Hey Im making an online store and cant figure out the section on inserting data into a table (in this case its inserting customer details into a customer table). Its the VALUES line that is displaying the error: mysql_query() expects parameter 1 to be string, resource given. I have looked at other similiar problems on this but havent been able to solve the issue

Any HELP would be greatly appreciated??

/*** 4. trying to insert the data from into table, the result of query are returned in a variable $insertedData

$insertedData = mysql_query($serverConnection, "INSERT INTO customertable(CustomerID, FirstName, SurName, Address, PhoneNum, Email, PurchaseProduct)

VALUES('$_POST[Customer_ID]', '$_POST[First_Post]', '$_POST[Sur_Name]', '$_POST[Cus_Address]', '$_POST[Phone_Num]', '$_POST[Cus_Email]' '$_POST[Product_Purchase]')");

if($insertedData) // If data insertion was successful
echo "<br> Data Insertion Success";
else // If data insertion was unsuccessful
echo "<br> Data Insertion Unsuccessful!";

The error is in the paramaters of the mysql_query function. The first parameter should be the query (string type), and the second (optional) parameter is the link (of type resource type). You have wrong sequence ot these parameters.

And the mantra: ditch the deprecated mysql_* functions and replace them with the new PDO or at least mysqli_* functions.

Thanks for your reply. ill look into the mysqli functions but could you be a bit more specific in relation to the parameters been in the wrong sequence as struggling to understand that point (new to php)

$insertedData = mysql_query("INSERT INTO customertable(CustomerID, FirstName, SurName, Address, PhoneNum, Email, PurchaseProduct) VALUES('$_POST[Customer_ID]', '$_POST[First_Post]', '$_POST[Sur_Name]', '$_POST[Cus_Address]', '$_POST[Phone_Num]', '$_POST[Cus_Email]' '$_POST[Product_Purchase]')",$serverConnection);

"deprecated" : will stop working in the near future

Iv tried using that code before and again now but still wont allow me to insert data into my database from the php side of things. could it be an error on the phymyadmin side of things that would prevent it? i have checked the connection and does say it is running correctly

Try this

<?php 

$customer_id = $_POST[Customer_ID];
$first_post =  $_POST[First_Post];
$sur_name =  $_POST[Sur_Name];
$cus_address =  $_POST[Cus_Address];
$Phone_Num = $_POST[Phone_Num];
$cus_email = $_POST[Cus_Email]; 
$Product_Purchase = $_POST[Product_Purchase];

//Print the Code so you can notice any error in the fields you insert 
echo $sql_query = "INSERT INTO customertable( `CustomerID`, `FirstName`, `SurName`, `Address`, `PhoneNum`, `Email`, `PurchaseProduct`) VALUES('$customer_id', '$first_post', '$sur_name','$cus_address', '$Phone_Num','$Cus_Email','$Product_Purchase') ");
//Insert Code
$insertedData = mysql_query($sql_query);


 ?>

It would be much easier to use the PDO class for MySQL queries.
Also, try to make a rule for your case typing on your Variables.

Try this, first create your PDO server connection as $connection

$customer_id = $_POST[Customer_ID];
$first_post = $_POST[First_Post];
$sur_name = $_POST[Sur_Name];
$cus_address = $_POST[Cus_Address];
$phone_num = $_POST[Phone_Num];
$cus_email = $_POST[Cus_Email];
$product_purchase = $_POST[Product_Purchase];

$sql = 'INSERT INTO customertable( `CustomerID`, `FirstName`, `SurName`, `Address`, `PhoneNum`, `Email`, `PurchaseProduct`) VALUES(:customer_id, :first_post, :sur_name, :cus_address, :phone_num, :cus_email, :product_purchase)';

$query = $connection->prepare($sql);
$query->execute(array(
    ':customer_id'      =>  $customer_id,
    ':first_post'       =>  $first_post,
    ':sur_name'         =>  $sur_name,
    ':cus_address'      =>  $cus_address,
    ':phone_num'        =>  $phone_num,
    ':cus_email'        =>  $cus_email,
    ':product_purchase' =>  $product_purchase,
));
commented: This i the way to go +11

Joshuajames pointed out another error in your query which is you cant use array elements in the string the way you did. The correct way of using compound variables in a double quoted string would be using curly braces:

$insertedData = mysql_query($serverConnection, "INSERT INTO customertable(CustomerID, FirstName, SurName, Address, PhoneNum, Email, PurchaseProduct)
VALUES('{$_POST['Customer_ID']}', '{$_POST['First_Post']}', '{$_POST['Sur_Name']}', '{$_POST['Cus_Address']}', '{$_POST'[Phone_Num']}', '{$_POST['Cus_Email']}' '{$_POST['Product_Purchase']}')");

But Joshuajames's solution is cleaner. I would add to it two things:

  • clean/sanitize the variables comming from a user
  • do not use deprecated mysql_* functions, switch to newer and safer PDO or at least mysqli_*.

