PHP MySQL数据库

I very recently started learning php, and with the help of some examples I managed to make this code (mainly from W3Schools):

<?php
$con=mysqli_connect("Data Removed for Privacy");
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }

$sql= "INSERT INTO EventRecord (PlayerName, EventType, Value, Time)
VALUES
('$_Get[PlayerName]', '$_Get[Event]' ,'$_Get[Value]' ,'$_Get[Time]')";
if (!mysqli_query($con,$sql))
  {
  die('Error: ' . mysqli_error($con));
  }
echo "1 record added";
mysqli_close($con);
?>

However, when doing something like

http://example.com/MyData.php?PlayerName=Test2&EventType=Test&Value=Test&Time=500

It comes up in my database as all of the values being null.

Additional information: The table has 5 columns, the four noted above and EventId (primary index, auto-incrementing). Sorry if this is a stupid question or I did anything wrong.

$_GET is a superglobal array , it should be in block letters and not like $_get

Some disclaimers >>

  • Never visit www.w3schools.com for browsing resources. You can find the reason here.
  • Never pass foreign parameters like $_GET, $_POST directly into your query as it leads to SQL Injection. Switch to Prepared Statements such that escaping is automatically taken care of.

It's not

$_Get[PlayerName]

but

$_GET['PlayerName']

Otherwise you won't get the values. Note both the UPPERCASE GET and the single quotes around the name!

Besides that, (Edit, not W3C, but:) W3Schools is NOT a good place to start learning, there are other and better resources available. You should NEVER use the $_GET or $_POST variables straight in your query!!!

Try:

$PlayerName=$_GET["PlayerName"];
$Event=$_GET["Event"];
$Value=$_GET["Value"];
$Time=$_GET["Time"];

$sql= "INSERT INTO EventRecord (PlayerName, EventType, Value, Time)
VALUES
('$PlayerName', '$Event' ,'$Value' ,'$Time')";

The expressions like $_Get[PlayerName] should be $_GET['PlayerName']. Here's why:

  1. The variable you are trying to use is the reserved variable $_GET. But variable names are case-sensitive, which means that the variables $_Get and $_GET are not the same. So when you try to use $_Get, PHP complains about an "undefined variable".

  2. $_GET is an associative array, which maps integers or strings to values. In your case, it maps the string 'PlayerName' to a value, so you want to pass the string 'PlayerName' to the array index operator. However, the unquoted string PlayerName is interpreted as a constant. This constant is undefined, so PHP complains about an "undefined constant".