Printable View
Hi all:
I'm struggling to get this to work in PHP:
I'm just getting - check your syntax.PHP Code:$sql = "INSERT INTO data (date, yname, ymail, cpname, ctname, email, ctphone, msg_type, session, session_date, notes)";
$sql .="VALUES(NOW(),'$yname','$ymail','$cpname',','$ctname','$email','$ctphone','$type','$session','$date','$notes')";
$result=mysql_query($sql, $cid) or die(mysql_error());
What am I doing wrong?
I have altered the apostrophe - and now the message just reads the error.
Try this:
Also it's helpful if you post the error you got.PHP Code:INSERT INTO `data` (`date`, `yname`, `ymail`, `cpname`, `ctname`, `email`, `ctphone`, `msg_type`, `session`, `session_date`, `notes`) VALUES(NOW(),'$yname','$ymail','$cpname','$ctname','$email','$ctphone','$type','$session','$date','$notes')
Hi Mindzai - this is how it looks.
the form, on a separate page:
fairly straightforward.HTML Code:<form action="process1.php" method="post" name="data" id="data">
<table width="383" border="0" cellpadding="5" cellspacing="5">
<caption align="top">
<strong>About you</strong>
</caption>
<tr>
<td width="163">Your name</td>
<td width="185"><input name="yname"/></td>
</tr>
<tr>
<td>Your email</td>
<td><input name="ymail" /></td>
</tr>
<tr>
<td>Your phone</td>
<td><input name="yphone" /></td>
</tr>
</table>
<table border="0" cellspacing="5" cellpadding="5">
<caption align="top">
<strong>About the recipient</strong>
</caption>
<tr>
<td width="162">Company name</td>
<td><input name="cpname"/></td>
</tr>
<tr>
<td>Contact name</td>
<td><input name="ctname" length="25" /></td>
</tr>
<tr>
<td>Contact phone</td>
<td><input name="ctphone" /></td>
</tr>
<tr>
<td>Email</td>
<td><input name="email" /></td>
</tr>
</table>
<table border="0" cellspacing="5" cellpadding="5">
<caption align="top">
<strong>About the message</strong>
</caption>
<tr>
<td>Type of message</td>
<td><p>
<label>
<input type="radio" name="RadioGroup1" value="1" id="RadioGroup1_0" />
Few Appts</label>
<br />
<label>
<input type="radio" name="RadioGroup1" value="2" id="RadioGroup1_1" />
Company Recruitment</label>
<br />
</p></td>
</tr>
</table>
<table border="0" cellspacing="5" cellpadding="5">
<caption align="top">
<strong>About the session</strong>
</caption>
<tr>
<td>Session to promote</td>
<td><input name="session" /></td>
</tr>
<tr>
<td>Date of session</td>
<td><input name="date" id="date"><a href="javascript:NewCal('date','ddmmyyyy')"><img src="calendar/cal.gif" width="16" height="16" border="0" alt="Pick a date"></a></td>
</tr>
<tr>
<td><p>Any general notes <br />
<span class="style3"><em>not for message</em></span><em></em></p>
</td>
<td><textarea name="comments" cols="25" rows="5" id="comments"></textarea></td>
</tr>
<tr>
<td><input type="reset" value="reset" /></td>
<td><input type="submit" value="send!" /></td>
</tr>
</table>
</form>
The php looks like like this:
including your changes.PHP Code:<?php
//details sent from form
$yname=$_POST['yname'];
$ymail=$_POST['ymail'];
$yphone=$_POST['yphone'];
$cpname=$_POST['cpname'];
$ctname=$_POST['ctname'];
$ctphone=$_POST['ctphone'];
$email=$_POST['email'];
$type=$_POST['RadioGroup1'];
$session=$_POST['session'];
$date=$_POST['date'];
$notes=$_POST['notes'];
$to = $email;
$subject = "12 seconds";
//get file according to radio selection
$myFile = "header".$type.".txt";
$fh = fopen($myFile, 'r');
$theData = fread($fh, filesize($myFile));
fclose($fh);
error_reporting(E_ALL);
/*login to mysql*/
require_once 'mysql_login.php';
mysql_select_db("mktg",$cid);
/*create query*/
$sql = "INSERT INTO `data` (`date`, `yname`, `ymail`, `cpname`, `ctname`, `email`, `ctphone`, `msg_type`, `session`, `session_date`, `notes`) VALUES(NOW(),'$yname','$ymail','$cpname','$ctname','$email','$ctphone','$type','$session','$date','$notes')";
$result=mysql_query($sql, $cid) or die(mysql_error());
if (!mysql_query($sql, $cid)) {
echo 'Entered on database';
} else {
echo 'Please contact the help desk!';
}
?>
three issues come up:
first, my mistake - there are blank fields being added to the database. It does not include the info from the form, although the datetime column is being filled in by php
second, i'm struggling to get mysql to show what the error is
third, why does it enter two lines into mysql?
1 - have you checked the values are being correctly received by the processing script? What is the result of the folowing code placed at the top of process1.php
2. It isn't showing you an error because there is no error to show. If the data is getting inserted the query is working.PHP Code:echo '<pre>';
print_r($_POST);
echo '</pre>';
3. Because you are calling the mysql_query() function twice. Replace
withPHP Code:if (!mysql_query($sql, $cid)) {
PHP Code:if (!$result) {
A couple of general notes on your script.
When debugging SQL echo the queries to the page (or log or mail them to yourself). Comment out the bit where you run them and copy them into a CLI (command line interface) like putty.exe. You'll see what is going to get run before running it so can carefully look through it to see any potential dangerous errors. You get the error direct from the SQL server as well which might be less cryptic then the one from the PHP function.
Renaming POST variables for no reason serves no purpose. It just means you don't know where the values came from and may not realize later in a script that the variable contains user inputted values and forget to sanitize correctly. Your statement is currently wide open to SQL injection.
Any information that comes from any where but your scripts (POST, GET, opens URLs etc) needs to be sanitized and validated. Even radio button and checkboxes. Any and all or your vulnerable to attack.
Thanks all - will follow up with the completed code, but in the meantime, Mindzai, the mysl_query, very useful.
SyCo,ta 4 the reminder
