How come PHP is not insertting my data into MySQL?

[diabolo]

register.php

<?php include ('config.php'); ?>
<html>
<head>
  <title>Menu Maniac</title>
  <LINK REL=StyleSheet HREF="style.css" TYPE="text/css" MEDIA=screen>
</head>
<body>
<div id="width">
<?php
if (isset($_POST['Submit'])) {
  $fName = check_input($_POST['fName']);
  $lName = check_input($_POST['lName']);
  $address = check_input($_POST['address']);
  $city = check_input($_POST['city']);
  $state = check_input($_POST['state']);
  $zipcode = check_input($_POST['zipcode']);
  $phone = check_input($_POST['phone']);
  $email = check_input($_POST['email']);
  $cardNum = check_input($_POST['cardNum']);
  $securityCode = check_input($_POST['securityCode']);
  $expMonth = check_input($_POST['expMonth']);
  $expYear = check_input($_POST['expYear']);
  
  $sql = "INSERT INTO members (id, password, ipaddress, fName, lName, address, city, zipcode, phone, email, cardNum, securityCode, expMonth, expYear, organizations) VALUES (NULL, NULL, NULL, $fName,$lName,$address,$city,$zipcode,$phone,$email,$cardNum,$securtiyCode,$expMonth,$expYear, NULL)";
  $query = mysql_query($sql);
  if($query) { echo "Information has been registered.";
  }
  echo check_input($_POST['fName']);
  echo $fName;
  
  unset($_POST['Submit']);
  
} else {?>
<form action="" method="post">
  <table width="500" cellpadding="4" cellspacing="0" border="0">
    <tr>
      <td align="right" valign="top"><span class="style3">First Name*:</span></td>
      <td valign="top"><input type="text" name="fName" size="30" /></td>
    </tr>
    <tr>
      <td align="right" valign="top"><span class="style3">Last Name*:</span></td>
      <td valign="top"><input type="text" name="lName" size="30" /></td>
    </tr>
    <tr>
      <td align="right" valign="top"><span class="style3">Address:</span></td>
      <td valign="top"><input type="text" name="address" size="50" /><br /></td>
    </tr>
    <tr>

      <td align="right" valign="top"><span class="style3">City:</span></td>
      <td valign="top"><input type="text" name="City" size="30" value="" id="City" /></td>
    </tr>
    <tr>
          <td align="right" valign="top"><span class="style3">State:</span></td>
          <td valign="top"><input type="text" name="state" size="10" value="" id="State" /></td>
        </tr>
        <tr>

          <td align="right" valign="top"><span class="style3">Zipcode:</span></td>
          <td valign="top"><input type="text" name="zipcode" size="10" value="" id="Zipcode" /></td>
        </tr>
        <tr>
          <td align="right" valign="top"><span class="style3">Phone*:</span></td>
          <td valign="top"><input type="text" name="phone" size="15" value="" id="Phone" /></td>
        </tr>
        <tr>

          <td align="right" valign="top"><span class="style3">E-mail*:</span></td>
          <td valign="top"><input type="text" name="email" size="50" value="" id="Email Address" /><br />
            <span class="style3"><i>Please provide your e-mail address so we may better serve you.</i></span><br />
          </td>
        </tr>
      </table>
      <br />
      <br />
      <div style="padding:4px; background:#270000;">
        <span class="boldTitle"><font color="white">Credit Card Information</font></span></div>

      <table width="537" border="0">
        <tr>
          <td width="128">

            <div align="right">
              <span class="style3">Amount $</span></div>
          </td>
          <td width="379"><input type="text" name="xamount2" size="15" /></td>
          <td> </td>
        </tr>
        <tr>
          <td>

            <div align="right">
              <span class="style3">Debit/Credit Card #:</span></div>
          </td>
          <td><span class="style3"><input type="text" size="25" name="Debit Credit Card" id="Debit Credit Card" /> </span></td>
          <td> </td>
        </tr>
        <tr>

          <td>
            <div align="right">
              <span class="style3">Security Code:</span></div>
          </td>
          <td><span class="style3"><input type="text" name="Security Code" size="6" id="Security Code" /></span></td>
        </tr>

        <tr>
          <td>
            <div align="right">
              <span class="style3">Expiration Month:</span></div>
          </td>
          <td><span class="style3"><select name="Expiration Month" id="Expiration Month">
                <option></option>
                <option>01</option>

                <option>02</option>
                <option>03</option>
                <option>04</option>
                <option>05</option>
                <option>06</option>
                <option>07</option>

                <option>08</option>
                <option>09</option>
                <option>10</option>
                <option>11</option>
                <option>12</option>
              </select> </span></td>

          <td> </td>
        </tr>
        <tr>
          <td>
            <div align="right">
              <span class="style3">Expiration Year:</span></div>
          </td>
          <td><span class="style3"><select name="Expiration Year" id="Expiration Year">

                <option selected="selected"></option>
                <option>2007</option>
                <option>2008</option>
                <option>2009</option>
                <option>2010</option>
                <option>2011</option>

                <option>2012</option>
                <option>2013</option>
                <option>2014</option>
                <option>2015</option>
                <option>2016</option>
                <option>2017</option>

                <option>2018</option>
                <option>2019</option>
                <option>2020</option>
              </select> </span></td>
          <td> </td>
        </tr>

