There are two requests in the php script:

$qe = mysql_query("INSERT INTO baob (arm,detk,ib) VALUES('$did',1,'$da')"); $qey= mysql_query("INSERT INTO baob (arm,detk,ib) VALUES('$arm',2,'$da')");

The first is executed, the second is not.

If the first request is commented out, the second one is executed. How to make both requests execute?

  • And any errors writes? - Ep1demic
  • no, no messages at all. All data is displayed on the screen. - Paul
  • But does the restriction work? let's say the uniqueness of the field ib ... - Akina
  • Add after each line echo mysql_error(); and see what he writes. Well, yes, forget about the mysql extension and use mysqli or PDO - rjhdby
  • Maybe so? $ qe = mysql_query ("INSERT INTO baob (arm, detk, ib) VALUES ('$ did', 1, '$ da'), ('$ arm', 2, '$ da')"); - insun

2 answers 2

It is necessary to see if there are any errors when the query is executed by the mysql_error () function:

 $did = "str1"; $da = "str2"; $arm = "str3"; $q1 = mysql_query("INSERT INTO baob (arm,detk,ib) VALUES('$did',1,'$da')"); echo "Error query1: ".mysql_error()."; "; $q2= mysql_query("INSERT INTO baob (arm,detk,ib) VALUES('$arm',2,'$da')"); echo "Error query2: ".mysql_error().". ";

PS And yes, as mentioned above - do not use the mysql_ functions, you must use mysqli_ instead!

    Try using the mysqli class to work with the database.

    I will give the code in object-oriented style. It is also possible to use the same code in a procedural style.

    Example:

     $connect = new mysqli(host,login,pass,db); $connect->query("INSERT INTO baob (arm,detk,ib) VALUES ('$did',1,'$da'), ('$arm',2,'$da');"); $connect->close();

    Before that, variables

    $ did, $ da, $ arm

    should be escaped: either by the htmlspecialchars () method, if there will be html markup passed there or so, if just the values ​​are passed:

     $сonnect->real_escape_string($did); $сonnect->real_escape_string($da); $сonnect->real_escape_string($arm);

    if you want to escape the usual values. This will avoid problems with sql injections . But even this will not always save. Described in more detail here .

     //Второй вариант: $connect = new mysqli(host,login,pass,db); $connect->query("INSERT INTO baob (arm,detk,ib) VALUES('$did',1,'$da')"); $connect->query("INSERT INTO baob (arm,detk,ib) VALUES('$arm',2,'$da')"); $connect->close();

    Or using prepared queries:

     $connect = new mysqli(host,login,pass,db); $stmt = $connect->prepare("INSERT INTO baob (arm,detk,ib) VALUES (?,1,?), (?,2,?);"; $stmt->bind_param('ssss',$did,$da,$arm,$da); $stmt->execute(); $stmt->close(); $connect->close();

    Used methods: prepare () , bind_param () ;

    UPD . Added tips for using the first version of the work and a link to additional material.

    • four
      I would remove the first part of the answer altogether. 80% of all hacking sites due to the substitution of variables directly into the text. no need to teach people to do that. let them use the bound variables right away. - Mike