0

i am sending data from iphone to server using php it is sending data from iphone but not inserting in mysql i am using following php code.

 <?php
  $con =     

  mysql_connect("surveyipad.db.6420177.hostedresource.com","tom","ben");
   if (!$con)
    {
   die('Could not connect: ' . mysql_error());
   }

   mysql_select_db("surveyipad", $con);



   $device_Id=$_POST['device_Id'];
   $R1=$_POST['R1'];
   $R2=$_POST['R2'];
   $R3=$_POST['R3'];
   $comment=$_POST['comment'];
   $update_date_time=$_POST['update_date_time'];

    $query=("INSERT INTO survey_responsese_pfizer (device_Id,R1,R2,R3,comment,update_date_time)

  VALUES ('$device_Id','$R1','$R2','$R3','$comment','$update_date_time')");

   mysql_query($query,$con);
   printf("Records inserted: %d\n", mysql_affected_rows());

    echo($device_Id)
   ?>
Improve this question
9
  • What debugging have you done? Wheres the ending semi-colon for echo($device_Id)? you also have sql-injection, you should escape inputs else adding ' to one of your parameters will break the query... Commented Jan 17, 2013 at 8:03
  • try printing out mysql_error(), to see if there was some sort of error and post it here Commented Jan 17, 2013 at 8:04
  • keep your strings outside of the quotes. Use sprintf for example. Also, be on your guard for user input, it may be false. Mysql_real_escape_string will be needed on your $_POST values and - as @zan said - go have a look at PDO. Sidenote: the use of die() is something not needed here, use propper error handling in stead Commented Jan 17, 2013 at 8:06
  • @Darvex Records inserted: -1 My Sql Error: 0 this is the result i am getting after printing Commented Jan 17, 2013 at 8:08
  • Hmmm...perhaps the value is getting inserted then? Did you check your db? Commented Jan 17, 2013 at 8:14

1 Answer 1

Reset to default
1

Ok one only learns by example, stop using the mysql_functions(), They are no longer maintained and are officially deprecated. And in PHP 5.6 they will most likely be removed, rendering you code broken.

Move over to PDO with prepared querys. A Port of your current code using PDO:

<?php
// SQL Config
$config['sql_host']='surveyipad.db.6420177.hostedresource.com';
$config['sql_db']  ='surveyipad';
$config['sql_user']='tom';
$config['sql_pass']='ben';

// SQL Connect
try {
        $db = new PDO("mysql:host=".$config['sql_host'].";dbname=".$config['sql_db'], $config['sql_user'], $config['sql_pass']);
        $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
        $db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
}catch (Exception $e){
        die('Cannot connect to mySQL server.');
}

// Check for POST, add isset($_POST['device_Id']) ect to add validations
if($_SERVER['REQUEST_METHOD']=='POST'){
   // Build your query with placeholders
   $sql = "INSERT INTO survey_responsese_pfizer 
                  (device_Id,R1,R2,R3,comment,update_date_time)
                   VALUES
                  (:device_Id, :R1, :R2, :R3, :comment, :update_date)";

    // Prepare it
    $statement = $db->prepare($sql);
    // Assign your vairables to the placeholders
    $statement->bindParam(':device_Id', $_POST['device_Id']);
    $statement->bindParam(':R1', $_POST['R1']);
    $statement->bindParam(':R2', $_POST['R2']);
    $statement->bindParam(':R3', $_POST['R3']);
    $statement->bindParam(':comment', $_POST['comment']);
    $statement->bindParam(':update_date', $_POST['update_date_time']);
    // Execute the query
    $statement->execute();

    echo htmlspecialchars($device_Id);
}
?>

Untested tho, hope it helps.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Why use die()? You catch an exception so why kill it? Otherwise, good answer! +1

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.