Error with simple PHP form with MySQL

Question

Sirs,

I'm getting an error from my PHP script, probably the query, but I can't figure out what's going on. I can connect the database, but I still get the error from de "echo ERROR" line.

Does anyone know what's wrong with my code? I appreciate any help! I spent a few hours to solve this issue, but couldn't get nothing.

HTML form

<form action="insert-info.php" method="post">
<input class="form1" type="text" value="TEXT ONE" name="textone" onfocus="if (this.value=='NTEXT ONE') this.value='';"/>
<input class="form1" type="text" value="TEXT TWO" name="texttwo" onfocus="if (this.value=='TEXT TWO') this.value='';"/>
<input class="form2" type="text" value="TEXT THREE" name="textthree" onfocus="if (this.value=='TEXT THREE') this.value='';"/>
</form>

Database connect and insert

<?php

$host="localhost"; // Host name 
$username="***"; // Mysql username 
$password="***"; // Mysql password 
$db_name="***"; // Database name 
$tbl_name="insertinfo"; // Table name 

// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// Get values from form 
$textone=$_POST['textone'];
$texttwo=$_POST['texttwo'];
$textthree=$_POST['textthree'];

// Insert data into mysql 
$sql="INSERT INTO $tbl_name('textone', 'texttwo', 'textthree') VALUES ('$textone', '$texttwo', '$textthree')";
$result=mysql_query($sql);

// if successfully insert data into database, displays message "Successful". 
if($result){
echo "Successful";
echo "<br />";
echo "<a href='insert.php'>Back to main page</a>";
}

else {
echo "ERROR";
}
?> 

<?php 
// close connection 
mysql_close();
?>

Database structure

#   Type                    Collation   Null            Pattern     Extra
1   id int(4)                           None            (none)      AUTO_INCREMENT
2   textone varchar(50)     utf8_bin    None            (none)  
3   texttwo varchar(50)     utf8_bin    None            (none)
4   textthree varchar(50)   utf8_bin    None            (none)  

Answer 1

Try Like this

There is no need to give column names within ' ' in INSERT query.

 $sql="INSERT INTO $tbl_name(textone,texttwo,textthree) VALUES ('$textone', '$texttwo', '$textthree')";
    $result=mysql_query($sql);

Answer 2

$sql=sprintf(
"INSERT INTO 
        $tbl_name(textone, texttwo, textthree) 
        VALUES ('%s','%s','%s')", 
mysql_real_escape_string($textone), 
mysql_real_escape_string($texttwo), 
mysql_real_escape_string($textthree)
);

Answer 3

Use mysql_error() to print the error message. It will tell you more about why the query failed. Note that this function is deprecated. I recommend to use mysqli or PDO database classes.

Answer 4

Looks like the issue is just the column names of your INSERT query. You don't need single quotes around those.

$sql="INSERT INTO $tbl_name(textone, texttwo, textthree) VALUES ('$textone', '$texttwo', '$textthree')";

That should work.

EDIT: echo_Me and Mayank's warnings and recommendations are necessary to consider for production code!

Answer 5

actually you are not selecting database and the connection variables. because you are using strings. you need to remove the quotes like that

  mysql_connect($host, $username, $password)or die("cannot connect"); 
  mysql_select_db($db_name)or die("cannot select DB");

there is some things you need to fix in your code .

• escape your POST variables.

• change to PDO or MYSQLI.

• follow the error by echoing system error.