0

I'm trying to insert several values into a database.

First I add these values to array (function/other code omitted):

$name = (isset($_POST['name']) ? ($_POST['name']) : "name");
$email = (isset($_POST['email']) ? ($_POST['email']) : "email"); 
$username = $mysqli->real_escape_string($_POST['username']);
$password = $mysqli->real_escape_string(md5($_POST['password']));

Like so:

$formvars = array();
array_push($formvars, $name, $email, $username, $password);

Then call function to insert:

    $sql = array(); 
        for ($i = 0; $i < count($formvars);$i++) {
            $sql[] = $formvars[$i];
        }

        print_r(implode(',', $sql));

        $qry = 'INSERT INTO chinesegame (name, email, username, password) VALUES '. implode(',' , $sql);

        if(!$mysqli->query($qry))
        {
            echo "Error inserting data to the table \nquery:$qry";
            return false;
        }        

    return true;

My DB structure is as such:

enter image description here

It's giving me an insert error:

Error inserting data to the table query:INSERT INTO chinesegame (name, email, username, password) Dan,[email protected],danman,827ccb0eea8a706c4c34a16891f84e7b

Can I not build an insert string like that?

Improve this question
3
  • Strings ought to be quoted in SQL context. Also have you considered bound parameters? Commented Jan 2, 2014 at 1:12
  • @mario I have trouble using those, so I went with real_escape_string. And can you elaborate on the string quotes in the SQL context Commented Jan 2, 2014 at 1:13
  • Yes, mysqli is pretty awkward to use correctly. Check out pdo_query(). Commented Jan 2, 2014 at 21:15

2 Answers 2

Reset to default
1

You forgot your "VALUES" keyword. and parenthesis help too. You also need all of the values to be in quotes, here is the correct version:

$qry = 'INSERT INTO chinesegame (name, email, username, password) VALUES ("'. implode('","' , $sql). '")';

Also, mysqli->query takes a connection variable first which has the connection information to the database, it should look like this:

$connection = mysqli_connect("localhost","my_user","my_password","my_db");
if(!$mysqli->query($connection, $qry))

Also, for the record, 

    $sql = array(); 
    for ($i = 0; $i < count($formvars);$i++) {
        $sql[] = $formvars[$i];
    }

could be replaced with 

$sql = $formvars;

there is no reason to loop through the whole thing getting them one at a time.

Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

Okay oops haha. So it's still producing the insert error even with the quotes fixed
Can you print $qry before it is run and paste it here?
Do I need to account for the autoincrement Primary key for the id? Also, print gives: INSERT INTO chinesegame (name, email, username, password) VALUES ("Dan","[email protected]","danman","827ccb0eea8a706c4c34a16891f84e7b")
print mysqli_error(); after you do the query in the if statement before you return. Copy that here.
The auto increment will work automatically, no worries there.
|
0

It looks like you're missing a few things in the insert statement:

$qry = 'INSERT INTO chinesegame (name, email, username, password) '. implode(',' , $sql);

Try changing the insert statement to something like:

$qry = 'INSERT INTO chinesegame (name, email, username, password) VALUES ('. implode(',' , $sql).')';
Improve this answer

1 Comment

The values need to be in quotes, I got you a correct version above.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.