Home/ Questions/Q 7309169
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-29T00:04:04+00:00

Something went wrong with my code. The insert code does not work. Can someone

  • 0

Something went wrong with my code. The insert code does not work. Can someone tell me what went wrong? The code is supposed to insert the person fbid name and email to my database when the users click a button, however nothing appears in my database.

<?php
header('P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"');
include_once 'mysqli.connect.php';
include_once 'fbmain.php';

if($me){
    $fbid= $facebook->api('/me');
    $fbme = $fbid['id'];
    $fbName = $fbid['name'] ;  
    $fbEmail = $fbid['email'];
}
if (isset($_POST['submit']) ){
    mysqli_query("INSERT members SET fbId='$fbme',name='$fbName', email ='$fbEmail'" );
}
?>
<html>
<form action="" method="post">
    <input type="image" src="../images/buy.png" name="submit" width="60"height="30" />
</form>
</html>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You should really check for errors to find out what is going on if something doesn’t work (as expected).

    That being said:

    mysqli_query takes 2 required parameter, link and query, but you only supplied the query.

    Another thing: even if you would have done that your query still is invalid. It should be:

    "INSERT INTO members (fbId, name, email) values ('$fbme', '$fbName', '$fbEmail')"

    Also note that you check for the variable $me (which as you stated is coming from FaceBook). So my question is what will happen when FB is down or whatever and you try to submit the form? You will still try to run the query even though the required info isn’t there.

    So what I would do is the folllowing:

    $link = mysqli_connect("localhost", "my_user", "my_password", "dbname");

if($me){
    $fbid= $facebook->api('/me');
    $fbme = $fbid['id'];
    $fbName = $fbid['name'] ;  
    $fbEmail = $fbid['email'];

    if (isset($_POST['submit'])) {
        mysqli_query($link, "INSERT INTO members (fbId, name, email) values ('$fbme', '$fbName', '$fbEmail')") or die(mysql_error());
    }
}

    As an alternative you could also use prepared statements. One of the benefits of using prepared statements is that it prevents most SQLinjection vulnerabilities. Using prepared statements would look something like this:

    /* Prepare a statement */
$stmt = mysqli->prepare("INSERT INTO table (col1, col2 ...) VALUES (?, ? ...) WHERE uID=?");

/* Bind parameters */
$stmt->bind_param('is', $a, $b ...);  // <-- i=int, s=string, etc. etc.

/* Set parameters */    
$a = $fbMe;
$b = $fbName;
...                // <-- etc. etc.

/* Execute your statement */
$stmt->execute();
    • 0