+ 1

Why is my data not being inserted into my database, need help

im getting an error in my sql syntax but the error message clearly shows that the $_POST is fetching the values but still not being submitted...what might be the issue, I know its in the sql query https://code.sololearn.com/wv6ckkjswCW0/?ref=app

23rd Mar 2018, 8:14 AM
Antony O. Onyango
Antony O. Onyango - avatar
10 odpowiedzi
+ 6
What was the error message? can you elaborate more on this matter?
23rd Mar 2018, 8:56 AM
Ipang
+ 5
i think that you can't use database on sololearn
23rd Mar 2018, 8:37 AM
Vukan
Vukan - avatar
+ 4
Have you checked whether there is any character that needs escaping in the input? e.g. if there's a single quote (') in one of the $_POST data you're working on? if there is a character that needs escape sequence you need to check and work on that part first. And I don't know what DBMS you are using, but can you explain the reason why you wrapped the field values in curly brackets {}? I rarely see such method for inserting data, but maybe I'm not aware of such method : ) (Edit) Can you dump the sql query content and post it here? I don't know but if we can see it maybe we can find the problem.
23rd Mar 2018, 9:55 AM
Ipang
+ 2
it said I had an error in my sql syntax and I should check the reference of the version im using.... the connection is made successfully then the problem is inserting the data to my database using the query.
23rd Mar 2018, 9:43 AM
Antony O. Onyango
Antony O. Onyango - avatar
+ 2
found a fix and efficient way to go about this :) first collect the form data and store as variables after escaping.. like this : $name = mysqli_real_escape_string($connection, $POST['name']) ; that collects the form data and stores it in the variable container $name ... then it can be inserted into the database from the query string.
19th Apr 2018, 9:28 PM
Antony O. Onyango
Antony O. Onyango - avatar
+ 1
@CoD4 isnt your query string open to sql-injections..I know its not a good idea to take direct input as text from users when communicating with the database
23rd Mar 2018, 8:47 AM
Antony O. Onyango
Antony O. Onyango - avatar
+ 1
I also just found the method recently.. it was an article on stackoverflow, ill try find it and post link and the only special character is an @ on the email input.how do I escape it?
23rd Mar 2018, 10:07 AM
Antony O. Onyango
Antony O. Onyango - avatar
0
Take a look at https://code.sololearn.com/w7hWMBVuVE58/#php you're also not escaping the input based on this query either so a " could break the query.
23rd Mar 2018, 8:44 AM
C0D4
C0D4 - avatar
0
not here im testing a project on a local server but im having a challenge
23rd Mar 2018, 8:44 AM
Antony O. Onyango
Antony O. Onyango - avatar
0
https://www.sololearn.com/discuss/1238801/?ref=app hey guys.. if u dont mind can i get help on this post?
26th Apr 2018, 7:20 PM
Antony O. Onyango
Antony O. Onyango - avatar