0

Edit: I can see the form but it does not write to the database. Here's the code:

<html>
<head>Test PAge</head>
<body>
<form action="testform3.php" method="POST">
<h1 align="center">Client Registration</h1><br>
<br>
<table>
<tr><td>
CID: <input type = "text" name="cid">
</td></tr>
<tr><td>Client Name: <input type="text" name="cname"></td></tr>
<tr><td>Client Short Name: <input type="text" name="cshortname"></td></tr>
<tr><td>Representative/Coordinator: <input type="text" name="coordinator"></td></tr>
<tr><td>BusinessHead: <input type=text name="bizhead"></td></tr>
<tr><td>Mobile: <input type=text name="mob_no"></td></tr>
<tr><td>[Phone (1)]: <input type=text name="phone1"></td>
<td>[Phone (2)]: <input type=text name="phone2"></td>
<td>[Fax (1)]: <input type=text name="fax1"></td>
<td>[Fax (2)] : <input type=text name="fax2"></td>
</tr>
<tr><td>Area : <input type=text name="area"></td>
<td>City : <input type=text name="city"></td>
<td>[Postal Code] : <input type=text name="postalcode"></td>
<td>[Zip Code] : <input type=text name="zipcode"></td></tr>
<tr><td>State : <input type=text name="state"></td>
<td>Country : <input type=text name="country"></td></tr>

<tr><td>
Remarks : <input type=text name="remarks">
</td></tr>
<tr><td><input type="submit" name="savetoDB" value="registerclient"></td></tr>
</table>
</form>
</body>
</html> 

<?php
if (isset($_POST['savetoDB']))
{

$host="localhost:3306"; // Host name with mysql port no
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="mediaplus_test"; // Database name
$tbl_name="clientele"; // Table name

// Connect to server and select databse.


$con = mysql_connect("$host", "$username", "$password");
if ( ! $con )
{
die("Cannot connect to database....!" . mysql_error());
}
echo "connected";


 //Selecting the database to insert form data to


mysql_select_db("$db_name",$con) or die("cannot select DB...!"  . mysql_error());
echo "connected to database";

//SQL Querty to write to database. using a variable to store sql insert query

extract($_POST); 

$sql = "INSERT INTO    (ID, ClientFullName, ClientShortName, Representative, 
BusinessHead, Mobile, Phone (1), Phone (2), Fax(1), Fax (2), Area, City, State, 
Country, Postal Code, Zip Code, Remarks) " .
 "VALUES  

('$cid', '$cname', '$cshortname', '$coordinator', '$bizhead', '$mob_no', '$phone1',   
 '$phone2', '$fax1', '$fax2', '$area', '$city', '$state', '$country', '$postalcode', 
'$zipcode', '$remarks')";


    //'coordinator']."','".$_POST['bizhead']."','".$_POST['mob_no']."','".$_POST['phone1']."','//".$_POST['phone2']."','".$_POST['fax1']."','".$_POST['fax2']."','".$_POST['area']."','".$//_POST['city']."','".$_POST['postalcode']."','".$_POST['zipcode']."','".$_POST['state']."'//,'".$_POST['country']."','".$_POST['remarks']."')";

mysql_query($sql,$con);
mysql_close($con);
}
//Echo "Data inserted into clientele";
?>

question ends here..!

I am trying to insert data from form input to mysql database using php. I get the following error in the browser:

Parse error: syntax error, unexpected '' (T_ENCAPSED_AND_WHITESPACE), expecting identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING) in J:\xampp\htdocs\testform.php on line 70

This is my query:

sql = "INSERT INTO clientele(ID,ClientFullName,ClientShortName,Representative,BusinessHead,Mobile,Phone (1),Phone (2),Fax(1),Fax (2),Area,City,State,Country,Postal Code,Zip Code,Remarks)" .
"VALUES ('$_POST'[cid]',
'$_POST['cname']', '$_POST['cshortname']',
'$_POST['coordinator']',
'$_POST['bizhead']',
'$_POST['mob_no']',
'$_POST['phone1']',
'$_POST['phone2']',
'$_POST['fax1']',
'$_POST['fax2']',
'$_POST['area']',
'$_POST['city']',
'$_POST['postalcode']',
'$_POST['zipcode']',
'$_POST['state']',
'$_POST['country']',
'$_POST['remarks']',)";

What could be the problem here? Thanks.

