Jump to content

Help - mysql error!


Recommended Posts

I have a form defined by the following code:

<form name="input" action="insert.php" method="get"> <input type="text" name="meeting"><input type="Submit" value="Gravar"></form>

And, in other file (insert.php), I want to insert in the database the information that the user introduced onto the form with the following code:

 <?php session_start(); ?><html><body><?php $link = mysqli_connect('localhost', 'root');if (!$link) { die('Nao foi possivel conectar: ' . mysqli_error()); }else{echo 'Conexao bem sucedida';echo "<br />";}mysqli_select_db("databasexpto", $link); $appoint = mysqli_query("INSERT INTO appointments (`what`, `owner`) VALUES('$_POST['meeting']','$_SESSION['userID']')"); if (!mysqli_query($link,$sql)) {die('Error: ' . mysqli_error());}else{ echo "1 record added";} mysqli_close($link);?></body></html>

When I execute the code I receive the following error: Parse error: syntax error, unexpected '' (T_ENCAPSED_AND_WHITESPACE), expecting identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING) in C:\Program Files\EasyPHP-12.1\www\files\insert.php on line 21 Can someone help me?

Edited by Adam Brave
Link to post
Share on other sites

Your query is vulnerable to SQL injection attacks, if you're using mysqli then you should be using parameterized queries to solve that problem and also make sure your data gets inserted correctly. That query would fail if the value in the form has a single quote in it, for example. http://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php As far as generally putting variables like arrays into strings, check the Complex Syntax notes here: http://www.php.net/manual/en/language.types.string.php#language.types.string.parsing

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...