Nic727 Posted November 25, 2016 Share Posted November 25, 2016 (edited) Hi, I have a very weird problem, but I don't see where is my error. I have a form where it suppose to send the result into the data base, but Insert into doesn't work at all. <?php $con = mysql_connect("localhost","root",""); mysql_select_db("databasename", $con); mysql_query("SET NAMES 'utf8'"); if(!isset($_POST["envoyer"])){ ?> <form action="#action=completed" method="post"> <label for="nom">Nom de l'étudiant</label><br> <input type="text" id="nom" name="nom" value="" placeholder="Prénom et nom" maxlength="35"><br> <label for="num">Numéro de l'étudiant</label><br> <input type="text" id="num" name="num" value="" placeholder="#######" maxlength="7"><br> <label for="motpasse">Mot de passe</label><br> <input placeholder="ex:Chaise123" type="text" id="motpasse" name="motpasse" value="" maxlength="25"><br> <label for="motpasse2">Confirmer le mot de passe</label><br> <input placeholder="ex:Chaise123" type="text" id="motpasse2" name="motpasse2" value="" maxlength="25"><br> <label>Associer un milieu de stage</label><br> <select id="milieu" name="milieu"> <option value="">Ne pas associer tout de suite</option> <option value="" disabled="disabled">---Milieux de stage---</option> <?php $sql = "SELECT * FROM employeurs"; $result=mysql_query($sql,$con); while($row = mysql_fetch_array($result)){ echo "<option value='".$row['noemployeur']."'>".$row['nomemployeur']." - ".$row['nomcompagnie']."</option>"; } ?> </select><br> <label>Associer un superviseur</label><br> <select id="superviseur" name="superviseur"> <option value="">Ne pas associer tout de suite</option> <option value="" disabled="disabled">---Superviseurs---</option> <?php $sql = "SELECT * FROM superviseurs"; $result=mysql_query($sql,$con); while($row = mysql_fetch_array($result)){ echo "<option value='".$row['noemploye']."'>".$row['nomemploye']."</option>"; } ?> </select><br> <input type="submit" id="envoyer" name="envoyer" value="Créer"><br> </form> <?php }else{ $nom = $_POST["nom"]; $num = $_POST["num"]; $motpasse = $_POST["motpasse2"]; $emp = $_POST["milieu"]; $super = $_POST["superviseur"]; $sql = "INSERT INTO stagiaires (nometudiant, noetudiant, mdpetudiant)VALUES('$nom', '$num', '$motpasse')"; $sql = "INSERT INTO associations (noetudiant, noemployeur, noemploye)VALUES('$num', '$emp', '$super')"; Any ideas? Don't know if it's because of Wamp or not, but it's very weird since it's working well manually into phpmyadmin with the online editor. Maybe it's how I wrote my variables, but I don't think it's that. I tried like : '$num' '".$num."' $num ".$num." But it's not working at all. Edited November 25, 2016 by Nic727 Link to comment Share on other sites More sharing options...
Ingolme Posted November 26, 2016 Share Posted November 26, 2016 I see you creating an SQL string, but no database connection is open.You should never put variables in the SQL. You should use prepared statements. There's a page in the tutorial about prepared statements. http://www.w3schools.com/php/php_mysql_prepared_statements.asp Link to comment Share on other sites More sharing options...
Nic727 Posted November 27, 2016 Author Share Posted November 27, 2016 I have a connection on top. Are you sure about variable in SQL, because with DELETE, UPDATE and SELECT it's working correctly. Link to comment Share on other sites More sharing options...
Ingolme Posted November 28, 2016 Share Posted November 28, 2016 It works, but only if the user doesn't put special characters in the text. If the user's name is O'Reilly your code will break. The code you posted has this: $sql = "INSERT INTO stagiaires (nometudiant, noetudiant, mdpetudiant)VALUES('$nom', '$num', '$motpasse')"; $sql = "INSERT INTO associations (noetudiant, noemployeur, noemploye)VALUES('$num', '$emp', '$super')"; but that's just creates a string, where's the code that executes the SQL string? Link to comment Share on other sites More sharing options...
Nic727 Posted November 28, 2016 Author Share Posted November 28, 2016 I forgot to add this little code at the bottom of my example : $result=mysql_query($sql,$con); but it's there and doesn't work. Link to comment Share on other sites More sharing options...
Ingolme Posted November 28, 2016 Share Posted November 28, 2016 Are you getting any error messages? It's advised to not use the mysql library, it is deprecated due to security vulnerabilities. The PHP manual has a warning: http://php.net/mysql_query WarningThis extension was deprecated in PHP 5.5.0, and it was removed in PHP 7.0.0. Instead, the MySQLi or PDO_MySQL extension should be used. See also MySQL: choosing an API guide and related FAQ for more information. Alternatives to this function include: mysqli_query() PDO::query() Link to comment Share on other sites More sharing options...
justsomeguy Posted November 28, 2016 Share Posted November 28, 2016 Any new code should use mysqli or PDO, not mysql, and you should definitely use prepared statements. If you were using one of those extensions with prepared statements then you wouldn't have issues caused by how to add data to your queries. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now