Page 1 of 1

Need helps

Posted: Mon Aug 19, 2013 8:42 am
by xbear1982
Hi Guys
I am new to study on php, I need to ask any one please give me some advise in the following code

Code: Select all

<?php
$con=mysqli_connect("localhost","root","01959719","aqurium");
// Check connection
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }


$ID=$_POST['ID']; 
 $FirstName=$_POST['FirstName']; 
 
 mysql_select_db("aqurium") or die(mysql_error()); 
 mysql_query("INSERT INTO `employee` VALUES ('$ID', '$FirstName')"); 


if (!mysqli_query($con,$sql))
  {
  die('Error: ' . mysqli_error($con));
  }
echo "1 record added";

mysqli_close($con);
?> 
it come up with this error:
Error: Column count doesn't match value count at row 1

Re: Need helps

Posted: Mon Aug 19, 2013 8:54 am
by Celauran
You've got a mix of mysql_ and mysqli_ in there. mysql_ has been deprecated; don't use it. You're passing unescaped data directly into your query. This is not safe at all. Sanitize your inputs or, better, make use of prepared statements. Finally, you've specified the values but not the columns. If you have more than just those two columns in your database table, MySQL won't know what goes where and will complain.

Try something like this:

Code: Select all

<?php

$sql = new PDO('mysql:host=localhost;dbname=aqurium', 'username', 'password');

if (!empty($_POST)) {
	$query = "INSERT INTO `employee` (`ID`, `First_Name`) VALUES (:id, :first_name)";
	$stmt = $sql->prepare($query);
	$stmt->execute(array(':id' => $_POST['ID'], ':first_name' => $_POST['FirstName']));
}

Re: Need helps

Posted: Mon Aug 19, 2013 5:47 pm
by xbear1982
Thank you very much, I will tried it out.

Re: Need helps

Posted: Thu Aug 22, 2013 2:35 am
by akhilesh1010
Remove single quote from variables in query then try .

Re: Need helps

Posted: Thu Aug 22, 2013 2:51 am
by requinix
akhilesh1010 wrote:Remove single quote from variables in query then try .
The quotes are necessary.