0 
<?php
include("db.php");
$name=$_REQUEST['name'];
$mail=$_REQUEST['email'];
$yname=$_REQUEST['yname'];
$result=mysql_query("SELECT * FROM information WHERE uname = '$name' ");

if (mysql_num_rows($result) == 0) {

    $query=mysql_query("INSERT into noresult (Serial,searchname,yourname,email)
        VALUES ('',$name','$yname','$mail')");
    if ($query){
        header('Location:nullresult.php');
    }
    else{
        echo "Query failure";
    }

}

?>

This returns 'Query Failure'. It was working sometime back with table name 'seeker'. Then I dropped it and created a new table 'noresult' as the previous one was a bit messed up. Suddenly the query fails.

Note: seeker and noresult have same columns.

Improve this question
3
  • By building SQL statements with outside variables, you are leaving yourself open to SQL injection attacks. Also, any input data with single quotes in it, like a name of "O'Malley", will blow up your SQL query. Please learn about using parametrized queries, preferably with the PDO module, to protect your web app. This question has many examples in detail. You can also see bobby-tables.com/php for alternatives and explanation of the danger. Commented Apr 17, 2014 at 17:39
  • 1
    Thanks. Didn't know about these. As a beginner my primary goal was to see whether I could implement certain things. Will take care of the issues next time. Commented Apr 17, 2014 at 18:30
  • The other big benefit of using prepared statements is that you don't run into the quoting problems that you ran into above. Commented Apr 17, 2014 at 18:31

2 Answers 2

Reset to default
2

You're missing a single quote in your query:

$query=mysql_query("INSERT into noresult (Serial,searchname,yourname,email)
    VALUES ('','$name','$yname','$mail')");
      there----^
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

I'd double check the casing of Serial vs. serial, too, if this doesn't solve it for you right away. +1
From the MySQL documentation: "Column and index names are not case sensitive on any platform, nor are column aliases." However, table names are case-sensitive on certain platforms, so you may want to check noresult.
There is no issue of casing. I tried with both serial and Serial.
0

Try this updated query-

$query=mysql_query("INSERT into noresult (Serial,searchname,yourname,email)
        VALUES ('','".$name."','".$yname."','".$mail."')");

also check all column name from table noresult.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.