Simple Insert into table help

[bobicles2]

So i have a main.html page with HTML

 

<form action="insert.php" method="post">

Event Name: <input type="text" name="Event" />

<br>

Genre: <input type="text" name="Genre" />

<br>

Date: <input type="text" name="Date" />

<br>

Price: <input type="text" name="Price" />

<br>

Tickets: <input type="text" name="Tickets" />

<br>

<input type="submit" />

</form>

 

I believe this is a simple form for just inputing data but i really do have poor knowledge!

 

I then have a php page called insert.php and that page looks like so ;

 

 

<?php

$con = mysql_connect("localhost","myusername","mypassword");

if (!$con)

  {

  die('Could not connect: ' . mysql_error());

  }

 

mysql_select_db("Events", $con);

 

$sql="INSERT INTO Events (Event, Genre, Date, Price, Tickets)

VALUES

('$_POST[Events]','$_POST[Genre]','$_POST[Date]')('$_POST[Price]','$_POST[Tickets]')";

 

if (!mysql_query($sql,$con))

  {

  die('Error: ' . mysql_error());

  }

echo "1 record added";

 

mysql_close($con)

?>

 

 

 

 

And my database looks as shown below

 

 

This was meant to be a simple script to allow me to add information to the table but....i carnt get it to work despite playing around with it for ageessss could anyone help? or suggest a fresh code? its frustrating me to no end !

 

 

Thanks!

Rob

[wildteen88]

You have a syntax error in your query

$sql="INSERT INTO Events (Event, Genre, Date, Price, Tickets)

VALUES

('$_POST[Events]','$_POST[Genre]','$_POST[Date]')('$_POST[Price]','$_POST[Tickets]')";

The characters in red should be a comma.

 

Also you should never place raw _POST data straight into an SQL query. You should always sanitize user input.

[Mchl]

This will still throw an error because array values need to be enclosed in {} when they're used in double quoted strings. And just like wildteen says: use mysql_real_escape_string first.