Question

I am writing a script that uses data from the user to create a page and create a database entry for the created page. Unfortunately, despite the fact that the query I am using was generated by phpmyadmin, the insert does not succeed.

I have attempted using both mysql and mysqli for all of the function calls(not at the same time obviously) but have received the same result regardless.

While I would love to understand why the insert is failing the more pressing issue is the fact that no error is being produced.

The error conditional is being entered but both mysql_error() and mysqli_error() end up empty.

This is the segment of code where the error occurs:

$result = mysqli_query($pvcon,"'INSERT INTO content 
        (content.post_type_id,
        content.content_title,
        content.content_description,
        content.content_link,
        content.user_id,
        content.content_image_path,
        content.date_posted) 
        values (\'".$post_type."\', 
        \'".$title."\', 
        \'".$description."\', 
        \'".$content_link."\', 
        \'".$user_id."\', 
        \'".urlencode($article_image)."\', 
        now())'");
        if (!$result) {
            echo "DB Error, could not list tables\n";
            echo 'MySQL Error: ' . mysqli_error();
            exit;
        }

I have found multiple questions that are similar to mine but none of those solutions have worked for me which leads me to believe that there is some simple step that I am overlooking.

Was it helpful?

Solution

$result = mysqli_query($pvcon,"'INSERT INTO content 
                               ^---
   ..... snip....
        now())'");
              ^----

your entire query is wrong - you've enclosed it in '-quotes, making the ENTIRE query a monolithic string. And your error call never works, because you've forgotten to include the link identifier in the call:

echo 'MySQL Error: ' . mysqli_error($pvcon);
                                    ^^^^^^--missing.

Plus, given the variable names you're using, you're probably ALSO vulnerable to SQL injection attacks, so enjoy having your server pwn3d on top of all this.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top