Jump to content

Can't use INSERT INTO


Nic727

Recommended Posts

Hi,

 

I have a very weird problem, but I don't see where is my error.

 

I have a form where it suppose to send the result into the data base, but Insert into doesn't work at all.

<?php
$con = mysql_connect("localhost","root","");
	mysql_select_db("databasename", $con);
	mysql_query("SET NAMES 'utf8'");


 if(!isset($_POST["envoyer"])){
?>
<form action="#action=completed" method="post">
		<label for="nom">Nom de l'étudiant</label><br>
			<input type="text" id="nom" name="nom" value="" placeholder="Prénom et nom" maxlength="35"><br>
		<label for="num">Numéro de l'étudiant</label><br>
			<input type="text" id="num" name="num" value="" placeholder="#######" maxlength="7"><br>
							
		<label for="motpasse">Mot de passe</label><br>
			<input placeholder="ex:Chaise123" type="text" id="motpasse" name="motpasse" value="" maxlength="25"><br>
			<label for="motpasse2">Confirmer le mot de passe</label><br>
			<input placeholder="ex:Chaise123" type="text" id="motpasse2" name="motpasse2" value="" maxlength="25"><br>
						
		<label>Associer un milieu de stage</label><br>
			<select id="milieu" name="milieu">
				<option value="">Ne pas associer tout de suite</option>
				<option value="" disabled="disabled">---Milieux de stage---</option>
				
				<?php
					$sql = "SELECT * FROM employeurs";
					$result=mysql_query($sql,$con);
				
					while($row = mysql_fetch_array($result)){
						
						echo "<option value='".$row['noemployeur']."'>".$row['nomemployeur']." - ".$row['nomcompagnie']."</option>";
						
					}
				?>
			</select><br>
							
		<label>Associer un superviseur</label><br>
			<select id="superviseur" name="superviseur">
				<option value="">Ne pas associer tout de suite</option>
				<option value="" disabled="disabled">---Superviseurs---</option>
				<?php
					$sql = "SELECT * FROM superviseurs";
					$result=mysql_query($sql,$con);
				
					while($row = mysql_fetch_array($result)){
						
						echo "<option value='".$row['noemploye']."'>".$row['nomemploye']."</option>";
						
					}
				?>							
			</select><br>
						
		<input type="submit" id="envoyer" name="envoyer" value="Créer"><br>
</form>
<?php
}else{
	$nom = $_POST["nom"];
	$num = $_POST["num"];
	$motpasse = $_POST["motpasse2"];
	
	$emp = $_POST["milieu"];
	$super = $_POST["superviseur"];
	
	
	$sql = "INSERT INTO stagiaires (nometudiant, noetudiant, mdpetudiant)VALUES('$nom', '$num', '$motpasse')";
	$sql = "INSERT INTO associations (noetudiant, noemployeur, noemploye)VALUES('$num', '$emp', '$super')";
Any ideas?

 

Don't know if it's because of Wamp or not, but it's very weird since it's working well manually into phpmyadmin with the online editor. Maybe it's how I wrote my variables, but I don't think it's that.

 

I tried like :

 

'$num'

'".$num."'

$num

".$num."

 

But it's not working at all.

Edited by Nic727
Link to comment
Share on other sites

I see you creating an SQL string, but no database connection is open.

You should never put variables in the SQL. You should use prepared statements. There's a page in the tutorial about prepared statements.

http://www.w3schools.com/php/php_mysql_prepared_statements.asp

Link to comment
Share on other sites

It works, but only if the user doesn't put special characters in the text. If the user's name is O'Reilly your code will break.

 

The code you posted has this:

$sql = "INSERT INTO stagiaires (nometudiant, noetudiant, mdpetudiant)VALUES('$nom', '$num', '$motpasse')";
$sql = "INSERT INTO associations (noetudiant, noemployeur, noemploye)VALUES('$num', '$emp', '$super')";

but that's just creates a string, where's the code that executes the SQL string?

Link to comment
Share on other sites

Are you getting any error messages?

 

 

It's advised to not use the mysql library, it is deprecated due to security vulnerabilities. The PHP manual has a warning: http://php.net/mysql_query

 

Warning

This extension was deprecated in PHP 5.5.0, and it was removed in PHP 7.0.0. Instead, the MySQLi or PDO_MySQL extension should be used. See also MySQL: choosing an API guide and related FAQ for more information. Alternatives to this function include:

Link to comment
Share on other sites

Any new code should use mysqli or PDO, not mysql, and you should definitely use prepared statements. If you were using one of those extensions with prepared statements then you wouldn't have issues caused by how to add data to your queries.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...