-1

School project where i need to enter info in html input to get data in database, but for some reason i wont transfer data into db and says that mysqli_query fails (not the error message, its echo in last if statement).

<?php
if (isset($_POST['submit'])) {
    $name = $_POST['name'];
    $team = $_POST['team'];
    $points = $_POST['points'];

    $host = "localhost";
    $username = "admin";
    $password = "admin";
    $db = "seminarski";
    $conn = new mysqli($host, $username, $password, $db);
    
    if (!$conn) {
        die("Connection failed!" . mysqli_connect_error());
        echo "Connection fail";
    }

    $query = "INSERT INTO f1_tabela (racename, team, points) VALUES ($name, $team, $points)";
    $run = mysqli_query($conn, $query);
    echo "Connected// ";

    if ($query) {
        echo $name;
        echo $team;
        echo $points;
        echo "// Info filled //";
    }

    if ($run) {
        echo " Success //";
    }

    mysqli_close($conn);
    echo " Fail //";
}
?>
M. Eriksson
  • 12,711
  • 4
  • 26
  • 38
Danilo Vracar
  • 1
  • **Warning!** You're open to [SQL injection attacks](https://owasp.org/www-community/attacks/SQL_Injection)! Read [how to prevent SQL injection in PHP](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) by using prepared statements with bound parameters instead of injecting variables directly into your queries. It's not just about security. If your data contains, for example, a single quote `'`, your query will break. – M. Eriksson May 29 '22 at 12:00
  • When adding string values to a database, you need to quote them. So `VALUES ($name, ...` should be `VALUES ('$name', ...` and so on. However, that will be a non-issue when you rewrite the code to use prepared statements and placeholders as suggested above. You should also learn [how to debug mysqli](https://stackoverflow.com/questions/22662488/how-to-deal-with-mysqli-problems-mysqli-fetch-array-argument-1-must-be-of-t) – M. Eriksson May 29 '22 at 12:01

0 Answers0