0

I am trying to insert values into a table in my database. The first param is a non null variable, the next two are the two columns I want to pass in as well. What is wrong with my logic here.

$query  = "SELECT cnum, cname FROM course WHERE specialization = '0'";  
 $result = mysqli_query($conn,$query);

 if (!$result) die ("Database access failed: " . $conn->error);

 $rows = $result->num_rows;    
for ($j =0; $j<$rows;++$j) {

     $row = mysqli_fetch_array($result);
     $query = "INSERT INTO student_schedule VALUES ('$studentID', '$row[0]', '$row[1]', '0')";

     $result = $conn->query($query);
     if (!$result) die ("Database access failed: " . $conn->error);

 }
Improve this question
2
  • Is that not working? Any error thrown? Commented Apr 28, 2016 at 3:18
  • Yeah I get the expected $result to be parameter but boolean instead passed to mysqli_fetch_array Commented Apr 28, 2016 at 3:34

2 Answers 2

Reset to default
1

Your solution

<?php
$query  = "SELECT cnum, cname FROM course WHERE specialization = '0'";  
$result = mysqli_query($conn,$query);
if (!$result) die ("Database access failed: " . $conn->error);

while ($row = mysqli_fetch_array($result)) {
    $insertQuery = "INSERT INTO student_schedule VALUES ('" . $conn->real_escape_string($studentID) . "', '" . $conn->real_escape_string($row[0]) . "', '" . $conn->real_escape_string($row[1]) . "', '0')");
    $insert = $conn->query($insertQuery);
    if (!$result) die ("Database access failed: " . $conn->error);
}
?>

Also, as a general rule, I suggest you don't mix MySQLi Procedural code with Object-Oriented code. Lastly, I also suggest you remove error outputting $conn->error, instead, capture the error and print out a custom error message instead. This reduces injection attacks.

Improve this answer
Sign up to request clarification or add additional context in comments.

10 Comments

after changing to your solution I get Notice: Undefined offset: 0 in C:\xampp\htdocs\journalism.php on line 140 Notice: Undefined offset: 1 in C:\xampp\htdocs\journalism.php on line 140 Notice: Use of undefined constant result - assumed 'result' in C:\xampp\htdocs\journalism.php on line 142
@Murph_Fish change $insert = $conn->query($insertQuery); to $result = $conn->query($insertQuery); incase you are using the solution by @LFlare. also $ missing in your if (!result) die ("Database access failed: " . $conn->error);
@VipindasKS after those fixes I am getting undefined offset 0 and undefined offset 1 pointing to $insertquery any ideas?
Did you change if (!result) to if (!$result)? I mean did you add dollar sign to the result variable?
@Murph_Fish can you please post the error? And, which line causing error.
|
0

Your code is vulnerable to SQL Injections, that might to be the reason why it doesn't work properly.

You should escape the data before including it into an SQL query:

for ($j =0; $j<$rows;++$j) {

    $row = mysqli_fetch_array($result);
    $query = $conn->prepare("INSERT INTO student_schedule VALUES (?, ?, ?, '0')";
    $query->bind_param('iss', $studentID, $row[0], $row[1]);
    $result = $query->execute();
    if (!$result) die ("Database access failed: " . $conn->error);

}

You can find more information on the bind_param() function in the PHP manual.

Improve this answer

2 Comments

after plugging this in I get Fatal error: Cannot pass parameter 5 by reference in C:\......... on line 145
@Murph_Fish yes, there was an issue. The answer is edited now, you can try again.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.