-2

I am generating a list of images and looking to insert a specific image based on wether or not a submit button has been pressed alongside my image.

Here is my code to generate a list of images. Alongside the images is the submit button, like count and other data:

// Display results
foreach ($media->data as $data) {
echo "<a href=\"{$data->link}\"</a>";
echo "<h4>Photo by: {$data->user->username}</h6>";
echo $pictureImage = "<img src=\"{$data->images->thumbnail->url}\">";
echo "<h5>Like Count for Photo: {$data->likes->count}</h5>";
echo "<form>";
echo '<input type="submit" onClick=post()>';
echo "</form>";
}

I am then trying to insert that picture into my database:

InstagramImages(DB) - image(field)

function post() {

        $hostname = "redacted";
        $username = "redacted";
        $dbname = "redacted";

        //These variable values need to be changed by you before deploying
        $password = "redacted";
        $usertable = "InstagramImages";

        //Connecting to your database
        mysql_connect($hostname, $username, $password) OR DIE ("Unable to 
        connect to database! Please try again later.");
        mysql_select_db($dbname);

        $sql="INSERT INTO $usertable (image) VALUES ('$pictureImage')";

        if (!mysqli_query($con,$sql)) {
            die('Error: ' . mysqli_error($con));
        }

        echo "1 record added";

        mysqli_close($con);
}

Any help would be appreciated. I need help creating the right INSERT query for the php variable $pictureImage.

Improve this question
5
  • um.. what's the problem or error your having exactly? Commented Jul 31, 2013 at 17:49
  • @JustAnil Sorry see edits. Commented Jul 31, 2013 at 17:50
  • as your html suggest generated by foreach loop, there will be multiple submit button with same name in a single page, having same function call post(); so you have to identify which submit button is pressed by passing some unique id parameter to that, Commented Jul 31, 2013 at 17:52
  • possible duplicate of How to prevent SQL injection in PHP? Commented Jul 31, 2013 at 18:08
  • Always use bind_param to add values to your SQL queries, never use string interpolation without proper escaping or you will have nasty SQL injection bugs. It's unclear here why you're using mysql_connect and mysqli_query as the two are completely incompatible. You should be using mysqli or PDO, not mysql_query at all. Commented Jul 31, 2013 at 18:23

2 Answers 2

Reset to default
0

also, <form> should be <form method='post'>

instead of onclick = post() change it to name='post'

and instead of function post(){ make it if($_POST['post']){

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Double quotes or single quotes for name='post'
@asg whichever, it technically doesnt matter. i prefer using single quotes in my html
I believe the problem now exists with my insert query. Any suggestions?
@asg this is going to be what developerCK said, you have many duplicates of the same form which is going to screw things up.
0 
echo '<input type="submit" onClick=post()>';

onClick=post() - This is a javascript event used only for javascript but the post() function you have written in php code so it cannot insert into your tatabase table.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.