2

Looks like I'm connecting to the server just fine. The problem seems to happen when it runs the query. It keeps saying

Error Querying Database

Here is my code:

 <?php
 $dbc = mysqli_connect('localhost', 'elvis_store')
      or die('Error connecting to MySQL server.');

 $first_name = $_POST['firstname'];
 $last_name = $_POST['lastname'];
 $email = $_POST['email'];

 $query = "INSERT INTO email_list (first_name, last_name, email)" .
      "VALUES ('$first_name', '$last_name', '$email')";
 mysqli_query($dbc, $query)
      or die('Error querying database.');

 echo 'Customer added.';

 mysqli_close($dbc);
 ?>
Improve this question

2 Answers 2

Reset to default
2

You are getting this error because in your MySQLi connection you only give a location and username. You do not give a database name to be used. if you have no password, you need to write your connection like this:

$dbc = mysqli_connect('localhost', 'elvis_store', NULL, 'dbName)

or

$dbc = mysqli_connect('localhost', 'dbUsername', NULL, 'elvis_store')

if "elvis_store" is the database name and not the username. Remember, a mysqli connection is: mysqli_connect(dbLocation, dbUsername, dbPassword, dbName).

Also, as Ed has pointed out in another answer, there is also a syntax error in your MySQL statement. Here is the snippet from Ed's answer:

$query = "INSERT INTO email_list (first_name, last_name, email) " . "VALUES ('$first_name', '$last_name', '$email')";
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Actually I have no user name or password. The 'elvis_store' is the database name.
@Duke In that case, you can put NULL (No quotes) in the username slot as well. The mysqi() constructor takes certain information in a certain order, so if you are going to skip something you have to use the NULL keyword.
I didn't down vote anything, actually I appreciate you guys help.
0

You have multiple problems.

Problem 1: Syntax error

Your query has a typo (a missing space). Your query code

$query = "INSERT INTO email_list (first_name, last_name, email)" .
 "VALUES ('$first_name', '$last_name', '$email')";

produces this query:

INSERT INTO email_list (first_name, last_name, email)VALUES ('$first_name', '$last_name', '$email')
--                                                   ^ syntax error, missing space

To fix it, change your code to this:

$query = "INSERT INTO email_list (first_name, last_name, email) " .
 "VALUES ('$first_name', '$last_name', '$email')";

At least for testing purposes, you probably should look at the output of mysqli_error() instead of using a generic message like Error querying database. Even in production, you'll want to trap and log the real error somehow.

Problem 2: You don't select a database

Edit: I missed this in my first glance at your question, but as Stephen Cioffi points out, you also need to select a database before running your query. You can do this with the schema parameter to mysqli_connect() or by using mysqli_db_select().

Both of these issues—the typo and the failure to select a database—will cause problems; you must fix both.

Problem 3: Huge SQL Injection Vulnerability

This is not strictly part of the answer, but it's important. You are wide open to SQL injection. You need to use prepared statements. Otherwise, you are going to get hacked. Imagine that the POSTed firstname is this:

', (SELECT CONCAT(username, ',', password) FROM users WHERE is_admin = 1), '[email protected]') --

Your query becomes (with some added formatting):

INSERT INTO email_list (first_name, last_name, email)
VALUES ('',
    (SELECT CONCAT(username, ',', password) FROM users WHERE is_admin = 1),
    '[email protected]'
) -- ', 'value of lastname', 'value of email')

Then, when you email your users, somebody's going to get an email with a recipient like

"Duke,mySup3rP@ssw0rd!" <[email protected]>

And... you're hosed.

(Hopefully, you're salting and hashing passwords, but still, this is disastrous.) You must use prepared statements.

Improve this answer

3 Comments

I have no username or passwords to use. 'elvis_store' is the name of the database.
@Duke Take a look at how to use the parameters for mysqli_connect(); they're specified here. You need to provide a host, user name, password, then database name, in that order. You can't just provide the host and then the database name. If you're really not going to use a user name or password (VERY unlikely), you're probably better off doing just mysqli_connect('localhost') and then mysqli_db_select('elvis_store') separately.
Thanks guys!!! I took your advice and added a user name and password via phpMyadmin. After I set that I modified the config file to match the password and user name, then went back to my php file and added the user name and password to mysqli_connect and now everything works. It added my contact to my email list. Thanks a lot!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.