Home/ Questions/Q 7877749
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-03T03:27:47+00:00

Hey I am new to PHp and I am trying to enter details into

  • 0

Hey I am new to PHp and I am trying to enter details into my database. I am trying to enter an eventname- which the user enters (POST) and the username of the logged in user.

I have created sessions to store users usernames, the code i have is 

$eventname=$_POST['eventname'];
$myusername = $_SESSION['myusername']

$sql = mysql_query("INSERT INTO $tbl_nameVALUES('','$eventname','$_SESSION['myusername'])");

echo "You have been added to the event";

Its the $sql statement which is giving the error? any help would be much appreciated.

Thanks all!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    There are several potential problems here.

    First, you have not escaped eventname against SQL injection. We assume hopefully that myusername is already safe. If it has not been previously filtered, also use mysql_real_escape_string() on $_SESSION['myusername'].

    $eventname = mysql_real_escape_string($_POST['eventname']);

// Then you need space before VALUES and are missing a closing quote on $_SESSION['myusername'], which should be in {}
$sql = mysql_query("INSERT INTO $tbl_name VALUES('','$eventname','{$_SESSION['myusername']}')");

    Finally, in order for the statement to work, it assumes you have exactly three columns in $tbl_name. You should be explicit about the columns used. Substitute the correct column names for colname1, event_name, username.

    $sql = mysql_query("INSERT INTO $tbl_name (colname1, event_name, username) VALUES('','$eventname','{$_SESSION['myusername']}')");

    The exact locations of SQL syntax errors will be revealed to you with some basic error checking via mysql_error().

    $sql = mysql_query(<your insert statement>);
if (!$sql) {
  echo mysql_error();
}
    • 0