0

I am trying to enter the data that I get from the two variables stuname and book in the table's username and book columns !! I only want to enter data into those two columns since the id column is auto increment and the date is auto updated with time stamp!!! Each time I run my code I enter my data into the two text fields and when I press submit I get this message!!

Warning: mysqli_select_db() expects exactly 2 parameters, 1 given in C:\xampp\htdocs\assignment.php on line 35

Warning: mysqli_query() expects parameter 1 to be mysqli, string given in C:\xampp\htdocs\assignment.php on line 36

Here is my Code:

<?php

$servername = "localhost";
$Username = "root";
$Password = "admin";
$Dbname = "nfc";
$conn = mysqli_connect($servername, $Username, $Password, $Dbname);
if (mysqli_connect_errno())
{
 echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
echo "Connected successfully";
if(isset($_POST["stuname"])&&($_POST["book"]))
{
$stuname =  $_POST["stuname"];
$book =$_POST["bookname"]; 
$sql = "INSERT INTO library (id, username, book, date)
VALUES ('', '$stuname', '$book','')";

       mysqli_select_db($conn, 'nfc') or die(mysqli_error($con));
       $retval = mysqli_query( $sql, $conn );
       if(! $retval )
        {
            die('Could not enter data: ' . mysql_error());
        }


        else 
        {
            echo "Success";
        }

        echo " to stuname ". $stuname;
        echo " to book ". $book;
}
?>
<form id="form1" name="form1" method="post" action="#">
  <p>
    <label for="1">student name</label>
    <input type="text" name="stuname" id="1"  />
  </p>
  <p>
    <label for="12">book name</label>
    <input type="text" name="bookname" id="12" />
  </p>
  <input name="submit" type="submit" value="Submit" />

</form>
Improve this question
10
  • 1
    you interchanged ` mysqli_query( $sql, $conn );` the connection and the query string, and mixing old and new API mysql_error. and why not use prepared statements instead Commented Apr 7, 2015 at 16:01
  • You've got $sql and $conn in the wrong order. Commented Apr 7, 2015 at 16:01
  • Thanks it worked!! BUT now each time I type something in the textfields the submit button sends both the previous entries that are displayed with the echo statements and the new entries!! Long story short I end up entering again the previous values along with the new ones Commented Apr 7, 2015 at 16:09
  • Why do you have a empty id and empty date? I would assume id should be the primary key and thus never empty. Commented Apr 7, 2015 at 16:14
  • the id is auto increment and the date is updated on timestamp therefore I don't wish to enter something inside these columns!! Commented Apr 7, 2015 at 16:16

2 Answers 2

Reset to default
1

In the mysqli_query you should put the conn first and then the query itself

$retval = mysqli_query( $conn, $sql );
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

it worked!! BUT now each time I type something in the textfields the submit button sends both the previous entries that are displayed with the echo statements and the new entries!! Long story short I end up entering again the previous values along with the new ones
Is your id autoincrement?
and you also have an error in your isset. In the first isset in the line 13, it should be bookname and not book. this worked for me
1

The first problem was solved by @Ghost in the comments.

Now on to the rest of the problems:

1. Your database design is faulty

This should have failed immediately because you are inserting an empty value for id. id should be a primary key and therefore should be unique. An auto-increment doesn't work if you insert an empty value.

2. Your insert statement is faulty

You should exclude an auto-increment column in the INSERT statement and should not use an empty value for date. If date is a timestamp, you should either use NULL if the time is supposed to be empty or use NOW() to use the current timestamp.

3. You shouldn't be using insert on this page according to your comments.

You should be using UPDATE or REPLACE instead of INSERT if you are trying to update the existing row but you should be using the primary key to signify which row you are replacing. Right now, it looks like you don't have a primary key, so refer to my 1st point.

4. Security concerns: Your query is subject to SQL injections.

You use user input ($_POST) directly in a query. Any malicious user can take advantage of this and extract, delete, or manipulate data in your database. You should be using prepared statements, or at the very least escape functions.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.