Example of sanitizing (in practice it depends on value):

$customer_id = mysql_real_escape_string($_POST[Customer_ID]);
$first_post =  mysql_real_escape_string($_POST[First_Post]);
$sur_name =  mysql_real_escape_string($_POST[Sur_Name]);
$cus_address =  mysql_real_escape_string($_POST[Cus_Address]);
$Phone_Num = mysql_real_escape_string($_POST[Phone_Num]);
$cus_email = mysql_real_escape_string($_POST[Cus_Email]); 
$Product_Purchase = mysql_real_escape_string($_POST[Product_Purchase]);

EDIT: take also a look at Szabi's post above since this is the way to go.

Hey appreciate all your help! got it working but ran into another issue.

I have an orderspage.php and I want to insert data into the database from this page using the code on another page (index.php) but it only works if I use the index.php directly. Is there any way to rectify this? I have tried having the same code on both pages and also tried the action="index.php" (see below in orderspage.php) but neither of these have worked. Am I missing something? Thanks again!!

P.s(I would use other than mysql but the course requires us to this one only)

code in orderspage.php

<h2><i>PLEASE FILL IN YOUR DETAILS TO COMPLETE YOUR ORDER</i></h2>
<form method="post" action="index.php" enctype="multipart/form-data">
First name:<br>
<input type="text" name="First_Name">
<br>
Last name:<br>
<input type="text" name="Sur_Name">
<br>
Address:<br>
<input type="text" name="Cus_Address">
<br>
Email:<br>
<input type="text" name="Cus_Email">
<br>
Phone:<br>
<input type="text" name="Phone_Num">
<br><br>
<input type="submit" value="Submit">
</form>

code in index.php

        echo "INSERT INTO customertable(CustomerID, FirstName, SurName, Address, PhoneNum, Email, PurchaseProduct) VALUES( NULL, '$_POST[First_Name]', '$_POST[Sur_Name]', '$_POST[Cus_Address]', '$_POST[Phone_Num]', '$_POST[Cus_Email]', '3')";

    $insertedData = mysql_query($serverConnection,"INSERT INTO customertable(CustomerId,FirstName, SurName, Address, PhoneNum, Email, ProductPurchase) VALUES( 'NULL', '$_POST[First_Name]', '$_POST[Sur_Name]', '$_POST[Cus_Address]', '$_POST[Phone_Num]', '$_POST[Cus_Email]', '3')" );

            if($insertedData) // If data insertion was successful
                echo "<br> Data Insertion Success";
            else // If data insertion was unsuccessful
                echo "<br> Data Insertion Unsuccessful!";

I would do it like this, create an invisible isPosted value and check if on the index.php it's set with isset($_POST['isPosted'])

    <h2><i>PLEASE FILL IN YOUR DETAILS TO COMPLETE YOUR ORDER</i></h2>
    <form method="post" action="index.php" enctype="multipart/form-data">
    First name:<br>
    <input type="text" name="First_Name">
    <br>
    Last name:<br>
    <input type="text" name="Sur_Name">
    <br>
    Address:<br>
    <input type="text" name="Cus_Address">
    <br>
    Email:<br>
    <input type="text" name="Cus_Email">
    <br>
    Phone:<br>
    <input type="text" name="Phone_Num">
    <br><br>
    <input type="submit" value="Submit">
    <input type="hidden" name="isPosted" value="1" />
    </form>

Try the below code as the insert query and see the output

if(isset($_POST['isPosted']) && $_POST['isPosted'] == 1) {
    $insertedData = mysql_query($serverConnection,"INSERT INTO customertable(CustomerId,FirstName, SurName, Address, PhoneNum, Email, ProductPurchase) VALUES( 'NULL', '$_POST[First_Name]', '$_POST[Sur_Name]', '$_POST[Cus_Address]', '$_POST[Phone_Num]', '$_POST[Cus_Email]', '3')" ) or die(mysql_error());
} else {
    die('No POST data found.');
}
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.