RedAndBlack Posted May 6, 2022 Share Posted May 6, 2022 (edited) Hi I seem to have encountered an issue inserting data into data base. I have done this so many times before and for some reason I cant work out why it isnt working this time around. My assumption is that I'm using words I cant use as row names perhaps , I'm not sure that's why I'm here. EDIT: here is the full list of row names for this table as not all are included in the insert command timestamp watchid username symbol timeframe orderid price qty maxbid stoploss buyamount <?php session_start(); include('con.php'); $conn = mysqli_connect("localhost", "root", "", "tradl"); $amount= $_POST['amount']; // amount to buy in currency buying with.. if btcusdt the amount is of usdt spent on position $maxbid= $_POST['maxbid']; $stoploss= $_POST['stoploss']; $user= $_SESSION['username']; $watchid= $_SESSION['id']; $timeframe= $_SESSION['timeframe']; $symbol= $_POST['symbol']; //insert details into database ........ this isnt inserting for some reason $insert = "INSERT INTO orderbook (watchid, username, symbol, timeframe, maxbid, stoploss, buyamount) VALUES ('$watchid', '$user', '$symbol', '$timeframe', '$maxbid', '$stoploss', '$amount')"; mysqli_query($conn, $insert); //echo "$user <br /> $symbol <br /> timeframe $timeframe <br /> amount $amount <br /> max bid $maxbid <br />stop loss $stoploss <br /> id $watchid"; ?> Edited May 6, 2022 by RedAndBlack Link to comment Share on other sites More sharing options...
Ingolme Posted May 6, 2022 Share Posted May 6, 2022 The first step is to check for errors: //insert details into database ........ this isnt inserting for some reason $insert = "INSERT INTO orderbook (watchid, username, symbol, timeframe, maxbid, stoploss, buyamount) VALUES ('$watchid', '$username', '$symbol', '$timeframe', '$maxbid', '$stoploss', '$amount')"; $result = mysqli_query($conn, $insert); // CHECK FOR ERRORS if (!$result) { echo "Error: " . $insert . "<br>" . mysqli_error($conn); } Aside from that, you need to read about and use prepared statements: https://www.w3schools.com/php/php_mysql_prepared_statements.asp Your PHP code is vulnerable to SQL injection. If you put this on a live site it's only a matter of time before a malicious crawler arrives and starts testing your forms for vulnerabilities.They're very common, I get them on my websites all the time. Link to comment Share on other sites More sharing options...
RedAndBlack Posted May 6, 2022 Author Share Posted May 6, 2022 thank you, I managed to get it working. its been almost a decade since I wrote any php and boy am I rusty hehe. thanks for the tips, at the moment its just something im running at home but if i do choose to go live with it ill definitely be protecting all of the forms from sql injection. thanks again Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now