# Error inserting data to mysql table



## kclark (Nov 8, 2012)

I'm writing an webpage that calls three telephone numbers and asks what kind of pizza you want.  Cheese, Pepperoni, Sausage, or other.  Everything is going fine.  After the user makes the choice with the telephone keypad I am trying to enter that data into a mysql table.  The application errors out, I don't see any output because it says on the phone an application error has occurred.

Here's my code.


```
<?php
	// Connect to MySQL, and connect to the Database
	mysql_connect('localhost', 'admin', 'admin') or die(mysql_error());
	mysql_select_db('poll') or die(mysql_error());

	// @start snippet
	// Check if values have been entered
	$digit = isset($_REQUEST['Digits']) ? $_REQUEST['Digits'] : null;
	$choices = array(
		'1' => 'Cheese',
		'2' => 'Pepperoni',
		'3' => 'Sausage',
		'4' => 'Pineapple_Bacon',
	);
	if (isset($choices[$digit])) {
		mysql_query("INSERT INTO `results` (`" . $choices[$digit] . "`) VALUES ('1')");
		$say = 'Thank you. Your choice has been tallied.';
	} else {
		$say = "Sorry, I don't have that topping.";
	}
	// @end snippet
	// @start snippet
	$response = new Services_Twilio_Twiml();
	$response->say($say);
	$response->hangup();
	header('Content-Type: text/xml');
	print $response;
	// @end snippet
?>
```


Is there something wrong with my php/mysql syntax at the if statement?


----------



## SirDice (Nov 9, 2012)

It will generate at least an error when somebody doesn't make a choice or picks digit 5 or higher. Then $choices[$digit] would be empty and the SQL query would have a syntax error (missing column name).


----------



## fluca1978 (Nov 9, 2012)

kclark said:
			
		

> ```
> <?php
> // Connect to MySQL, and connect to the Database
> [B]	mysql_connect('localhost', 'admin', 'admin') or die(mysql_error());[/B]
> ...



You should never post authentication credentials, and in the case the above _admin/admin_ are the real credentials, I strongly suggest you to change them!
Second, do not ever compose a query like the above, use prepared statements.
Third, in order to debug the application, see the database logs: if the query hits the database but is wrong, the database log will reflect it and you will be able to correct it.


----------

