PHP Mysql query, No Error, Wont Insert Row

Question

The form submits correctly and it sends me an email. No error is reported and the SQL it creates works fine, I tested it at phpMyAdmin. mysql_error() raises nothing, it just doesn't add a row. Can anyone see what's going on?

<?PHP 

$to = "me@gmail.com";
$subject = "New Lead"; 
$date = date ("l, F jS, Y"); 
$time = date ("h:i A");
$mysql = mysql_connect("db.perfora.net:3306","db","password");

if(!$mysql)
{
    die("Could Not Connect: ".mysql_error());
}

mysql_select_db("db",$mysql);



if ($_SERVER['REQUEST_METHOD'] == "POST") { 
    $name = $_POST['firstname']." ".$_POST['lastname'];
    $email = $_POST['email'];
    $phone = "(".$_POST['areacode'].") ".$_POST['firstthree']."-".$_POST['lastfour'];
    $area = $_POST['area'];
    $lookdate = $_POST['lmm']."/".$_POST['ldd']."/".$_POST['lyyyy'];
    $lookdatedb = date("{$_POST['lmm']}.{$_POST['ldd']}.{$_POST['lyyyy']}");
    $movedate = $_POST['mmm']."/".$_POST['mdd']."/".$_POST['myyyy'];
    $movedatedb = date("{$_POST['mmm']}.{$_POST['mdd']}.{$_POST['myyyy']}");
    $loft = $_POST['loft'] ? "loft" : "";
    $highrise = $_POST['highrise'] ? "highrise" : "";
    $traditional = $_POST['traditional'] ? "traditional" : "";
    $price = $_POST['price'];
    $comments = $_POST['comments'];

$sql = "INSERT INTO Leads 
            (Name, Email, Phone, Area, LookDate, MoveDate, Loft, HighRise, Traditional, Price, Comments) 
            VALUES 
            ('$name', '$email', '$phone', '$area', '$lookdatedb', '$movedatedb', '{$_POST['loft']}', '{$_POST['highrise']}', '{$_POST['traditional']}', '$price', '$comments')";

if (mysql_query($sql,$con))
{
  echo "Row added.";
}
else
{
  echo "Error adding row: " . mysql_error();
  echo("\n\n".$sql);
}


$msg = "
    New Lead Submitted On $date at $time.\n\n

    Name: $name\n
    Email: $email\n
    Phone: $phone\n
    Area: $area\n
    Look Date: $lookdate\n
    Move Date: $movedate\n
    Type: $loft $highrise $traditional \n
    Price: $price\n
    Comments: $comments\n


";  

}
mysql_close($mysql);
mail($to, $subject, $msg, "From:$email"); 
if ($forward == 1) { 
    header ("Location:$location"); 
} 
else { 
    echo "Thank you for submitting our form. We will get back to you as soon as possible."; 
} 

?>

Response:

Thank you for submitting our form. We will get back to you as soon as possible.

Generated SQL:

INSERT INTO Leads (Name, Email, Phone, Area, LookDate, MoveDate, Loft, HighRise, Traditional, Price, Comments) VALUES ('work work', 'work@work.com', '(214) 131-4131', 'dallas', '02.18.2010', '02.25.2010', '', '1', '1', '$333333333333333333', '33fdsdfsdfsd')

Database Structure:

http://imgur.com/iQHRk.jpg

Answer 1

take the post variable in another variable and then pass to the insert query i think it will be work like this

$sql = "INSERT INTO Leads (Name, Email, Phone, Area, LookDate, MoveDate, Loft, HighRise, Traditional, Price, Comments) VALUES ('$name', '$email', '$phone', '$area', '$lookdatedb', '$movedatedb', '$loft', '$highrise', '$traditional', '$price', '$comments')";

mysql_query($sql);

Answer 2

Let's see, your DB connection handle is obviously referenced by $mysql, but you've done this:

if (mysql_query($sql,$con))

Your DB handler is wrong.

Answer 3

mysql_query($sql,$con);

should return something why don't you take a look at that

i.e.

$result = mysql_query('SELECT * WHERE 1=1');
if (!$result) {
    die('Invalid query: ' . mysql_error());
}

It's a best practice to check for errors when you can.

Also to be noted, you are not escaping any of the user input so your code is vulnerable to SQL injections. please use mysql_real_escape_string.