[SOLVED] PHP/MYSQL vague error warning

[PiX06]

I'm currently working on a couple of PHP pages that generate a quote for driveway paving. The first of which collects some data and the second page generates the quote and stores the data to a MYSQL database.

 

At the moment everything seems to be working except the storing to MYSQL part. An somewhat vague error message is appended to the bottom of the second page (do_quote.php) saying;

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near

 

The first page of the quote generator is at http://www.photorealisticgaming.com/PHP/form/form.php

 

I can provide the code for both pages if needed. Thanks for your time guys.

[Maq]

Can you post the query and the entire error?

[PiX06]

Here is the entire code for do_quote.php (the page which generates a quote, displays the data and writes everything to the MYSQL database)

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Quote generator</title>
<link rel="stylesheet" type="text/css" href="view.css" media="all">
<script type="text/javascript" src="view.js"></script>

</head>
<body id="main_body" >

<img id="top" src="top.png" alt="">
<div id="form_container">

	<h1><a>Quote generator</a></h1>
	<form id="form_34416" class="appnitro"  method="post" action="quote.php">
				<div class="form_description">
		<h2>Quote generator</h2>
		<p>Use this form to generate a quote. There is no obligation to buy.</p>
	</div>						
  <h4>Cust_Name</h4>
<?php echo htmlspecialchars($_POST['element_1']); ?>.

<h4>Email</h4>
<?php echo htmlspecialchars($_POST['element_2']); ?>

<h4>Address</h4>
<?php echo htmlspecialchars($_POST['element_3']); ?>

<h4>Postcode</h4>
<?php echo htmlspecialchars($_POST['element_4']); ?>

<h4>Approx area of paving in m²</h4>
<?php echo (int)$_POST['element_5']; ?>

<h4>County</h4>
<?php echo $_POST['element_6']; ?>

<h4>Job Type</h4>
<?php echo $_POST['element_7']; ?>
<br>
<br>
<h3><b>Your Quote</b></h3>
<br>
<?php
$area = (int)$_POST['element_5'] ;
$job_type = $_POST['element_7'] ;

if ($job_type == "Asphalt") {
$cost_per_m2 = 1 ;
}
if ($job_type == "Block Paving") {
$cost_per_m2 = 1 ;
}
if ($job_type == "Tarmacadam") {
$cost_per_m2 = 1;
}
if ($job_type == "Concrete") {
$cost_per_m2 = 1;
}
if ($job_type == "Imprinted Concrete") {
$cost_per_m2 = 1;
}
if ($job_type == "Garden Paving") {
$cost_per_m2 = 1;
}
if ($job_type == "Not Sure") {
$cost_per_m2 = 0;
}
$quote = ($area * $cost_per_m2) ;
echo "Approximate cost of this job will be £" ;
echo $quote ;

$my_t=getdate(date("U"));
$date = ("$my_t[month] $my_t[mday], $my_t[year]");
$Cust_Name = htmlspecialchars($_POST['element_1']);
$Address = htmlspecialchars($_POST['element_3']);
$Postcode = htmlspecialchars($_POST['element_4']);
$Approx_area_m2 = (int)$_POST['element_5'];
$County = $_POST['element_6'];
$Email = $_POST['element_2'];
$Job_Type = $_POST['element_7'];

mysql_connect ("mysql4.000webhost.com", "a8085020_admin", "27679262a") or die ('I cannot connect to the database because: ' . mysql_error());
mysql_select_db ("a8085020_new");
mysql_query ("INSERT INTO leads 
(Lead_Date, Cust_Name, Address, Postcode, County, Email, Job_Type, Approx_area_m2, Quote_Generated) VALUES($date, $Cust_Name, $Address, 
$Postcode, $County, $Email, $Job_Type, $Approx_area_m2, $quote) ")
or die(mysql_error());  
?>
	</form>	
	<div id="footer"></div>
</div>
<img id="bottom" src="bottom.png" alt="">
</body>
</html>

 

And this is the error I get after entering some random data into the first page:

 

Approximate cost of this job will be £48You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '23, 2009, Homer Simpson, 172 Evergreen Terrace, Springfield, BB5 5HG, Isle of ' at line 2

[Maq]

You need single quotes around your variables/values in the INSERT statement.

[Dathremar]

Your query is broken. Use ' around your variables and also try addslashes() to escape illegal chars before inserting into DB

 

[PiX06]

Ah, I see. I presumed that because I was passing variables to the INSERT statement that the quote marks would be ommitted.

[PiX06]

OK cool, everything works now. The data is being written to the database successfully. Although the date field says 0000-00-00. I think I need to format the date in a particular way because of having that field set up as a date field in the database?

[Maq]

Yes it does.  Echo $date and make sure it's in "YYYY-MM-DD" format.

[PiX06]

Yeah it looks like you're right, as a quick test i removed '$date' in the insert statement and replaced it with '2009-06-23' which worked, so now I just have to get my $date variable formatted like that.

[Maq]

I can see when you assign date to the post values you have it in MM-DD-YYYY:

 

$date = ("$my_t[month] $my_t[mday], $my_t[year]");

 

You can probably rearrange the format like so:

 

$date = ("$my_t[year]-$my_t[month]-$my_t[mday]");

[PiX06]

Its all working now, realised I was making it more difficult than necessary and just used;

 

$date = date("Y-m-d") ;