php - Insert into table doesnt work -
i have code, cant insert thing in sql table? echoing out part works fine..
/* have succesfully resized , created thumbnail image can output image user's browser or store info in database */ $s_id = $_get['id']; $conn = mysqli_connect('localhost', 'user', 'pass', 'table'); $query = "insert table ( sp_s-id, sp_thump, sp_orig ) values ( '$s_id', '$thumb_save_folder', '$image_save_folder' )"; //added $conn variable in order connect our database. mysqli_query($conn, $query); mysqli_close($conn); echo '<div align="center">'; echo '<img src="uploads/'.$thumb_prefix . $new_file_name.'" >alt="thumbnail">'; echo '<br />'; echo '<img src="uploads/'. $new_file_name.'" alt="resized image">'; echo $s_id; echo '</div>'; imagedestroy($image_res); //freeup memory
replace this:
$query = "insert table ( sp_s-id, sp_thump, sp_orig ) values ( '$s_id', '$thumb_save_folder', '$image_save_folder' )"; with this:
$query = "insert `table` ( `sp_s-id`, `sp_thump`, `sp_orig` ) values ( '$s_id', '$thumb_save_folder', '$image_save_folder' )"; sql server (as php or other languages) can't handle column/table/variable names minus (-) in it, you'd need set them quotes/ticks. it's highly recommendable though follow rule [_a-za-z][0-9_a-za-z]* column/table/variable names (meaning numbers, characters (a-z) , underscores, not starting number).
also, should validate or type cast user input, (validate):
$s_id = $_get['id']; if (!is_numeric($s_id)) { // invalid input / possible hacking attempt? } or (type cast):
$s_id = (int) $_get['id']; php mysqli insert
No comments:
Post a Comment