why isnt this working?

[failchicken]

<form action="cat.php" method="post">
Cat name: <input type="text" name="cat" />
<input type="submit" name="submit">
</form>
<?php
if (isset($_POST['submit'])){
$con = mysql_connect("localhost", "root", "pass");
if (!$con){
die("can not connect: " . mysql_error());    
}
mysql_select_db("database",$con);
$sql = "INSERT INTO gallery_category (category_id,category_name) VALUES (''',$_POST[cat]')";
mysql_query($sql,$con);
mysql_close($con);
}
?>

[DavidAM]

The query is invalid:

 

if (! mysql_query($sql, $con)) die('Query Failed: ' . mysql_error($con) . ' -- ' . $sql);

to find out why

[failchicken]

Query Failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1 -- INSERT INTO gallery_category (category_id, category_name) VALUES ('', )

[AbraCadaver]

VALUES ('', )

[fastsol]

You need to give the submit button a name="submit" attribute.  A big issue is that you are only connecting to the db if the $_POST['submit'] isset which it isn't cause you haven't given it a name, hence why the query fails too.

[DavidAM]

@fatsol

What code are you reading? The submit button does have a name, it is "submit". The problem is the single quotes inside the query:

 

@failchicken

$sql = "INSERT INTO gallery_category (category_id,category_name) VALUES (''',$_POST[cat]')";

If you look close you see three quotes before the comma and no quote after the comma before the category value.

 

Of course, the debug message is showing nothing after the comma and only two single quotes before it, so somthing was changed before that run.

[fastsol]

My bad, i swear i read it as value instead of name, no other comments from me at this point.