Why isn't my MySQL database insertion working?

Question

$author = $_SESSION['username'];
$subject = $_POST['subject'];
$body = $_POST['body'];
$branched = $_POST['branched'];
$time = time();
$branchedFrom = $_POST['parent'];
$id = $_POST['parent'];
$next = 0;
$previous = 0;
$branchedTo = 0;
mysql_query("INSERT INTO offtopic VALUES('', '$author', '$subject', '$body', '$time',    '$next', '$previous', '$branchedFrom', '$branchedTo'");

I've tried it lots of times, even tried changing some stuff, but it doesn't save the info into the database. The blank space at the begining is where the index is in the database. The SESSION and POST stuff I'm pretty sure gets passed properly.

Answer 1

"INSERT INTO offtopic VALUES('', '$author', '$subject', '$body', '$time',    '$next', '$previous', '$branchedFrom', '$branchedTo'"

Missing closing ‘)’ inside the string. Pick up the error message using mysql_error() and simple syntax errors like this should be obvious.

Also you have SQL injection security holes you could drive a bus through. You need to be calling mysql_real_escape_string() over each string value you concatenate into the string, or use mysqli parameterised queries.

Answer 2

Maybe it is because that your query missing which fields to insert

"INSERT INTO offtopic(field1, field2, etc....) VALUES('', '$author', '$subject', '$body', '$time', '$next', '$previous', '$branchedFrom', '$branchedTo'");