开发者

PHP MYSQL INSERT no longer works

问答 作者:

Since moving my script to another server I started getting the 开发者_JAVA百科following errors when I try to insert a record. How do I resolve this?

Warning: mysql_query() expects parameter 1 to be string, resource given in /home/aware/public_html/product_submit.php on line 58

Warning: mysql_query() expects parameter 1 to be string, resource given in /home/aware/public_html/product_submit.php on line 60

Warning: mysql_query() expects parameter 1 to be string, resource given in /home/aware/public_html/product_submit.php on line 61

Warning: mysql_query() expects parameter 1 to be string, resource given in /home/aware/public_html/product_submit.php on line 62

Warning: mysql_query() expects parameter 1 to be string, resource given in /home/aware/public_html/product_submit.php on line 63 product added

Here is the code:

<?php
  $page_title = "Aware | Product Submitted";
  include('includes/header.html');
  if (!empty($_POST['code'])) {
      $code = $_POST['code'];
  } else {
      $code = null;
      echo '<p><a href="product_create.php">Enter a product code</a>.</p>';
      exit;
  }
  if (!empty($_POST['pid'])) {
      $pid = $_POST['pid'];
  } else {
      $pid = null;
      echo 'Product ID is not defined.  All SKU information must be linked to a product.';
      exit;
  }
  if (!empty($_POST['sid'])) {
      $sid = $_POST['sid'];
  } else {
      $sid = null;
      echo 'SKU ID is not defined.  All SKU information must be linked to a product.';
      exit;
  }
  if (!empty($_POST['image'])) {
      $image_name = $_POST['image'];
  } else {
      $image_name = null;
      echo '<p>You need to upload a product image!</p>';
  }
  if (!empty($_POST['title'])) {
      $title = $_POST['title'];
  } else {
      $title = null;
      echo '<p>You must enter a product title!</p>';
  }
  if (!empty($_POST['description'])) {
      $description = $_POST['description'];
  } else {
      $description = null;
      echo '<p>You must enter a product description!</p>';
  }
  $material = $_POST['material'];
  $type = $_POST['type'];
  $color = $_POST['color'];
  $image_name = $_POST['image'];
  $bulk = $_POST['bulk'];
  $stock = $_POST['stock'];

  // Connect to the db.
  require_once('mysqli_connect.php');
  // Make the query:
  $product = "INSERT INTO product (code, title, description, image_name, bulk) VALUES ('$code', '$title', '$description', '$image_name', '$bulk')";
  $sku = "INSERT INTO sku (product_idproduct, stock) VALUES ('$pid', '$stock')";
  $material = "INSERT INTO amaterial (sku_idsku, material) VALUES ('$sid', '$material')";
  $type = "INSERT INTO atype (sku_idsku, type) VALUES ('$sid', '$type')";
  $color = "INSERT INTO amcolor (sku_idsku, color) VALUES ('$sid', '$color')";
  $p = mysqli_query($dbc, $product);
  // Run the query.
  $s = mysqli_query($dbc, $sku);
  $m = mysqli_query($dbc, $material);
  $t = mysqli_query($dbc, $type);
  $c = mysqli_query($dbc, $color);
  if ($code && $pid && $title && $description) {
      echo "product added";
 } else {
      // Missing form value.
      echo '<p>Please go back and fill out the form again.</p>';
      exit;
  }
  include('includes/footer.html');
?>

your code looks like this:

$p = mysqli_query($dbc, $product);
$s = mysqli_query($dbc, $sku);
$m = mysqli_query($dbc, $material);
$t = mysqli_query($dbc, $type);
$c = mysqli_query($dbc, $color);

However, this isn't the code which is complaining -- the error states it's a problem with mysql_query, not mysqli_query which is in your code.

My hunch is that you're looking a different version of your code to that which is actually running -- ie you think you're using mysqli_query in your code, but the actual code on the server has mysql_query.

These two functions, apart from being easily confused due to just having one character apart in their function name, require a different set of parameters. If your code is using mysqli_query, then it is correct, but if you've dropped the 'i' and you're acutally using mysql_query, then the error makes sense, because mysql_query expects the query string to be the first parameter.

It is generally a bad idea to mix and match between these two - you should either use the mysql_xx functions or mysqli_xx, but not both. Make sure you code is consistent and only uses one one or the other.

I'd also echo @eykanal's comment about your code being vulnerable to SQL injection attacks. You should ensure that all the variables in your query strings are properly escaped.

The parameter order is correct for mysqli_query. However the error message shows 'mysql_query' (without the i). You may wanna look into that first.

继续阅读:insertphp

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9