Adding Info From Webpage To Database

toney · December 3, 2012

I have this code for adding info to a database from a webpage i wrote. I am getting this error

Parse error: syntax error, unexpected '-', expecting ']' in /home/rottorg/public_html/insert.php on line 57

<?php

('$_POST[title]','$_POST[rank]','$_POST[position_number]','$_POST[first_name]','$_POST[middle_name]','$_POST[last_name]','$_POST[street_name]','$_POST[city]','$_POST[state]','$_POST[zip_code]','$_POST[home_phone]','$_POST[work_phone]','$_POST[cell_phone]','$_POST','$_POST[ham_radio]','$_POST[license_type]','$_POST[iCS-100]','$_POST[iCS_200]','$_POST[iCS_230]','$_POST[iCS_300]','$_POST[iCS_400]','$_POST[iCS_700]','$_POST[iCS_702]','$_POST[iCS_706]','$_POST[iCS_707]','$_POST[iCS_800]','$_POST[first_aid]','$_POST[cpr]','$_POST[cert]','$_POST[cert_int]','$_POST[special_skills]')";

?>

MDCode · December 3, 2012

I see no errors with that code block. Paste the whole page in

 tags

toney · December 4, 2012

[<?php

/*

$title=$_POST['title'];

$rank=$_POST['rank'];

$position_number=$_POST['position_number'];

$first_name=$_POST['first_name'];

$middle_name=$_POST['middle_name'];

$last_name=$_POST['last_name'];

$street_name=$_POST['street_name'];

$city=$_POST['city'];

$state=$_POST['state'];

$zip_code=$_POST['zip_code'];

$home_phone=$_POST['home_phone'];

$cell_phone=$_POST['cell_phone'];

$work_phone=$_POST['work_phone'];

$email=$_POST['email'];

$ham_radio=$_POST['ham_radio'];

$license_type=$_POST['license_type'];

$ICS_100=$_POST['ICS_100'];

$ICS_200=$_POST['ICS_100'];

$ICS_230=$_POST['ICS_230'];

$ICS_300=$_POST['ICS_300'];

$ICS_400=$_POST['ICS_400'];

$ICS_700=$_POST['ICS_700'];

$ICS_702=$_POST['ICS_702'];

$ICS_706=$_POST['ICS_706'];

$ICS_707=$_POST['ICS_707'];

$ICS_800=$_POST['ICS_800'];

$first_aid=$_POST['first_aid'];

$cpr=$_POST['cpr'];

$cert=$_POST['cert'];

$cert_int=$_POST['cert_int'];

$LNO=$_POST['LNO'];

$special_skills=$_POST['special_skills'];

*/

$con = mysql_connect("localhost","","");

if (!$con)

{

die('Could not connect: ' . mysql_error());

}

mysql_select_db("", $con);

if($_POST[first_name] != '')

{

if($_POST['password'] != '')

$password = sha1($_POST['password']);

else

$password = sha1('password');

$sql="INSERT INTO Memers_162rot (title,rank,position_number,first_name,middle_name,last_name,street_name,city,state,zip_code,home_phone,work_phone,cell_phone,email,call_sign,lic_type,ics_100,ics_200,ics_230,ics_300,ics_400,ics_700,ics_702,ics_706,ics_707,ics_800,first_aid,CPR,CERT,cert_instructor,LNO,special_skills)

VALUES

('$_POST[title]','$_POST[rank]','$_POST[position_number]','$_POST[first_name]','$_POST[middle_name]','$_POST[last_name]','$_POST[street_name]','$_POST[city]','$_POST[state]','$_POST[zip_code]','$_POST[home_phone]','$_POST[work_phone]','$_POST[cell_phone]','$_POST','$_POST[ham_radio]','$_POST[license_type]','$_POST[iCS-100]','$_POST[iCS_200]','$_POST[iCS_230]','$_POST[iCS_300]','$_POST[iCS_400]','$_POST[iCS_700]','$_POST[iCS_702]','$_POST[iCS_706]','$_POST[iCS_707]','$_POST[iCS_800]','$_POST[first_aid]','$_POST[cpr]','$_POST[cert]','$_POST[cert_int]','$_POST[special_skills]')";

if (!mysql_query($sql,$con))

{

die('Error: ' . mysql_error());

}

else

echo "1 record added";

MDCode · December 4, 2012

$sql="INSERT INTO Memers_162rot (title,rank,position_number,first_name,middle_name,last_name,street_name,city,state,zip_code,home_phone,work_phone,cell_phone,email,call_sign,lic_type,ics_100,ics_200,ics_230,ics_300,ics_400,ics_700,ics_702,ics_706,ics_707,ics_800,first_aid,CPR,CERT,cert_instructor,LNO,special_skills)

VALUES

('$_POST[title]','$_POST[rank]','$_POST[position_number]','$_POST[first_name]','$_POST[middle_name]','$_POST[last_name]','$_POST[street_name]','$_POST[city]','$_POST[state]','$_POST[zip_code]','$_POST[home_phone]','$_POST[work_phone]','$_POST[cell_phone]','$_POST','$_POST[ham_radio]','$_POST[license_type]','$_POST[iCS-100]','$_POST[iCS_200]','$_POST[iCS_230]','$_POST[iCS_300]','$_POST[iCS_400]','$_POST[iCS_700]','$_POST[iCS_702]','$_POST[iCS_706]','$_POST[iCS_707]','$_POST[iCS_800]','$_POST[first_aid]','$_POST[cpr]','$_POST[cert]','$_POST[cert_int]','$_POST[special_skills]')";

The only - in your query is the bolded part try changing it to an underscore like the rest?

toney · December 4, 2012

fixed the above problem now new one

Error: Unknown column 'position_number' in 'field list'

Edited December 4, 2012 by PFMaBiSmAd
removed wysiwyg micro-font format

Christian F. · December 4, 2012

A search on the net for that error message will give you all the information you need on why it's happening, and what you need to do to fix it. As will most error messages.

I'll give you a tip: Look at the actual table definition.

toney · December 4, 2012

fixed the error above it was a spelling error in the database.

so now in the form I have a field that gathers phone numbers it has three separate boxes for the numbers. to see the form go to www.162rot.org/memberupdate.html. my code gathers the first number the area code but not the other to boxes. not sure how to get that to do it

jcbones · December 5, 2012

You would have to include the form for us to get that one. I would think it has something to do with the naming of your phone number boxes. I will go a little further and tell you that you have opened yourself up for database injection. You need to look into sanitation and validation.

Sign In

Adding Info From Webpage To Database

Recommended Posts

toney

Link to comment

Share on other sites

MDCode

Link to comment

Share on other sites

toney

Link to comment

Share on other sites

MDCode

Link to comment

Share on other sites

toney

Link to comment

Share on other sites

Christian F.

Link to comment

Share on other sites

toney

Link to comment

Share on other sites

jcbones

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information