0 
<?php
  $sent = $_GET['sent'];

  if($sent == "yes") {

      require('database_connection.php');
      $name = $_GET['name'];
      $desc = $_GET['desc'];
      $email = $_SESSION['Memberid'];

      date_default_timezone_set('Europe/London');
      $date = date("d.m.y"); 



      $sql = 'INSERT INTO `'.$email.'` (`id`, `Note`, `Share Url`, `Name`, `Description`, `Date`, `Type`) VALUES (\'\', \'Enter Note Here.\',  \'\',  \''.$name.'\', \''.$desc.'\', \''.$date.'\', \'Text\')';
      $i = mysqli_query($dbc, $sql);

        if($i) {
            echo '<h2>Created note.</h2>';
            header( 'Location: https://daccaa.com/edits' ) ;
        } else {
            echo '<h2>Failed to create a note for you.</h2>';
            echo $name.'<br />';
            echo $desc.'<br />';
            echo $email.'<br />';
            echo $date.'<br />';
            echo $sql.'<br />';
            echo $i.'<br />';
            echo '<h1 style="visibility: hidden;">_</h1>';
            echo '<a href="https://daccaa.com/contact" class="new">Let us Know.</a>';
        }

  } else {
      echo '<div class="holder">
    <h1>Lets create a new note:</h1>
    <h3 style="visibility: hidden;">_</h3>
        <form method="GET" action="#">
            <input type="text" name="name" class="myBox" placeholder="Enter Name Here" />
            <input type="text" name="desc" class="myBox" placeholder="Enter Description Here" /> <br />
            <input type="hidden" value="yes" name="sent" />
            <input type="submit" value="Generate" class="select" /><br />
            <a href="https://daccaa.com/edits/" class="select">Go Back</a> 
        </form>
    </div>
  </div>';
  }

  ?>

The code above is from my website, the idea behind the code is that it will create a new row in the database with the information upon its execution.

This is what the testing upon failure will echo:

new_test_name
new_test_desc
49
02.07.14
INSERT INTO `49` (`id`, `Note`, `Share Url`, `Name`, `Description`, `Date`, `Type`) VALUES ('', 'Enter Note Here.', '', 'new_test_name', 'new_test_desc', '02.07.14', 'Text')

But I still cannot seem to get the value to enter, This similar method works fine on another page, I can pretty much eliminate the fact that it could be in the database file as it works fine on another page in the same directory.

The structure of the MYSQL database is:

id | Note | Share Url | Name | Description | Date | Type

Please note I will be going over this later to add more ways to prevent SQL injection, I just want to get the basic code sorted out first.

Improve this question
25
  • 2
    If you use mysqli_error() it would tell you what your error is. Commented Jul 2, 2014 at 20:56
  • 1
    Is your ID is not set as autoincrement? If so, you shouldn't use it in insert query Commented Jul 2, 2014 at 20:56
  • 1
    'INSERT INTO '.$email.' Seems to be suspicious to me, did you mean table name? Commented Jul 2, 2014 at 20:57
  • 3
    Did you name your table '49'? Because that's where you're trying to insert to. Commented Jul 2, 2014 at 20:58
  • 1
    You should check if you don't have any unique keys Commented Jul 2, 2014 at 21:01

1 Answer 1

Reset to default
2

From your error message: Duplicate entry '0' for key 'PRIMARY'

I'm assuming id is your primary key. Make sure you have auto increment setup on this column and then just exclude the id field completely in the query.

Right now your inserting a blank ID. Without strict enforcement, MySQL will convert an empty value to a 0 for an integer field. So you are trying to insert into ID 0 every time rather than creating a new row.

Dangers of your query

You are using unsanitized user input in your query (GET). GET, POST, REQUEST, and COOKIE variables should always be used with prepared queries.

Right now I could load your url with something like ?name="'; DELETE FROM 49 WHERE 1;" and wipe out your entire table. Research SQL injections and how to use MySQLi to make prepared queries.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thank you for all of your help. It works fine now. Once again thank you all.
@DannyFranklin read my additions on the dangers of this query.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.