0

I have this variables :

$cliente = mysqli_real_escape_string($conn, htmlentities($_GET["cliente"]));
$metatickt = mysqli_real_escape_string($conn, htmlentities($_GET["metatickt"]));
$metaext = mysqli_real_escape_string($conn, htmlentities($_GET["metaext"]));
$metaenc = mysqli_real_escape_string($conn, htmlentities($_GET["metaenc"]));
$uf = mysqli_real_escape_string($conn, htmlentities($_GET["estado"]));

And I'm trying to do this query :

$queryInst = "INSERT  meta_control (mes,cliente,meta_exit,meta_tickt,meta_enc,uf)"
          . " VALUES (MONTH(NOW()),'" . $cliente . "','" . $metaext . "','" . $metatickt . "','" . $metaenc . "','" . $uf . "')";
 mysqli_query($conn, $queryInst);

But when I check my db the only column that is not NULL is mes. What could be the cause to this?

Improve this question
7
  • 1
    Consider using a prepared statement instead of manually embedding strings in a query. It will prevent SQL injection and make it harder to improperly escape strings. Commented Jun 20, 2016 at 17:00
  • I will , but first I need this to work properly Commented Jun 20, 2016 at 17:01
  • 2
    Can you var_dump() the values before running, for instance $uf and see what it is showing? I would assume it's the values as "mes" is the only one your not pushing variables through too. Commented Jun 20, 2016 at 17:01
  • 1
    Since mes is the only value that gets inserted correctly, and is the only value you don't grab from htmlentities, your $_GET values must be messing up somehow. Commented Jun 20, 2016 at 17:02
  • Are those values coming from a form? If so, you'd likely want $_POST instead of $_GET. Commented Jun 20, 2016 at 17:03

2 Answers 2

Reset to default
1

You should have to use proper query. INSERT INTO

$queryInst = "INSERT INTO meta_control (mes,cliente,meta_exit,meta_tickt,meta_enc,uf)"
              . " VALUES (MONTH(NOW()),'" . $cliente . "','" . $metaext . "','" . $metatickt . "','" . $metaenc . "','" . $uf . "')";
mysqli_query($conn, $queryInst);
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

You are probably getting an SQL error. You should check for such errors using mysqli_error($conn) - http://php.net/manual/en/mysqli.error.php. In this case you probably have an error caused by the absence of the INTO keyword in your SQL query, which should be INSERT INTO .... http://dev.mysql.com/doc/refman/5.7/en/insert.html

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.