//How can the following code be amended so that the values inserted into my form can be inserted into my mysql database? I can connect to my database just fine, my database is called images and the table is called persons.
//This is my insert.php file
<?php
$con=mysqli_connect("localhost","root","anble","images");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
// escape variables for security
$FirstName = mysqli_real_escape_string($_POST["FirstName"]);
$LastName = mysqli_real_escape_string($_POST["LastName"]);
$Age = mysqli_real_escape_string($_POST['Age']);
$sql="INSERT INTO Persons (Name, LastName, Age);
VALUES ($FirstName, $LastName, $Age)";
if (!mysqli_query($con,$sql))
{
die('Error: ' . mysqli_error($con));
}
echo "1 record added";
mysqli_close($con);
?>
// This is my form file
<html>
<body>
<form action="insert.php" method="post">
Firstname: <input name="FirstName" type="text" value="FirstName">
Lastname: <input name="LastName" type="text" value="LastName">
Age: <input name="Age" type="text" value="Age">
<input type="submit">
</form>
</body>
</html>
// This is the error
Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in C:\xampp \htdocs\check_php\insert.php on line 10
Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in C:\xampp\htdocs\check_php\insert.php on line 11
Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in C:\xampp\htdocs\check_php\insert.php on line 12
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '; VALUES (, , )' at line 1
cahnge :
// escape variables for security
$FirstName = mysqli_real_escape_string($_POST["FirstName"]);
$LastName = mysqli_real_escape_string($_POST["LastName"]);
$Age = mysqli_real_escape_string($_POST['Age']);
to:
// escape variables for security
$FirstName = mysqli_real_escape_string($con,$_POST["FirstName"]);
$LastName = mysqli_real_escape_string($con,,$_POST["LastName"]);
$Age = mysqli_real_escape_string($con,$_POST['Age']);
mysqli_real_escape_string() need two parameters to pass
1)connection
2)escapestring
you have passed only escapestring, you need provide link identifier in mysqli_real_escape_string().
you also need to add quotes in string variable inside query. Change:
$sql="INSERT INTO Persons (Name, LastName, Age);
VALUES ($FirstName, $LastName, $Age)";
to:
$sql="INSERT INTO Persons (Name, LastName, Age)
VALUES ('$FirstName', '$LastName', '$Age')";
Change this:
1) mysqli_real_escape_string() expects 2 required parameters.
2) $Firstname and $Lastname are string variables. They should be enclosed in single quotes ' when used in queries.
$FirstName = mysqli_real_escape_string($con, $_POST["FirstName"]);
$LastName = mysqli_real_escape_string($con, $_POST["LastName"]);
$Age = mysqli_real_escape_string($con, $_POST['Age']);
$sql="INSERT INTO Persons (Name, LastName, Age);
VALUES ('$FirstName', '$LastName', $Age)";