Charaf JRA
  • 7,659
  • 1
  • 27
  • 41
SQL_Newbie
  • 13
  • 2
  • 1
    this would be the problem: Phone (1),Phone (2),Fax(1),Fax (2) put it into backticks – steven Aug 26 '13 at 15:27
  • 2
    You really need to get a proper editor which highlights parse errors. – N.B. Aug 26 '13 at 15:28
  • this is another problem: '$_POST'[cid]' - it should be '$_POST[cid]' and you should really escape your $_POST-Data – steven Aug 26 '13 at 15:30
  • 3
    Your code is vulnerable to SQL Injection, see this question for more info: http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – Mansfield Aug 26 '13 at 15:32
  • Time to start over again on String concatenation, its not only one problem: they are multiple – Hanky Panky Aug 26 '13 at 15:34
  • I will give you a trick,if you are using PhpMyAdmin try inserting a row in your table,once done you will have insert into query that you have done using form , copy it and change string values with your variables,Phone (1) should be 'Phone 1' – Charaf JRA Aug 26 '13 at 15:35
  • This doesn't have anything to do with SQL yet, other than that that will be the eventual use of the string you're building. It's PHP syntax that's killing you right now. And it's really basic syntax stuff that you should already have down cold before you're ready to start talking to databases. – cHao Aug 26 '13 at 15:37
  • @FaceofJock I have just tried that. The problem is, it does not write anything to the database. how can I paste my code here (since I want to) but the char. limit is too low in the comment... – SQL_Newbie Aug 26 '13 at 16:18
  • edit your question then , try to test solutions given bellow – Charaf JRA Aug 26 '13 at 16:20

4 Answers4

1

i dont like to rewrite your hole query.

Here is an example how it may be done without syntax error:

$sql = "INSERT INTO clientele(`ID`,`ClientFullName`, `ClientShortName`) " .
"VALUES ('".$_POST['cid']."','".$_POST['cname']."','".$_POST['cshortname']."')";

But you have to care about the SQL Injection issue!!! Dont't put it online like this!

steven
  • 4,753
  • 2
  • 22
  • 52
0
'$_POST'[cid]'

Don't know about you but that doesn't look like it isn't going to run very well to me.

Ammend too:

'$_POST['cid']'
christopher
  • 24,892
  • 3
  • 50
  • 86
  • 2
    Won't work much better. The variable should be in braces, like `"... '{$_POST['cid']}' ..."`, or the quotes around the key will cause issues. Alternatively, you could just say `"... '$_POST[cid]' ..."`, but that'll give you notices about undefined constants. – cHao Aug 26 '13 at 15:42
  • Hello everyone...I have changed the code as suggested and can see the form but it does not seem to write to database. How can I paste my code in the comment, it has limited character length? – SQL_Newbie Aug 26 '13 at 16:02
0

try inputting values like

'{$_POST['cid']}'
Tushar
  • 11,306
  • 1
  • 21
  • 41
0

To avoid complicating Query,use extract(), so @steven's answer will be simple like this :

extract($_POST); 

$sql = "INSERT INTO clientele(`ID`,`ClientFullName`, `ClientShortName`) VALUES ('$cid','$cname','$cshortname')";

OR:

$sql = "INSERT INTO clientele(`ID`,`ClientFullName`, `ClientShortName`) VALUES ('".$cid."','".$cname ."','".$cshortname."')";

But you have to care about the SQL Injection issue!!! Dont't put it online like this!

Charaf JRA
  • 7,659
  • 1
  • 27
  • 41
  • This is a test project. I will consider your suggestions about string concatenation, sql injection.. – SQL_Newbie Aug 26 '13 at 16:01
  • Try this query : $sql = "INSERT INTO ('ID', 'ClientFullName','ClientShortName', 'Representative', 'BusinessHead', 'Mobile', 'Phone (1)', 'Phone (2)', 'Fax(1)', 'Fax (2)', 'Area', 'City', 'State', 'Country', 'Postal Code', 'Zip Code', 'Remarks')VALUES ('$cid', '$cname', '$cshortname', '$coordinator', '$bizhead', '$mob_no', '$phone1', '$phone2', '$fax1', '$fax2', '$area', '$city', '$state', '$country', '$postalcode', '$zipcode', '$remarks')"; – Charaf JRA Aug 26 '13 at 18:16
  • Just tried this query, doesn't seem to work. For the record, i am using this in conjunction with extract($_POST); state else i get Notice: Undefined variable: cid in J:\xampp\htdocs\testform4.php on line 73,74.... error. – SQL_Newbie Aug 26 '13 at 18:31