-2

Hey I'm fairly novice when it comes to php and sql so forgive me if this is a mess but I am trying to switch my code from mysql to mysqli and these queries are no longer working. I have tried a bunch of stuff and from what I can tell this looks correct but it still isn't working. The user I'm logging into the db with definitely has the permissions to insert and delete. Am I missing something obvious?

$db_host        = 'localhost';
$db_user        = 'db_user';
$db_pass        = 'password';
$db_database    = 'database';

$db = new mysqli($db_host, $db_user, $db_pass, $db_database);

if ($_POST['submit2']){
    $promo = $_POST['promotext'];

    $sql = "INSERT INTO 'promo' ('words') VALUES ('$promo')";
    mysqli_query($db, $sql);

    echo ("<SCRIPT LANGUAGE='JavaScript'>
            window.alert('Posted Succesfully!.')
            window.location.href='promo.html'
            </SCRIPT>");
    exit();
}

if ($_POST['delete']){

    $sql = "DELETE FROM 'promo' WHERE id>0";
    mysqli_query($db, $sql);

    echo ("<SCRIPT LANGUAGE='JavaScript'>
        window.alert('Deleted Succesfully!.')
        window.location.href='promo.html'
        </SCRIPT>");
    exit();
}
Matt Murphy
  • 1
  • 2

1 Answers1

0

Do you realize that you are NOT executing the command in $sql? Just run the command with mysqli_query( $connection, $sql ) and the issue is fixed.

As mentioned in a comment use the backticks ` for the table names.

And, please read these sections regarding SQL injection:

  1. PHP Manual
  2. SO post
Community
  • 1
  • 1
Peter VARGA
  • 4,167
  • 3
  • 33
  • 69
  • Ah stupid mistake. Hm even after I added that it's still not deleting from my db though. I tried mysqli_query( $sql ) and it said it needed 2 parameters so I added my db login variable(which I assume is what goes there based on what I've seen) mysqli_query($db, $sql). Could it be anything else? – Matt Murphy Apr 10 '16 at 16:06
  • @MattMurphy Please edit your post with the additional code. – Peter VARGA Apr 10 '16 at 16:09