Tell me more ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote -1 down vote favorite

Edit: I can see the form but it does not write to the database. Here's the code:

<html>
<head>Test PAge</head>
<body>
<form action="testform3.php" method="POST">
<h1 align="center">Client Registration</h1><br>
<br>
<table>
<tr><td>
CID: <input type = "text" name="cid">
</td></tr>
<tr><td>Client Name: <input type="text" name="cname"></td></tr>
<tr><td>Client Short Name: <input type="text" name="cshortname"></td></tr>
<tr><td>Representative/Coordinator: <input type="text" name="coordinator"></td></tr>
<tr><td>BusinessHead: <input type=text name="bizhead"></td></tr>
<tr><td>Mobile: <input type=text name="mob_no"></td></tr>
<tr><td>[Phone (1)]: <input type=text name="phone1"></td>
<td>[Phone (2)]: <input type=text name="phone2"></td>
<td>[Fax (1)]: <input type=text name="fax1"></td>
<td>[Fax (2)] : <input type=text name="fax2"></td>
</tr>
<tr><td>Area : <input type=text name="area"></td>
<td>City : <input type=text name="city"></td>
<td>[Postal Code] : <input type=text name="postalcode"></td>
<td>[Zip Code] : <input type=text name="zipcode"></td></tr>
<tr><td>State : <input type=text name="state"></td>
<td>Country : <input type=text name="country"></td></tr>

<tr><td>
Remarks : <input type=text name="remarks">
</td></tr>
<tr><td><input type="submit" name="savetoDB" value="registerclient"></td></tr>
</table>
</form>
</body>
</html> 

<?php
if (isset($_POST['savetoDB']))
{

$host="localhost:3306"; // Host name with mysql port no
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="mediaplus_test"; // Database name
$tbl_name="clientele"; // Table name

// Connect to server and select databse.


$con = mysql_connect("$host", "$username", "$password");
if ( ! $con )
{
die("Cannot connect to database....!" . mysql_error());
}
echo "connected";


 //Selecting the database to insert form data to


mysql_select_db("$db_name",$con) or die("cannot select DB...!"  . mysql_error());
echo "connected to database";

//SQL Querty to write to database. using a variable to store sql insert query

extract($_POST); 

$sql = "INSERT INTO    (ID, ClientFullName, ClientShortName, Representative, 
BusinessHead, Mobile, Phone (1), Phone (2), Fax(1), Fax (2), Area, City, State, 
Country, Postal Code, Zip Code, Remarks) " .
 "VALUES  

('$cid', '$cname', '$cshortname', '$coordinator', '$bizhead', '$mob_no', '$phone1',   
 '$phone2', '$fax1', '$fax2', '$area', '$city', '$state', '$country', '$postalcode', 
'$zipcode', '$remarks')";


    //'coordinator']."','".$_POST['bizhead']."','".$_POST['mob_no']."','".$_POST['phone1']."','//".$_POST['phone2']."','".$_POST['fax1']."','".$_POST['fax2']."','".$_POST['area']."','".$//_POST['city']."','".$_POST['postalcode']."','".$_POST['zipcode']."','".$_POST['state']."'//,'".$_POST['country']."','".$_POST['remarks']."')";

mysql_query($sql,$con);
mysql_close($con);
}
//Echo "Data inserted into clientele";
?>

question ends here..!

I am trying to insert data from form input to mysql database using php. I get the following error in the browser:

Parse error: syntax error, unexpected '' (T_ENCAPSED_AND_WHITESPACE), expecting identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING) in J:\xampp\htdocs\testform.php on line 70

This is my query:

sql = "INSERT INTO clientele(ID,ClientFullName,ClientShortName,Representative,BusinessHead,Mobile,Phone (1),Phone (2),Fax(1),Fax (2),Area,City,State,Country,Postal Code,Zip Code,Remarks)" .
"VALUES ('$_POST'[cid]',
'$_POST['cname']', '$_POST['cshortname']',
'$_POST['coordinator']',
'$_POST['bizhead']',
'$_POST['mob_no']',
'$_POST['phone1']',
'$_POST['phone2']',
'$_POST['fax1']',
'$_POST['fax2']',
'$_POST['area']',
'$_POST['city']',
'$_POST['postalcode']',
'$_POST['zipcode']',
'$_POST['state']',
'$_POST['country']',
'$_POST['remarks']',)";

