I have yet to find the mistake i make in my coding. I try inserting a data and the code shows no error and when i want to view data it display a blank data like this for example. How do I fix this?
<?php
$connect = mysql_connect('localhost','root','');
$database = mysql_select_db('songdb');
$title = $_POST['title'];
$artist = $_POST['artist'];
$genre = $_POST['genre'];
$language = $_POST['language'];
$lyrics = $_POST['lyrics'];
$insert = "INSERT INTO `songs`(`title`,`artist`,`genre`,`language`,`lyrics`) VALUES('$title','$artist','$genre','$language','$lyrics')";
if(!mysql_query($insert)) {
echo "Error." .mysql_error();
} else {
header("Location: insert.php?msg=1");
}
?>
First of all you have to use mysqli extension. Because mysql extension is deprecated and then you have to use prepared statements for preventing from sql injection.
$connect = mysqli_connect('localhost','root','');
mysqli_select_db($connect,'songdb');
$title = $_POST['title'];
$artist = $_POST['artist'];
$genre = $_POST['genre'];
$language = $_POST['language'];
$lyrics = $_POST['lyrics'];
//Preapared statement for inserting
$insert = mysqli_prepare("INSERT INTO songs(title,artist,genre,language,lyrics) VALUES(?,?,?,?,?)");
mysqli_stmt_bind_param($insert,'sssss', $title,$artist,$genre,$language,$lyrics);
if(!mysqli_stmt_execute($insert)){
echo "Error." .mysqli_error();
}
else { header("Location: insert.php?msg=1"); } ?>
For more see here http://php.net/manual/en/mysqli.prepare.php