user2036948
user2036948

Reputation: 25

PHP&MYSQL - Failed inserting data in database

II created a form for inserting a new company and also on this page it is the PHP script which insert the data into the database.

I don`t know where it is the mistake in this code.

<?php
if (isset($_POST['submit']))
{
    // Form has been submitted.
    $query = mysql_query("INSERT INTO companies (name, subdomain0, subdomain1, subdomain2, 
    position, country, city, district, contact, set_up_date, address, phone, area_phone_code, website, fax, email)
    VALUES ('{$_POST['name']}', '{$_POST['domain']}', '{$_POST['subdomain1']}',
    '{$_POST['subdomain2']}', '{$_POST['position']}', '{$_POST['country']}', '{$_POST['city']}',
    '{$_POST['district']}', '{$_POST['contact']}', '{$_POST['setdate']}', '{$_POST['address']}', '{$_POST['phone']}',
    '{$_POST['areacode']}, '{$_POST['website']}', '{$_POST['fax']}', '{$_POST['email']}')");

    $result = mysql_query($query, $connection);
    if (!$result) {
        echo  "The company was not created.";
    } else {
        echo  "The company was successfully created.";
    }
}
?>

Upvotes: 0

Views: 167

Answers (3)

Shushant
Shushant

Reputation: 1635

INSERT INTO companies  
SET name = $name, 
    subdomain0 = $domain, 
    subdomain1 = $doamin1

so on

Upvotes: 0

nTony
nTony

Reputation: 21

you have to be careful with sql injections. you can go through the link to know of other options to mysql_* functions, as it is deprecated.

also its always better to try to find out the error by using mysql_error function to print out the error. (check the link for alternatives as this too is getting deprecated)

Upvotes: 0

echo_Me
echo_Me

Reputation: 37243

rewrite your code and remove those {} from the variables like that

    VALUES ('$_POST['name']','$_POST['domain']', '$_POST['subdomain1']',...

1- be sure to escape them before you send them to database .

2-dont use mysql , use pdo or mysqli

to escape them do like that:

 $name = mysql_real_escape_string($_POST['name']) ;

and then pass it to ur query like that

    VALUES ('$name', .... <-- same with other columns

EDIT-

Try this

  if (isset($_POST['submit'])) { // Form has been submitted.

  $name = mysql_real_escape_string($_POST['name']) ;
  $subdomain0 = mysql_real_escape_string($_POST['subdomain0']) ;
  $subdomain1 = mysql_real_escape_string($_POST['subdomain1']) ;
  $subdomain2 = mysql_real_escape_string($_POST['subdomain2']) ;
  $position = mysql_real_escape_string($_POST['position']) ;
  $country = mysql_real_escape_string($_POST['country']) ;
  $city = mysql_real_escape_string($_POST['city']) ;
  $district = mysql_real_escape_string($_POST['district']) ;
  $contact = mysql_real_escape_string($_POST['contact']) ;
  $set_up_date = mysql_real_escape_string($_POST['setdate']) ;
  $address = mysql_real_escape_string($_POST['address']) ;
  $phone = mysql_real_escape_string($_POST['phone']) ;
  $areacode = mysql_real_escape_string($_POST['areacode']) ;
  $website = mysql_real_escape_string($_POST['website']) ;
  $fax = mysql_real_escape_string($_POST['fax']) ;
  $email = mysql_real_escape_string($_POST['email']) ;

 $query = mysql_query("INSERT INTO companies (name, subdomain0, subdomain1,  subdomain2, 
 position, country, city, district, contact, set_up_date, address, phone,   area_phone_code, website, fax, email)
  VALUES ('$_POST['name']', '$subdomain0', '$subdomain1',
  '$subdomain2', '$position', '$country',  '$city',
   '$district', '$contact', '$set_up_date',  '$address', '$phone',
   '$areacode, '$website', '$fax', '$email')");

      echo  "The company was successfully created.";
     else {
         echo  "The company was not created.";

    }
   }
  ?>

Upvotes: 2

Related Questions