Insert into table not working and no error through php page

Question

I have this code to insert into a table. My issue with INSERT INTO categories is that its never inserting data into the table and there is no error. I am using almost the same query in code with a different table and there it's working. Any clue?

<?php 
$action = $_GET['action'] ; 
if ($action=='question')
  question();
elseif ($action=='categories')
  categories();

function question() {
  if ((isset($_SESSION['loggedin']) &&  $_SESSION['loggedin'] == true))
  {
    $include("db.php");
    $category = $_POST['category'] ; 
    $subcategory = $_POST['subCategory'] ; 
    $question = $_POST['question'] ; 
    $answer = $_POST['answer'] ; 

    $query = "INSERT INTO faq (category,subcategory,question,answer)   
      VALUES('.$category.','.$subcategory.','.$question.','.$answer')";
    $success = mysql_query($query);

    if ($success)
    {
      echo '<a href="admin.php" >done >';       
    }
    else 
    {
      echo mysql_error();
    }

  }
}


function categories(){
  if ( ! (isset($_SESSION['loggedin']) && ! $_SESSION['loggedin'] == true))
  {
    include("db.php");
    $category = $_POST['category'] ; 
    $subcategory = $_POST['subCategory'] ; 

    $query = "INSERT INTO categories (category,subcategory)
      VALUES( '$category' , '$subcategory')";
    $success = mysql_query($query);

    if ($success)
    {
      echo '<a href="admin.php" >done>';
    }
    else 
    {
      echo mysql_error();
    }

  }
}
?>

Answer 1

A few issues:

• If you are combining variables into a string, you can use the "." character to join them, or you can include variables within the string, so long as the string is wrapped in double quotation marks. In your code, you were doing both at once.
• You were not santising your database input.
• Your logic checks for the "categories" function were incorrect.
• Your hyperlink tags were missing the closing tags.

See the amended code below.

<?php 

$action = $_GET['action'];

if( $action=='question' )
  question();
elseif( $action=='categories' )
  categories();

function question(){
  if( isset( $_SESSION['loggedin'] ) &&  $_SESSION['loggedin'] == true ){

    include( 'db.php' );

    $category = mysql_real_escape_string( $_POST['category'] ); 
    $subcategory = mysql_real_escape_string( $_POST['subCategory'] ); 
    $question = mysql_real_escape_string( $_POST['question'] );
    $answer = mysql_real_escape_string( $_POST['answer'] );

    $query = "INSERT INTO faq ( category , subcategory , question , answer ) VALUES( '{$category}' , '{$subcategory}' , '{$question}' , '{$answer}' )";

    echo "SQL Query to execute: $query"; # Debug Message

    $success = mysql_query( $query );

    if ( $success ){
      echo '<a href="admin.php">done</a>'; 
    }else{
      echo mysql_error();
    }

  }
}


function categories(){
  if( !( isset( $_SESSION['loggedin'] ) || $_SESSION['loggedin']==true ) ){

    include( 'db.php' );
    $category = mysql_real_escape_string( $_POST['category'] ); 
    $subcategory = mysql_real_escape_string( $_POST['subCategory'] );

    $query = "INSERT INTO categories ( category , subcategory ) VALUES ( '{$category}' , '{$subcategory}' )";

    echo "SQL Query to execute: $query"; # Debug Message

    $success = mysql_query( $query );

    if( $success ){
      echo '<a href="admin.php">done</a>';
    }else{
      echo mysql_error();
    }

  }
}