0

I am trying to insert data into two different tables in the same database, if I try to insert it into one database, it works, however, once I insert the second query into my code ($desc_query) it won't update any table.

Here is my code:

    $name= strip_tags($_POST['name']);
    $l_name= strip_tags($_POST['last_name']);

    $c_id = strip_tags($_POST['company_id']);
    $a_d = strip_tags($_POST['add_description']);
    $d_t = strip_tags($_POST['desc_text']);

$connect = mysql_connect('localhost','id','pass') or die ("couldn't connect!"); 

mysql_select_db('database_db') or die('could not connect to database!');   

//inserting names

$job_query=mysql_query("INSERT INTO names VALUES ('', '$name', '$l_name')");

    //inserting a new description if needed. (this is the part that ruins everything)
if($a_d == 'true'){
    $desc_query=mysql_query("INSERT INTO descriptions VALUES ('','$c_id','$d_t')");
}
Improve this question
6
  • 1
    your code is very incomplete, where do all the variables com from? Commented Apr 20, 2012 at 21:51
  • 1
    try to use var_dump and see the value of $a_d Commented Apr 20, 2012 at 21:51
  • @zolex- i guess, there is some error with the value contained in the variable of if condition. Commented Apr 20, 2012 at 21:52
  • The values doesn't really matter.... anyways, i will upload where i get them from, most of them are from $_POST Commented Apr 20, 2012 at 21:52
  • try something like die(mysql_error()); after the first and then second query and see the output; if it's not empty there's an error with your sql, maybe your values are not escaped or something... Commented Apr 20, 2012 at 21:56

2 Answers 2

Reset to default
1

You might be having an issue where some characters (like ' and ") are breaking the SQL query (not to mention opening your application up for SQL injection attacks).

I would recommend sanitizing all user provided data like so:

$name = mysql_real_escape_string(strip_tags($_POST['name']), $connect);
$l_name = mysql_real_escape_string(strip_tags($_POST['last_name']), $connect);
...
$d_t = mysql_real_escape_string(strip_tags($_POST['desc_text']), $connect);

Always operate under the assumption that the user is going to enter something outlandish or malicious that may (or may not) break your SQL.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Have you tried to echo out the queries and then to run them directly on the database?

Without any more information about the database we can't really tell if the queries themselves are valid.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.