what is wrong

[dignifiedman]

ok i spent over 3 days trying to get this shitty piece of code to work ready to throw away my pc and live in a cave for rest of my life.

 

please tell me why it doesnt work, all i want is for it to add the previouse page's form too my database, is that really too much to ask? theres not even any validation on there yet?

 

<?php

$db = mysql_connect ('mysql8.000webhost.com', 'a3523162_15cred', 'holylight22');

mysql_select_db('a3523162_15cred', $db) or die ('Unable to connect to database');

$sql="INSERT INTO Customers (CustomerID, EmailAddress, Postalcode, Phonenumber, Forename, Surname, Address)
VALUES ($_POST['CustomerID'], $_POST['EmailAddress'], $_POST['Postalcode'], $_POST['Phonenumber'], $_POST['Forename'], $_POST['Surname'], $_POST['Address']);

if (!mysql_query($sql,$db))
  {
  die('Error: ' . mysql_error());
  }
echo "1 record added";
echo "Record Added<br><a href=\"index.html\">click here</a>
to return to sysops<br>";
mysql_close($db);
?>

<p><a href="Check Your booking.php">View</a></p>

[bh]

Hi,

 

First look the cause of the error is the insert statement. Try this:

 

$sql="INSERT INTO Customers (CustomerID, EmailAddress, Postalcode, Phonenumber, Forename, Surname, Address)
VALUES ($_POST['CustomerID'], \"$_POST['EmailAddress']\", $_POST['Postalcode'], $_POST['Phonenumber'], \"$_POST['Forename']\", \"$_POST['Surname']\", \"$_POST['Address']\");";

 

If phonenumber is a VARCHAR then: \"$_POST['Phonenumber']\"

[Adam]

You're accessing an array within the string; wrap each reference in curly brackets {} .. example:

 

VALUES ({$_POST['CustomerID']}, (..)

[cs.punk]

Same error had me hammered long long ago.

 

Oh and don't post your password in a forum...

[dignifiedman]

i now have this -

 

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' , , yuhkyfu, yuiruir, yuiruiru)' at line 2

 

$sql="INSERT INTO Customers (CustomerID, EmailAddress, Postalcode, Phonenumber, Forename, Surname, Address)
VALUES ({$_POST['CustomerID']}, {$_POST['EmailAddress']}, {$_POST['Postalcode']}, {$_POST['Phonenumber']}, {$_POST['Forename']}, {$_POST['Surname']}, {$_POST['Address']})";

 

[bh]

Probably any POST value hasnt got a right type.

Example Phonenumber is a number in your SQL structure, but your post value is a string with a backslash or something...

[myrddinwylt]

To ensure the SQL string is properly encapsulated in quotes where necessary and to avoid any post confusion, I would personally do it this way

 

$sql = "INSERT INTO Customers (CustomerID, EmailAddress, Postalcode, Phonenumber, Forename, Surname, Address)
VALUES ('" . $_POST['CustomerID'] . "', '" . $_POST['EmailAddress'] . "', '" . $_POST['Postalcode'] . "', '" . $_POST['Phonenumber'] . "', '" . $_POST['Forename'] . "', '" . $_POST['Surname'] . "', '" . $_POST['Address'] . "')";

 

So if the Values were as follows:

 

CustomerID: 10976

EmailAddress: bob@bob.com

Postalcode: L1H1A4

PhoneNumber: 4164770101

Forename: Bob

Surname: Smith

Address: 123 Front St, Toronto

 

The generated MySQL would be:

 

INSERT INTO Customers (CustomerID, EmailAddress, Postalcode, Phonenumber, Forename, Surname, Address) VALUES ('10976', 'bob@bob.com', '4164770101', 'Bob', 'Smith', '123 Front St, Toronto');

 

You may want to make some adjustments. For example, if the CustomerID field is an INT value, then you can safely add that field without the single quotations  '.

Also, you may want to mysql_escape_string or whatever the function is called to add \ to each post value prior to inserting. So if you had someone with the name Mc'Leans for example, the resulting insert for that field would be 'Mc\'Leans'