mysql INSERTs back to back are failing randomly

Question

I have tried almost everything I knew but not able to fix this rather weird set of bugs.

I am trying to make 4 INSERTs in a message que table.

$email_start_message, $sms_start_message, $email_end_message and $sms_end_message are strings stored as blobs as in future they will have HTML and images.

The code is below:

$response = array();

$send_status = 0;

$seller_id = 1275;

$re1 = mysql_query("INSERT INTO pos_msg_que(send_status, sid, uid, alert_type, alert_data, send_time) VALUES ('$send_status','$seller_id','$uid','1','mysql_real_escape_string($email_start_message)','$start_time');");

if (!$re1 == 'false') {
  $response['start_email_alert'] =  '1';
} else {
  $response['start_email_alert'] =  '0';
}

$re2 = mysql_query("INSERT INTO pos_msg_que(send_status, sid, uid, alert_type, alert_data, send_time) VALUES ('$send_status','$seller_id','$uid','2','mysql_real_escape_string($sms_start_message)','$start_time');");

if (!$re2 == 'false') {
  $response['start_sms_alert'] =  '1';
} else {
  $response['start_sms_alert'] =  '0';
}

$re3 = mysql_query("INSERT INTO pos_msg_que(send_status, sid, uid, alert_type, alert_data, send_time) VALUES ('$send_status','$seller_id','$uid','3','mysql_real_escape_string($email_end_message)','$end_time');");

if (!$re3 == 'false') {
  $response['end_email_alert'] =  '1';
} else {
  $response['end_email_alert'] =  '0';
}

$re4 = mysql_query("INSERT INTO pos_msg_que(send_status, sid, uid, alert_type, alert_data, send_time) VALUES ('$send_status','$seller_id',  '$uid','4','mysql_real_escape_string($sms_end_message)','$end_time');");

if (!$re4 == 'false') {
  $response['end_sms_alert'] =  '1';
} else {
  $response['end_sms_alert'] =  '0';
}
echo json_encode($response);

}

The table structure is:

+-----------------+------------+------+-----+-------------------+-----------------------------+
| Field           | Type       | Null | Key | Default           | Extra                       |
+-----------------+------------+------+-----+-------------------+-----------------------------+
| id              | int(8)     | NO   | PRI | NULL              | auto_increment              |
| send_status     | int(11)    | NO   |     | NULL              |                             |
| sid             | int(8)     | NO   |     | NULL              |                             |
| uid             | int(8)     | NO   |     | NULL              |                             |
| alert_type      | tinyint(2) | NO   |     | NULL              |                             |
| alert_data      | blob       | NO   |     | NULL              |                             |
| send_time       | datetime   | NO   |     | NULL              |                             |
| advance_time    | int(3)     | NO   |     | NULL              |                             |
| last_attempt_at | timestamp  | NO   |     | CURRENT_TIMESTAMP | on update CURRENT_TIMESTAMP |
+-----------------+------------+------+-----+-------------------+-----------------------------+

Now when I run this code, the JSON response is:

{"start_email_alert":"1 0","start_sms_alert":"0 12","end_email_alert":"1 12","end_sms_alert":"1 12"}

The issues are:

1. The 1st Insert always gets insert ID 0
2. The 2nd Insert is always failing, but the ID is autoincremented
3. The 3rd and 4th Insert is happening but the ID used is that of step 2, so effectively they overwrite.
4. For reasons I cant figure out, the alert_type always shows 1 in DB. Though I am inserting 2,3 literally.

Can someone help me figure this out please?

Answer 1

After being downvoted twice and favorited once, I was perplexed as to what's so wrong with the code. Thanks to @AirThomas and @Jasper, I formatted the code and adopted some best practices, which helped me nail the issue.

The issue was with the strings. They had single quotes and were somehow not getting escaped (mostly, due to some weird character encoding trouble. I didn't bother to get into details). Rather used a simple function from (phpfreaks) to ensure, I am not leaving any stone unturned while escaping. The function is:

function cleanStr($str){
  $str = trim($str);
  if($str == "") return;

  $str = stripslashes($str);//STRIP \ slashes
  if (function_exists(mysqli_real_escape_string)){
    $str = mysqli_real_escape_string($str);
  }else{
    $str = mysql_real_escape_string($str);
  }
  //CONVERT TO HTML
  $str = htmlspecialchars($str);
  //LAST CLEAN UP
  $str = preg_replace("#\'#","",$str);
  return $str;
}

After escaping the strings and parametrizing the code (edited the question to show the latest code), the inserts worked like a charm.

Things I learnt today:

• Escape the strings properly, not just mysql_real_escape_string
• Use mysql_error() like so to catch mysql errors.

echo mysql_errno() . ": " . mysql_error() . "\n";

• Format the query and parametrize it as much as possible
• Format the code properly before posting on SO, else you dont even
• Use PDO or mysqli

I have just started coding (4 weeks back), so apologies for the obvious errors.

Thanks everyone