I am doing an ajax call to a PHP which should do 2 SQL queries. The queries look like this:
$sql = "UPDATE customers SET customers_newsletter=1 WHERE customers_id ='".$cid."'";
$sql .= "INSERT INTO coupons (coupon_id,
coupon_type,
coupon_code,
coupon_amount,
coupon_minimum_order,
coupon_start_date,
coupon_expire_date,
uses_per_coupon,
uses_per_user,
coupon_active)
VALUES ('".$cid."',
'NL_".$cid_substr."".$cid."',
'F',
'5.0000',
'100.0000',
'".date("Y-m-d H:i:s")."',
'".$expiredate."',
'1',
'1',
'Y'
)";
mysqli_multi_query($con,$sql);
In another php file the exact same code already worked, i there copied an sql entry to another table and then deleted it from the current one.
If i do only one of the queries it works, but i need to get them to work together.
Any ideas why it is not working?
UPDATE:
I now followed the link for preventing sql injection in the comment and i got the following code now:
<?php
$mysqli = new mysqli("server", "user", "pw", "db");
// TODO - Check that connection was successful.
$unsafe_variable = $_GET['cid'];
$stmt = $mysqli->prepare("INSERT INTO coupons (coupon_id) VALUES (?)");
// TODO check that $stmt creation succeeded
// "s" means the database expects a string
$stmt->bind_param("s", $unsafe_variable);
$stmt->execute();
$stmt->close();
$mysqli->close();
mysqli_close($con);
?>
It is still not working. Where is the fault?