What could be the problem here? Thanks.

share|improve this question
1  
this would be the problem: Phone (1),Phone (2),Fax(1),Fax (2) put it into backticks –  steven Aug 26 at 15:27
2  
You really need to get a proper editor which highlights parse errors. –  N.B. Aug 26 at 15:28
 
this is another problem: '$_POST'[cid]' - it should be '$_POST[cid]' and you should really escape your $_POST-Data –  steven Aug 26 at 15:30
3  
Your code is vulnerable to SQL Injection, see this question for more info: stackoverflow.com/questions/60174/… –  Mansfield Aug 26 at 15:32
 
Time to start over again on String concatenation, its not only one problem: they are multiple –  Hanky 웃 Panky Aug 26 at 15:34
show 4 more comments

4 Answers

up vote 0 down vote accepted

To avoid complicating Query,use extract(), so @steven's answer will be simple like this :

extract($_POST); 

$sql = "INSERT INTO clientele(`ID`,`ClientFullName`, `ClientShortName`) VALUES ('$cid','$cname','$cshortname')";

OR:

$sql = "INSERT INTO clientele(`ID`,`ClientFullName`, `ClientShortName`) VALUES ('".$cid."','".$cname ."','".$cshortname."')";

But you have to care about the SQL Injection issue!!! Dont't put it online like this!

share|improve this answer
 
This is a test project. I will consider your suggestions about string concatenation, sql injection.. –  SQL_Newbie Aug 26 at 16:01
 
I am wondering if you checked the code i pasted just now? –  SQL_Newbie Aug 26 at 16:50
 
yes i read it , is there any error after submit ? –  FaceOfJock Aug 26 at 17:09
 
No errors....it just does not write to the dB... –  SQL_Newbie Aug 26 at 18:12
 
Try this query : $sql = "INSERT INTO ('ID', 'ClientFullName','ClientShortName', 'Representative', 'BusinessHead', 'Mobile', 'Phone (1)', 'Phone (2)', 'Fax(1)', 'Fax (2)', 'Area', 'City', 'State', 'Country', 'Postal Code', 'Zip Code', 'Remarks')VALUES ('$cid', '$cname', '$cshortname', '$coordinator', '$bizhead', '$mob_no', '$phone1', '$phone2', '$fax1', '$fax2', '$area', '$city', '$state', '$country', '$postalcode', '$zipcode', '$remarks')"; –  FaceOfJock Aug 26 at 18:16
show 1 more comment
up vote 1 down vote

i dont like to rewrite your hole query.

Here is an example how it may be done without syntax error:

$sql = "INSERT INTO clientele(`ID`,`ClientFullName`, `ClientShortName`) " .
"VALUES ('".$_POST['cid']."','".$_POST['cname']."','".$_POST['cshortname']."')";

But you have to care about the SQL Injection issue!!! Dont't put it online like this!

share|improve this answer
up vote 0 down vote 
'$_POST'[cid]'

Don't know about you but that doesn't look like it isn't going to run very well to me.

Ammend too:

'$_POST['cid']'
share|improve this answer
2  
Won't work much better. The variable should be in braces, like "... '{$_POST['cid']}' ...", or the quotes around the key will cause issues. Alternatively, you could just say "... '$_POST[cid]' ...", but that'll give you notices about undefined constants. –  cHao Aug 26 at 15:42
 
Hello everyone...I have changed the code as suggested and can see the form but it does not seem to write to database. How can I paste my code in the comment, it has limited character length? –  SQL_Newbie Aug 26 at 16:02
up vote 0 down vote

try inputting values like

'{$_POST['cid']}'
share|improve this answer

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.