 1, 2012 at 22:30
  • The last thing the internet needs is yet another example using mysql_query. Please stop using it. SQL injections are not an academic concern. Ask anyone with a name like "O'Malley" how much they like SQL escaping. It's trivial to express this using mysqli with placeholders and it encourages best practices, which is really what StackOverflow is all about. Commented Aug 1, 2012 at 22:33
  • 2
    @tadman I agree with you, but, your point is out of scope. I answered his question and chose to ignore the fact that he uses mysql_query since I saw that you already commented on this issue. The example was relevant for the code that he gave. Commented Aug 1, 2012 at 22:38
  • 2
    Thanks very much for pointing out the error I made @alfasin - that's certainly the cause of my actual issue. Also sorry to cause the mysql query controversy - since you have edited your answer with advice about not using it - I think it's fine for me to accept yours an answer without risking leading other novices astray! Thanks again and I'll learn how to be safe with mysqli. Commented Aug 1, 2012 at 23:32
0

Use localhost insted af your IP (if possible), and make your connection easy to read:

$con=mysql_connect($dbaddress,$username,$password) OR DIE mysql_error();

AND you also have to give you mysql_query a variable: 

$mysql = mysql_query("INSERT INTO $table ($sv_01) VALUES ('".$sv_01."');");

:)

Improve this answer
2
  • Do not use mysql_query unless you have a very good reason. That it was in the question is not an excuse. Commented Aug 1, 2012 at 22:34
  • Why not? mysql_query isn't dangerous :P Commented Aug 2, 2012 at 0:13

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.