0

I'm attempting to create a mysql table based on a variable from php but it fails without any explanation.

$name = mysql_real_escape_string($_POST['name']);
mysql_query("CREATE TABLE `".$name."` ( name VARCHAR(30), type VARCHAR(30), style VARCHAR(30))");

When I set $name = test; it then works but not with the variable fetching attached to it.

I've looked at this link among others and they all say it should work but from what I'm seeing it doesn't.

Update:

I've also tried the code below but that takes the page offline.

$variable=$_POST['name'];
mysqli_connect("localhost", "devices", "a") or die(mysql_error()); 
mysqli_select_db("devices") or die(mysqli_connect_error()); 
mysqli_query("CREATE TABLE $variable ( computer text, mac text, windows text)");

I'm running PHP version 5.5.36

Improve this question
8
  • 3
    1. Stop using mysql_ functions as they've been removed from PHP. 2. Are you sure your user in MySQL has permissions to do a CREATE statement? Commented Oct 13, 2016 at 18:28
  • 1
    There is no explanation because you have no code to show one. Look into the mysql_error function. Also you will be blasted with folks pointing out you use MySQL which is outdated and not MySQLI or PDO Commented Oct 13, 2016 at 18:30
  • The user has permissions to do a create statement. What would you suggest I use instead of mysql functions? Commented Oct 13, 2016 at 18:31
  • @Number1 The PHP Manual has suggestions Commented Oct 13, 2016 at 18:33
  • @DuaneLortie I believe the reason I can't use mysqli is that I'm running php 5.5.36 Commented Oct 13, 2016 at 18:56

2 Answers 2

Reset to default
1

You can use htmlspecialchars($_POST['name'],ENT_QUOTES); to clean the name.

Also you should be using PDO or MySQLi since MySQL is out dated and not supported anymore.

If you want to see the error use this:

mysql_query("CREATE TABLE `".$name."` ( name VARCHAR(30), type VARCHAR(30), style VARCHAR(30))");

echo mysql_errno() . ": " . mysql_error() . "\n";

Update:

MySQLi is available in PHP 5

if you plan on using MySQLi:

$mysqli = new mysqli("localhost", "my_user", "my_password", "world");

if ($mysqli->connect_errno) {
    echo("Connect failed: %s\n", $mysqli->connect_error);
    exit();
}

$variable=$_POST['name'];

if ($mysqli->query("CREATE TABLE $variable ( computer text, mac text, windows text)") === TRUE) {
    echo("Table successfully created.\n");
}
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Why use mysqli over PDO? PDO is better in almost every conceivable way. Also you don't want to take in an arbitrary $_POST variable and then jam it in your query. That's super risky.
@Lucas That doesn't seem to work. From what I can tell it has something todo with how the $variable is being added to the mysqli->query call. When I take out the $ and make it a standard word so to speak it works...
What error do you get back? if you dont get an error, build the query in a separate variable $sql = "CREATE TABLE $variable ( computer text, mac text, windows text)"; then echo it out. echo $sql; This will let us see what is being run the post it here for me to see. Without an error or at least the query its anyone's guess what is wrong here.
@LucasDesouza When using this code$sql = "CREATE TABLE ".$name." ( computer text, mac text, windows text)"; echo $sql;, I get an output of CREATE TABLE ( computer text, mac text, windows text) When I comment out this line echo("Connect failed: %s\n", $mysqli->connect_error); the colon from the line farther down shows up and nothing else. With the line enabled I get nothing.
0

I don't exactly understand 100% why but it all comes down to the line of code below.

$variable=$_POST['name'];

When I switched from TextWrangler over to NetBeans to help with syntax checking, I found I was getting the error Warning “Do not Access Superglobal $_POST Array Directly”

Whereby I changed over to using filtering and not directly accessing the $_POST array which solved the problem.

$variable=filter_input(INPUT_GET, 'name');

On another note, I did swap over to MySQLi as MySQL is outdated. Thanks Lucas Desouza.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.