        <tr>
          <td><span class="style3"><img src="../images/creditCards.gif" alt="Credit Cards" width="139" height="30" border="0" /></span></td>
          <td> </td>
          <td> </td>
        </tr>
      </table>
      <br />
      <div align="center">
        <input type="reset" value="Reset" />     <input type="submit" name="Submit" value="Submit"></div>

    </form>
<?}?>


</div>
</body>
</html>

config.php (censored)

<?php 
$DBhost = "";
$DBuser = "";
$DBpassword = "";

$con = mysql_connect($DBhost,$DBuser,$DBpassword);
if (!$con) {
  die('Could not connect: ' . mysql_error());
}
mysql_select_db("", $con);

function check_input($value) {
  if (get_magic_quotes_gpc()) {
    $value = stripslashes($value);
  }
  if (!is_numeric($value)) {
    $value = "'" . mysql_real_escape_string($value) . "'";
  }
return $value;
}
?>

echo check_input($_POST['fName']);
  echo $fName;

gives me what I want, but when it goes to
insert it into the database, it fails.

$query = mysql_query($sql);
  if($query) { echo "Information has been registered.";
  }

 

[galaxyAbstractor]

Try to add:

mysql_select_db("", $con) or die("could not select db");

and:

$query = mysql_query($sql) or die("error:". mysql_error());

 

[diabolo]

that was a smart idea. get php to tell me whats going wrong xP

error:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''','', NULL)' at line 1

I think i am using MySQL 5?
yes, I am using 5.0

 

[galaxyAbstractor]

that was a smart idea. get php to tell me whats going wrong xP

error:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''','', NULL)' at line 1

I think i am using MySQL 5?
yes, I am using 5.0

try to replace all NULL's with 2 single quotes like ''

 

[diabolo]

$sql = "INSERT INTO members (id, password, ipaddress, fName, lName, address, city, zipcode, phone, email, cardNum, securityCode, expMonth, expYear, organizations) VALUES ('NULL', 'NULL', 'NULL', $fName,$lName,$address,$city,$zipcode,$phone,$email,$cardNum,$securtiyCode,$expMonth,$expYear, 'NULL')";

I still get the error code.

error:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''','', 'NULL')' at line 1

 

[TechAsh]

I think Vigge meant something like this:

$sql = "INSERT INTO members (id, password, ipaddress, fName, lName, address, city, zipcode, phone, email, cardNum, securityCode, expMonth, expYear, organizations) VALUES ('', '', '', $fName,$lName,$address,$city,$zipcode,$phone,$email,$cardNum,$securtiyCode,$expMonth,$expYear, '')";

 

[diabolo]

o keyword, replace.
but still no avail.

$sql = "INSERT INTO members (id, password, ipaddress, fName, lName, address, city, zipcode, phone, email, cardNum, securityCode, expMonth, expYear, organizations) VALUES ('', '', '', $fName,$lName,$address,$city,$zipcode,$phone,$email,$cardNum,$securtiyCode,$expMonth,$expYear, '')";

error:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''','', '')' at line 1

 

[z_killemall]

Try putting the PHP variables between single quotes:

$sql = "INSERT INTO members (id, password, ipaddress, fName, lName, address, city, zipcode, phone, email, cardNum, securityCode, expMonth, expYear, organizations) VALUES ('', '', '', '$fName','$lName','$address','$city','$zipcode','$phone','$email','$cardNum','$securtiyCode','$expMonth','$expYear', '')";

 

[descalzo]

To debug, put an echo "\$sql = ->$sql <--" statement so you can see what mySQL sees as your query.

And as mentioned, when you insert strings into mySQL, they must be 'quoted'.

 

[diabolo]

the check_input function already puts in the single quotes if the string is not numeric.

please read the whole thing before commenting.

 

[descalzo]

the check_input function already puts in the single quotes if the string is not numeric.

please read the whole thing before commenting.

Fair point.

Did you put in the debug code so you can see what $sql really looks like?

 

[galaxyAbstractor]

 if (!is_numeric($value)) {
    $value = "'" . mysql_real_escape_string($value) . "'";
  }

I don't think you need to do that when it's a variable? Because I never needed to

 

[diabolo]

Fair point.

Did you put in the debug code so you can see what $sql really looks like?

yes I did and I came up with this:

$sql = ->INSERT INTO members (fName, lName, address, city, zipcode, phone, email, cardNum, securityCode, expMonth, expYear) VALUES ('dfgh', 'asdf', 'sdf', '', 'df', 'sdfsdf', 'sd', '', , '', '') <--

I think I might know where the problem is, but rite now im looking at another script..i'll write back soon

 

[descalzo]

Using the debug message and expanding to sort of line up column name and value,

$sql = ->INSERT INTO members (
fName,  lName,  address,  city,  zipcode,  phone, email,  cardNum,  securityCode, expMonth,expYear
) 
VALUES (
'dfgh',  'asdf',    'sdf',       '',      'df',     'sdfsdf', 'sd'    ,       '' ,                ,         '',                          ''   )

Shows that securityCode value is blank (not even quotes).

Checking your the code that creates the string,

$securtiyCode

misspelled.

If you notice, the city field is blank. Assuming you filled all the input fields in your test, something is wrong there, too.

$city = check_input($_POST['city']);

but the html has

input type="text" name="City" size="30" value="" id="City"

mismatch.

Perhaps similar problems with other blank fields.

 

[xav0989]

Didn't see the second page...

Guess I'm tired!