Reputation: 25
II created a form for inserting a new company and also on this page it is the PHP script which insert the data into the database.
I don`t know where it is the mistake in this code.
<?php
if (isset($_POST['submit']))
{
// Form has been submitted.
$query = mysql_query("INSERT INTO companies (name, subdomain0, subdomain1, subdomain2,
position, country, city, district, contact, set_up_date, address, phone, area_phone_code, website, fax, email)
VALUES ('{$_POST['name']}', '{$_POST['domain']}', '{$_POST['subdomain1']}',
'{$_POST['subdomain2']}', '{$_POST['position']}', '{$_POST['country']}', '{$_POST['city']}',
'{$_POST['district']}', '{$_POST['contact']}', '{$_POST['setdate']}', '{$_POST['address']}', '{$_POST['phone']}',
'{$_POST['areacode']}, '{$_POST['website']}', '{$_POST['fax']}', '{$_POST['email']}')");
$result = mysql_query($query, $connection);
if (!$result) {
echo "The company was not created.";
} else {
echo "The company was successfully created.";
}
}
?>
Upvotes: 0
Views: 167
Reputation: 1635
INSERT INTO companies
SET name = $name,
subdomain0 = $domain,
subdomain1 = $doamin1
so on
Upvotes: 0
Reputation: 21
you have to be careful with sql injections. you can go through the link to know of other options to mysql_* functions, as it is deprecated.
also its always better to try to find out the error by using mysql_error function to print out the error. (check the link for alternatives as this too is getting deprecated)
Upvotes: 0
Reputation: 37243
rewrite your code and remove those {}
from the variables like that
VALUES ('$_POST['name']','$_POST['domain']', '$_POST['subdomain1']',...
1- be sure to escape them before you send them to database .
2-dont use mysql , use pdo or mysqli
to escape them do like that:
$name = mysql_real_escape_string($_POST['name']) ;
and then pass it to ur query like that
VALUES ('$name', .... <-- same with other columns
EDIT-
Try this
if (isset($_POST['submit'])) { // Form has been submitted.
$name = mysql_real_escape_string($_POST['name']) ;
$subdomain0 = mysql_real_escape_string($_POST['subdomain0']) ;
$subdomain1 = mysql_real_escape_string($_POST['subdomain1']) ;
$subdomain2 = mysql_real_escape_string($_POST['subdomain2']) ;
$position = mysql_real_escape_string($_POST['position']) ;
$country = mysql_real_escape_string($_POST['country']) ;
$city = mysql_real_escape_string($_POST['city']) ;
$district = mysql_real_escape_string($_POST['district']) ;
$contact = mysql_real_escape_string($_POST['contact']) ;
$set_up_date = mysql_real_escape_string($_POST['setdate']) ;
$address = mysql_real_escape_string($_POST['address']) ;
$phone = mysql_real_escape_string($_POST['phone']) ;
$areacode = mysql_real_escape_string($_POST['areacode']) ;
$website = mysql_real_escape_string($_POST['website']) ;
$fax = mysql_real_escape_string($_POST['fax']) ;
$email = mysql_real_escape_string($_POST['email']) ;
$query = mysql_query("INSERT INTO companies (name, subdomain0, subdomain1, subdomain2,
position, country, city, district, contact, set_up_date, address, phone, area_phone_code, website, fax, email)
VALUES ('$_POST['name']', '$subdomain0', '$subdomain1',
'$subdomain2', '$position', '$country', '$city',
'$district', '$contact', '$set_up_date', '$address', '$phone',
'$areacode, '$website', '$fax', '$email')");
echo "The company was successfully created.";
else {
echo "The company was not created.";
}
}
?>
Upvotes: 2