I am New in PHP , I am trying to insert paragraph in database by php
my code
<html>
<body>
<?php
include("config.php");
$sql= mysql_qurey("INSERT into paragraph (event_head_1, event_1) VALUES
('$_POST[event]', '$_POST[description]' ");
if (!mysqli_query($sql))
{
die('Error: ' . mysqli_error($con));
}
else echo "1 record added";
?>
<table align="left">
<tr>
<td colspan="3"><strong>Paragraph </strong></td><br>
<td>
</td>
</tr>
<td>Event</td>
<td>:</td>
<td><input name="event" name="event" type="text" id="event"></td><br>
</tr>
<tr>
<td>Description</td>
<td>:</td>
<td><textarea name="description" value="description" name="description"></textarea></td>
<td>
</td>
<tr>
<td><input type="submit" name="Submit" value="Submit"></td>
</tr>
</table>
</td>
</form>
</body>
</html>
i get error after this program
error
Fatal error: Call to undefined function mysql_qurey() in C:\xampp\htdocs\SRK\admin\admin.php on line 6
please give me some suggestion
You're also missing an opening <form> tag and executing mysqli_query twice and having name="description" and name="event" twice.
Assuming you are using mysqli_* based functions for your DB connection, since you are using it in if (!mysqli_query($sql)).
You're (kind of) mixing your SQL API's mysqli_* and mysql_*
From what I could tell by your wanting to use mysql_qurey
Which is a spelling mistake which should read as mysql_query if anything.
Use mysqli_query.
However, doing it this way is leaving you open to SQL injection.
<html>
<body>
<?php
include("config.php");
if(isset($_POST['Submit'])){
$sql= "INSERT into paragraph (event_head_1, event_1) VALUES
('$_POST[event]', '$_POST[description]'");
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
else { echo "1 record added"; }
}
?>
<form action="" method="post">
<table align="left">
<tr>
<td colspan="3"><strong>Paragraph </strong></td><br>
<td>
</td>
</tr>
<td>Event</td>
<td>:</td>
<td><input name="event" type="text" id="event"></td><br>
</tr>
<tr>
<td>Description</td>
<td>:</td>
<td><textarea value="description" name="description"></textarea></td>
<td>
</td>
<tr>
<td><input type="submit" name="Submit" value="Submit"></td>
</tr>
</table>
</td>
</form>
</body>
</html>
Sidenote: Your present code is open to SQL injection. Use prepared statements, or PDO
You are missing the closing bracket in your statement:
$sql="INSERT into paragraph (event_head_1, event_1) VALUES
('$_POST[event]', '$_POST[description]') ";
^ that one.
Also, it's really bad form to pass POST values directly to a database, you should look into SQL Injection and correct this a bit though - but that is a very long-winded story to get into.
You also seem to have some mixup between the various mysql_ and mysqli_ functions.
You have lot of problems on your code..
mysql_querynot mysql_qurey()mysql_* and mysqli_* functionsmysql_query , you are running the query twice.This (mysql_*) extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the Prepared Statements of MySQLi or PDO_MySQL extensions should be used to ward off SQL Injection attacks !
Try this one
<!DOCTYPE html>
<html>
<body>
<?php
include("config.php");
if (isset($_POST["submit"])
{
$event=$_POST['event'];
$desc=$_POST['description'];
$sql= mysql_qurey("INSERT into paragraph (event_head_1, event_1) VALUES
('$event', '$desc' ") or die ("cannot insert".mysql_error());
if ($sql)
{
echo "1 record added";
}
}
?>
<form action="" method="post">
<table align="left">
<tr>
<td colspan="3">
<strong>Paragraph </strong>
</td>
</tr>
<td>Event</td>
<td>:</td>
<td><input name="event" name="event" type="text" id="event"></td><br>
</tr>
<tr>
<td>Description</td>
<td>:</td>
<td>
<textarea name="description" value="description" name="description"></textarea> </td>
<tr>
<td colspan="3"><input type="submit" name="submit" value="Submit"></td>
</tr>
</table>
</form>
</body>
</html>