Could not able to execute sql code

Question

2.00/5 (1 vote)

See more:

HI all

I want to insert my html form data to my database

this is my form:

XML

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Add Records Form</title>
</head>
<body>
<form action="insert.php" method="post">
    <p>
        <label for="firstName">First Name:</label>
        <input type="text" name="firstname" id="firstName">
    </p>
    <p>
        <label for="lastName">Last Name:</label>
        <input type="text" name="lastname" id="lastName">
    </p>
    <p>
        <label for="emailAddress">Email Address:</label>
        <input type="text" name="email" id="emailAddress">
    </p>
    <input type="submit" value="Add Records">
</form>
</body>
</html>

and this is the insert.php :

PHP

<?php
$link = mysqli_connect("127.0.0.1", "root","", "person");
 
// Check connection
if($link === false){
    die("ERROR: Could not connect. " . mysqli_connect_error());
}
 
// Escape user inputs for security
$first_name = mysqli_real_escape_string($link, $_POST['firstname']);
$last_name = mysqli_real_escape_string($link, $_POST['lastname']);
$email_address = mysqli_real_escape_string($link, $_POST['email']);

// attempt insert query execution
$sql = "INSERT INTO table (name, email, comment) VALUES ('$first_name', '$last_name', '$email_address')";
if(mysqli_query($link, $sql)){
    echo "Records added successfully.";
} else{
    echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
}
 
// close connection
mysqli_close($link);
?>

but I have this error when I click the form button :
ERROR: Could not able to execute

please help!

Posted 12-Feb-15 9:14am

amir.nazarizadeh

Add a Solution

2 solutions

Solution 2

As an addition to solution 1, instead of placing the variables inside to SQL statement, use the bind_param, see 3.10.4 mysqli_stmt::bind_param, mysqli_stmt_bind_param[^]

Posted 12-Feb-15 9:22am

Wendelius

v2

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

**Zoltán Zörgő** · Accepted Answer · 2015-02-12T09:18:00

Solution 1

Is table the name of your table?
If yes - which is a baaaaad idea, as it is a reserved word, you need to escape it.
If ANSI MODE is ON, than put it between double quotes, else use back tick (`) escaping.

Posted 12-Feb-15 9:18am

Zoltán Zörgő

Comments

Sergey Alexandrovich Kryukov 12-Feb-15 15:21pm

5ed... :-)
—SA

amir.nazarizadeh 12-Feb-15 15:22pm

thanks and thanks :)
fixed :)