0

I'm trying to insert some data into my mysql database. The connection is working fine but im having a problem with sending the query correctly to the database. Below you can find the code in my php file. I also post what for type of fields they are in the Database.

Fields in the mysql database:
Reservaties_id = int
Materialen_id = int
aantal = int
effectief_gebruikt = tinyint
opmerking = Varchar2
datum_van = date
datum_tot = date


$resID = $_REQUEST['resID'];
    $materialen_id = $_REQUEST['materialen_id'];
    $aantal = $_REQUEST['aantal'];
    $effectief_gebruikt = $_REQUEST['effectief_gebruikt'];
    $opmerking = $_REQUEST['opmerking'];
    $datum_van = date('YYYY-MM-DD',$_REQUEST['datum_van']);
    $datum_tot = date('YYYY-MM-DD',$_REQUEST['datum_tot']);



            $string = "INSERT INTO `materialen_per_reservatie`(`reservaties_id`, `materialen_id`, `aantal`, `effectief_gebruikt`, `opmerking`, `datum_van`, `datum_tot`) VALUES ($resID, $materialen_id, $aantal, $effectief_gebruikt, '$opmerking', $datum_van, $datum_tot)";
            mysql_query($string);
Improve this question
0

3 Answers 3

Reset to default
1

you have to include single quotes for the date fields '$dataum_van'

$string = "INSERT INTO `materialen_per_reservatie`(reservaties_id, materialen_id, aantal, effectief_gebruikt, opmerking, datum_van, datum_tot) VALUES ($resID, $materialen_id, $aantal, $effectief_gebruikt, '$opmerking', '$datum_van', '$datum_tot')";

and this is only a example query, while implementing don't forget to sanitize your inputs

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Your code has some serious problems that you should fix. For one, it is not doing any error checking, so it's no surprise the query breaks silently when it fails. Check for errors and it will tell you what goes wrong - how to do it is outlined in the manual on mysql_query() or in this reference question.. Example:

$result = mysql_query($string);

// Bail out on error 
if (!$result)  
  { 
    trigger_error("Database error: ".mysql_error(), E_USER_ERROR); 
    die();
   }

In this specific case, I'm fairly sure it's because you are not putting your values into quotes after the VALUES keyword.

Also, the code you show is vulnerable to SQL injection. You need to escape every value you use like so:

$resID = mysql_real_escape_string($_REQUEST['resID']);

for this to work, you need to put every value in your query into quotes.

Improve this answer

Comments

0

try this

$string = "INSERT INTO `materialen_per_reservatie`(`reservaties_id`) VALUES ('".$resID."')";
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.