phpmysqlsqlmysqli

Inserting values into a table with a PHP-variable name


I'm setting up a simple website where each user gets their own table (bad idea, I know), in which other users can put comments into - like a super budget version of a Facebook-wall.

This is what my query looks like when I create the table:

$userTable = mysqli_query($conn, "CREATE TABLE `".$epost."`(
        ID INT(255) UNSIGNED AUTO_INCREMENT PRIMARY KEY,
        eMail VARCHAR(50) NOT NULL,
        comment VARCHAR(500) NOT NULL,
        timestampp TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP
        )");

However, when I try to take the values from a form, and insert them into the specific table they can't seem to find their way in there. Here's my code of that:

    <?php

include 'connect.php';

/*if(isset ($_POST['userUser']))*/

$valueEmail = mysqli_real_escape_string($conn, $_POST['userEmail']);
$valueUser = mysqli_real_escape_string($conn, $_POST['userUser']); /*have the user to input the name, so i can connect to the correct DB*/
$valueMessage = mysqli_real_escape_string($conn, $_POST['userMessage']);

$findUserTable = "SELECT * FROM UserInfo WHERE Firstname = '$valueUser'";
$findUserEmail = mysqli_query($conn, $findUserTable);

if(mysqli_num_rows($findUserEmail) > 0) /*finding the name of the persons email*/
    {
        while ($result = mysqli_fetch_assoc($findUserEmail))
        {
            $email = $result['Email'];
        }
    }

/* VALIDATION HERE */

$sql = "INSERT INTO ".$email." (eMail, comment) VALUES ('$valueEmail', '$valueMessage')"; /* wrong query?*/

header("refresh:10 url=userProfil.php");
/*echo '<script>alert("Meddelande skapat!");</script>';*/

echo $sql;

mysqli_close($conn);

?>

I've been trying different 'versions' of the variable, like ".$email.", '.$email.' and ".$epost.". I get the correct name when i echo out my query or just the variable - but it can't seem to find the table? I'm very aware that my code smells badly, so please spare me on that point.


Solution

  • You just simply wrote your query and forgot to execute it:

    $sql = "INSERT INTO ".$email." (eMail, comment) VALUES ('$valueEmail', '$valueMessage')"; /* wrong query?*/
    

    To execute, use this:

    mysqli_query($conn,$sql);//for execute
    

    It'd be even better if you use bind and prepare statements:

    $sql = "INSERT INTO ".$email." (eMail, comment) VALUES (? ,?)";
    $stmt = $conn->prepare($sql);
    $stmt->bind_param("ss", $valueEmail, $valueMessage);
    
    /* Execute the statement */
    $stmt->execute();
    $row = $stmt->affected_rows;
    if ($row > 0) {
        echo "data inserted";
    } else {
        "error";
    }
    

    Read more on http://php.net/manual/en/mysqli-stmt.bind-param.php