1

I am trying to insert some data into my database with this code: 

        $username = $_SESSION['user'];
        $naslov = $_POST['naslov'];//name
        $geslo = $_POST['geslo'];//password
        $vsebina = $_POST['vsebina'];//description

        if (trim($_POST['naslov'])=="" || $_POST['geslo']=="" || $_POST['vsebina']==""){
        $status = "<div class='alert-danger'>Fields are empty</div>";
           }
     else{
        $link = open_database_connection();

        echo $username;
        echo $naslov;
        echo $geslo;
        echo $vsebina;

        $sql = "INSERT INTO projects (name, password, description, username) VALUES ('$naslov','$geslo','$vsebina','$username')";
         mysqli_query($link, $sql);

        close_database_connection($link);
        $status = "<div class='alert-success'>Vic je bil dodan.</div>";
        }

The echo show the values i am putting into the forms, the SQL does not show any errors it just doesn't insert the values into the table.

Improve this question
5
  • echo mysqli_error($link); Commented Dec 16, 2016 at 16:19
  • You are using close_database_connection instead of mysqli_close($link), is there maybe more fancy stuff that can break the code. What does open_database_connection() really do? Did the open_database_connection() also select the right Database? Commented Dec 16, 2016 at 16:21
  • Show more relevant code! Show database table structure? Use what @Farkie says. By the way: Do you really want to save PASSWORDS plain into the Database? Commented Dec 16, 2016 at 16:25
  • You are wide open for SQL injection. Since you're using mysqli, take advantage of prepared statements and bind_param. This can also fix any pesky quoting issues that may be cropping up. Commented Dec 16, 2016 at 16:27
  • The problem was that i accidentally put a space in my db name column. echo mysql_error($ink); show me the problem. i will add protection to the code. striptags, trimtags and and the password will be encriped with sha1. Commented Dec 16, 2016 at 16:31

1 Answer 1

Reset to default
0

check if form method is POST if its not then change the code to

     $username = $_SESSION['user'];
    $naslov = $_GET['naslov'];//name
    $geslo = $_GET['geslo'];//password
    $vsebina = $_GET['vsebina'];//description

    if (trim($_GET['naslov'])=="" || $_GET['geslo']=="" || $_GET['vsebina']==""){
    $status = "<div class='alert-danger'>Fields are empty</div>";
       }
 else{
    $link = open_database_connection();

    echo $username;
    echo $naslov;
    echo $geslo;
    echo $vsebina;

    $sql = "INSERT INTO projects (name, password, description, username) VALUES ('$naslov','$geslo','$vsebina','$username')";
     mysqli_query($link, $sql);

    close_database_connection($link);
    $status = "<div class='alert-success'>Vic je bil dodan.</div>";
    }
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.