2

I'm having some issues trying to insert a query into the database. I have this php form that should do an insert query but nothing happens, not even an error.

This is an example query with the form:

INSERT INTO FlashVideoList ('title', 'urltitle', 'description', 'tags', 'category', 'filename', 'filetype', 'size', 'uploadedbyuser', 'uploadtime') VALUES ('testtitle','testtitle','test','testtags','FlashVideo','SMILE!.swf','application/x-shockwave-flash','1007525','0','1339102426');

i echoed the contents of the query to get this

This is the php code:

function MySqlQuery($Query)
{
    // Invokes global connection info
    global $MySQL_Host, $MySQL_Username, $MySQL_Password, $MySQL_Database, $MySQL_Port;
    global $mysqli;

    // runs query
    $result = $mysqli->query($Query);
    return $result;
}

$mysqli = new mysqli($MySQL_Host, $MySQL_Username, $MySQL_Password, $MySQL_Database, $MySQL_Port);

    MySqlQuery("INSERT INTO FlashVideoList ('title', 'urltitle', 'description', 'tags', 'category', 'filename', 'filetype', 'size', 'uploadedbyuser', 'uploadtime') " .
    "VALUES ('" . $mysqli->real_escape_string($_SESSION['Title']) . "','" . $mysqli->real_escape_string(GetUrlTitle()) . "','" . $mysqli->real_escape_string($_SESSION['Description']) . "','" .
    $mysqli->real_escape_string($_SESSION['Tags']) . "','" . $_SESSION['Category'] . "','" . $mysqli->real_escape_string($FlashFileName) . "','" . $mysqli->real_escape_string($_FILES["file"]["type"]) . "','" .
    $mysqli->real_escape_string($_FILES["file"]["size"]) . "','" . $mysqli->real_escape_string($UploadUserID) . "','" . time() . "');");

mysqli_free_result($result);
mysqli_close($mysqli);

Any help is appereciated, thanks Select queries work fine with this same code

EDIT: Alright, i've made some progress, it seems that about everything possible is wrong with this code :P so yeah this is my query now:

INSERT INTO FlashVideoList (`title`, `urltitle`, `description`, `tags`, `category`, `filename`, `filetype`, `size`, `uploadedbyuser`, `uploadtime`) VALUES (`letitle`,`letitle`,``,`tagzz`,`FlashVideo`,`585336_pokemonsnewgrounds.swf`,`application/x-shockwave-flash`,`5058231`,`0`,`1339103842`);

And if I run it directly through navicat i get the error:

[Err] 1054 - Unknown column 'letitle' in 'field list'

Anyone know what i'm doing wrong? :/

Improve this question
10
  • 6
    MySQL identifiers should be quoted using the backtick character ` not the apostrophe character '. Commented Jun 7, 2012 at 21:03
  • 4
    You are not doing any error checking so its no wonder it doesn't output an error even when there is one, isn't it? The manual on mysqli_query() shows how to check for errors: php.net/manual/en/mysqli.query.php Commented Jun 7, 2012 at 21:03
  • 1
    Column names should be in backticks, not quotes Commented Jun 7, 2012 at 21:04
  • 1
    Can you run that INSERT query directly in the database and see whether it generates an error? Commented Jun 7, 2012 at 21:04
  • 2
    Using backticks should fix it, but make sure you do add some error handling nevertheless. One more thing, consider using parametrized queries, those will no longer require real_escape_string: stackoverflow.com/questions/728229/parameters-in-mysqli Commented Jun 7, 2012 at 21:09

3 Answers 3

Reset to default
1

Read the error message. What error message? Well, that's another issue, but it would have said why the insert failed1.

One (but perhaps not the only) problem as mentioned in the comments is that ' is not a valid identifier quote and thus results in a parse error. In MySQL the default is `, but it can be changed (to ") if using ANSI quotes.

INSERT INTO FlashVideoList (`title`, ...)

1 Here is an example of basic error handling for mysqli (scroll to the bottom). The basic idea is, if the query returns FALSE then something failed and error can/should be consulted.

Also, I'd recommend cleaning up the code and getting rid of the "proxy" function call.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Use msysqli_error() to help find out the error

eg. mysqli_query($query) or die(mysqli_error());

Improve this answer

Comments

0

Why use backticks (or single quotes) in the first place? They let you use reserved words, but that's not something I'd propagate. Use sensible column names instead.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.