Why wont this simpy "INSERT INTO" query work

StackOverflow https://stackoverflow.com/questions/22771249

Domanda

I´m creating a simple register and login system for a school project where you sign up through a form.

This is my code for the sign up process (without the bunch of tests´ that determine if fields were left empty etc.), this is just the query part.

Sorry about the variables containing Danish signs (ÆØÅ), and being in danish, but i have made a couple of tests where it didn´t matter if i used æøå or some other kind of letters.

I simply can´t understand why this little piece of code won´t work: 

//I retrieve alot of variables from a form

 $Fornavn = mysql_real_escape_string($_POST["Fornavn"]); 
 $Efternavn = mysql_real_escape_string($_POST["Efternavn"]); 
 $Koen = mysql_real_escape_string($_POST["Koen"]); 
 $Etnicitet = mysql_real_escape_string($_POST["Etnicitet"]); 
 $Brugernavn = mysql_real_escape_string($_POST["Brugernavn"]);
 $Password = mysql_real_escape_string($_POST["Password"]);
 $Mail = mysql_real_escape_string($_POST["Mail"]);
 $Haarfarve = mysql_real_escape_string($_POST["Haarfarve"]);
 $Oejenfarve = mysql_real_escape_string($_POST["Oejenfarve"]);
 $Vaegt = mysql_real_escape_string($_POST["Vaegt"]);
 $Hoejde = mysql_real_escape_string($_POST["Hoejde"]);

     //The query 

 mysqli_query($con, "INSERT INTO bruger (Fornavn, Efternavn, Køn, Etnicitet, Brugernavn, Password, Mail, Hårfarve, Øjenfarve, Vaegt, Højde)
VALUES ('$Fornavn', '$Efternavn', '$Koen', '$Etnicitet', '$Brugernavn', '$Password',     '$Mail', '$Haarfarve', '$Oejenfarve', '$Vaegt', '$Hoejde')");
echo $Fornavn;

Edit: I know it doesn´t work since nothing appears in my mysql database after i run the code. It just returns zero rows (i use phpmyadmin btw.) And i don´t really get any error messages or anything.

As suggested i have tried to use Mysqli_* for my variables instead:

 //I retrieve alot of variables from a form
 $Fornavn = mysqli_real_escape_string($con,$_POST["Fornavn"]); 
 $Efternavn = mysqli_real_escape_string($con,$_POST["Efternavn"]); 
 $Koen = mysqli_real_escape_string($con,$_POST["Koen"]); 
 $Etnicitet = mysqli_real_escape_string($con,$_POST["Etnicitet"]); 
 $Brugernavn = mysqli_real_escape_string($con,$_POST["Brugernavn"]);
 $Password = mysqli_real_escape_string($con,$_POST["Password"]);
 $Mail = mysqli_real_escape_string($con,$_POST["Mail"]);
 $Haarfarve = mysqli_real_escape_string($con,$_POST["Haarfarve"]);
 $Oejenfarve = mysqli_real_escape_string($con,$_POST["Oejenfarve"]);
 $Vaegt = mysqli_real_escape_string($con,$_POST["Vaegt"]);
 $Hoejde = mysqli_real_escape_string($con,$_POST["Hoejde"]);

 //The query
   mysqli_query($con, "INSERT INTO bruger (Fornavn, Efternavn, Køn, Etnicitet, Brugernavn,   Password, Mail, Hårfarve, Øjenfarve, Vaegt, Højde)
   VALUES ('$Fornavn', '$Efternavn', '$Koen', '$Etnicitet', '$Brugernavn', '$Password',    '$Mail', '$Haarfarve', '$Oejenfarve', '$Vaegt', '$Hoejde')");
   echo $Fornavn;

But it doesn´t work.

Everything is stored as "Varchar" in the database with collation "utf8_danish_ci".

Answer to comments:

@John @Jayaram I do not retrieve any error messages, or perhaps i don´t know where they go? Im really new to Mysql and PHP.

@Adunahay Vaegt and Højde are stored as Varchar in the table.

@Gordon The code for the connection is as follows:

//We check the connection 
$con = mysqli_connect("localhost","Mads","","meat-market");
//If there is a fail. 
if (mysqli_connect_errno()) 
    { 
    echo "<h1> Det er vores fejl:</h1><br /><h2>Kunne ikke forbinde til Databasen:</h2><br /> " . mysqli_connect_error();
    exit;
    }

Altough im sure the table exist and the database does since i can see it in Phpmyadmin. The user Mads also has all of the necessary permissions.

@Raphaël I´m not aware if you can use special chars, but i have made a couple of tests before where i tried with special chars and it seemed to work fine.

@dboals I don´t know what you mean (i´m new to php), further explanation would be welcomed.

È stato utile?

Soluzione

It's because you're using mysql_* for your POST variables and mysqli_* for your DB connection and in your query using $con as the first variable, which is mysqli_* syntax.

Change:

$Fornavn = mysql_real_escape_string($_POST["Fornavn"]);

to

$Fornavn = mysqli_real_escape_string($con,$_POST["Fornavn"]);

and do the same for the others.

Sidenote: Use all mysqli_* functions exclusively for your entire code --- mysqli_* and mysql_* functions do not mix together.. (which I recommend you use and with prepared statements, or PDO)

  • An example of preparing and binding for mysqli_ can be found HERE.

Altri suggerimenti

I found out what was wrong. First off i needed to change mysql_* to mysqli_* in my variables.

But after that it still didn´t work.

Then i tried to change the letters "æ ø å" to something that wasn´t special letters in the database.

It didn´t seem to matter in the variable names tho.

So instead:

  • Æ = AE
  • Ø = OE
  • Å = AA

So apparently special characters are no go, eventough it seems to be a bit inconsistent since i have done it with special characters before... I don´t know if it is dependent of the collaction of the database...

But thanks to everyone!

EDIT!:

I´m using the UTF8_Danish_ci collation in my table and all the rows.

But after this i still had the problem that if i entered a special character in the form, it would show up as A| or something like that in the database.

I have fixed this by doing the following for each variable that comes from the form: 

 $Fornavn =utf8_decode($_POST["Fornavn"]);
 $Fornavn = mysqli_real_escape_string($con,$Fornavn);

And add the following parameter to my FORM tag: 

accept-charset="UTF-8"

Still haven´t been able to execute mysqli queries where the row names contains Æ Ø or Å.

Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a StackOverflow
scroll top