0

Here is my code - I'm attempting to attach a bunch of user_id 's to a piece of content.

if (empty($errors)) // If everything's OK.
{ 
    foreach($_POST['userId'] as $row)
    {
        $query = " ('".$row[learner_id]."', '".$postId."', '".$id."' ),";
    }

    $query = substr_replace($query,"",-1);
    $mysql_return = mysqli_query("INSERT INTO subs (userId, postId, account_id ) VALUES ".$query) or die(mysql_error());
}

Would love any help you could give - it's not working...

Improve this question
3
  • What error do you have? I guess you have an extra , at then end of your statement. Commented Jan 28, 2011 at 4:12
  • Please define "its not working" Commented Jan 28, 2011 at 4:13
  • he error message I get is "mysqli_query() expects at least 2 parameters, 1 given" on that last line... Commented Jan 28, 2011 at 4:13

3 Answers 3

Reset to default
1

And how's it not working? Syntax error? Silently puking? You're not escaping your POST data, so if any of those contain at least one single quote, that'll cause a syntax error right there, plus leaving you wide open for sql injection attacks.

Or maybe a foreign key check is failing... many possibilities, but you haven't given us nearly enough info to tell. What error message(s) are you getting?

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

The error message I get is "mysqli_query() expects at least 2 parameters, 1 given" on that last line... (I'll also add the mysqli_real_escape_string to the post data)
The first argument to most mysqli_*() functions in procedural mode should be the database link handle.
0

Ok, I see several issues:

  1. You are not using parameters or escaping, opening yourself up WIDE to sql injection attacks. See mysqli_real_escape_string.

  2. What are you possibly sending to $_POST['userId'] that would make itself an array?

  3. Unless learner_id is a constant, then this is a syntax error. If it is an array key, put it in quotes.

  4. Where are $postId and $id coming from ?

Improve this answer

1 Comment

Thank. 1. I know I've got to escape the post data. 2. The info sent there is the Id's from a form - I can verify it's being sent in an array. 3. learner_id was a copy/paste mistake, should read userId... it does in my script. 4. $postId and $id are constants
0

The first parameter to mysqli_query is the identifier returned by mysqli_connect, whereas you're just giving it the query directly.

It should be like this,

$link = mysqli_connect("host", "user", "pass", "db");
$mysql_return = mysqli_query($link, "INSERT INTO subs (userId, postId, ac...
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.