I am trying to POST select values from my HTML form into my Database with phpmysqli.
Somehow the value "-" results as an empty string. The other values are perfectly fine.
So echo $title with value "-" = "" ; with value "Dr." = "Dr."
My HTML:
<select
name="title"
class="form-control"
style="width: 50%;"
required
>
<option value="" disabled selected>Titula</option>
<option value="-">-</option>
<option value="Dr.">Dr.</option>
<option value="Prof. Dr.">Prof. Dr.</option>
</select>
My PHP:
<?php
$username = $_POST['username'];
$password = PASSWORD_HASH($_POST["password"], PASSWORD_DEFAULT);
$title = $_POST['title'];
$mail = $_POST['mail'];
$phone = $_POST['phone'];
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$birth = $_POST['birth'];
$street = $_POST['street'];
$city = $_POST['city'];
$country = $_POST['country'];
$zip = $_POST['zip'];
$father = $_POST['father'];
$mother = $_POST['mother'];
if (!empty($username) || !empty($password) || !empty($birth) || !empty($title) || !empty($mail) || !empty($phone) || !empty($fname) || !empty($lname) || !empty($street) || !empty($city) || !empty($country) || !empty($zip) || !empty($father) || !empty($mother)) {
$host = "localhost";
$dbUsername = "";
$dbPassword = "";
$dbname = "";
//create connection
$conn = new mysqli($host, $dbUsername, $dbPassword, $dbname);
mysqli_set_charset($conn,'utf8mb4');
if (mysqli_connect_error()) {
die('Connect Error('. mysqli_connect_errno().')'. mysqli_connect_error());
} else {
$SELECT = "SELECT mail From users Where mail = ? Limit 1";
$INSERT = "INSERT Into users (username, password, birth, title, mail, phone, fname, lname, street, city, country, zip, father, mother) values(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
//Prepare statement
$stmt = $conn->prepare($SELECT);
$stmt->bind_param("s", $mail);
$stmt->execute();
$stmt->bind_result($mail);
$stmt->store_result();
$rnum = $stmt->num_rows;
if ($rnum==0) {
$stmt->close();
$stmt = $conn->prepare($INSERT);
$stmt->bind_param("ssssssssssssss", $username, $password, $birth, $title, $mail, $phone, $fname, $lname, $street, $city, $country, $zip, $father, $mother);
$stmt->execute();
echo "New record inserted sucessfully";
echo $title; //empty string
//header('Location: login.html');
} else {
echo "Someone already register using this email";
}
$stmt->close();
$conn->close();
}
} else {
echo "All field are required";
die();
}
?>
Related
I want to insert in the security the same id from users:
<?php
if (isset($_POST['reg_user'])) {
require 'db.php';
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password_1'];
$passwordRepeat = $_POST['password_2'];
$firstName = $_POST['firstname'];
$lastName = $_POST['lastname'];
$country = $_POST['country'];
$city = $_POST['city'];
$address = $_POST['address'];
$zipCode = $_POST['zipCode'];
if (empty($username) || empty($email) || empty($password) || empty($passwordRepeat) || empty($firstName) || empty($lastName) || empty($country) || empty($city) || empty($address) || empty($zipCode)) {
header("Location: ../sign_up.php?error=emptyfields&uid=" . $username . "&mail=" . $email);
exit();
} elseif (strlen($username) < 3) {
header("Location: ../sign_up.php?error=short_username=" . $username . "");
exit();
} elseif (strlen($username) > 17) {
header("Location: ../sign_up.php?error=long_username=" . $username . "");
exit();
} elseif (!filter_var($email, FILTER_VALIDATE_EMAIL) && !preg_match("/^[a-zA-Z0-9]*$/", $username)) {
header("Location: ../sign_up.php?error=invalidmailuid");
exit();
} elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
header("Location: ../sign_up.php?error=invalidmail&uid=" . $username);
exit();
} elseif (!preg_match("/^[a-zA-Z0-9]*$/", $username)) {
header("Location: ../sign_up.php?error=invaliduid&mail=" . $email);
exit();
} elseif ($password !== $passwordRepeat) {
header("Location: ../sign_up.php?error=passwordcheck&uid=" . $username . "&mail=" . $email);
exit();
} else {
$sql = "SELECT username FROM users WHERE username=?";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../sign_up.php?error=sqlerror");
exit();
} else {
mysqli_stmt_bind_param($stmt, "s", $username);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
$resultCheck = mysqli_stmt_num_rows($stmt);
if ($resultCheck > 0) {
header("Location: ../sign_up.php?error=usertaken&mail=" . $email);
exit();
} else {
$sql = "INSERT INTO users (username, email, password) VALUES (?, ?, ?)";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
header("Location: ../sign_up.php?error=sqlerror");
exit();
} else {
$hashedPwd = password_hash($password, PASSWORD_DEFAULT);
mysqli_stmt_bind_param($stmt, "sss", $username, $email, $hashedPwd);
mysqli_stmt_execute($stmt);
$sql = "INSERT INTO security (username, firstName, lastName, country, city, address, zipcode) VALUES (?, ?, ?, ?, ?, ?, ?)";
$stmt = mysqli_stmt_init($conn);
mysqli_stmt_prepare($stmt, $sql);
mysqli_stmt_bind_param($stmt, "sssssss", $username, $firstName, $lastName, $country, $city, $address, $zipCode);
mysqli_stmt_execute($stmt);
header("Location: ../sign_up.php?signup=succes");
exit();
}
}
}
}
mysqli_stmt_close($stmt);
mysqli_close($conn);
} else {
header("Location: ../sign_up.php");
exit();
}
Replace username from security with id from "users" table, but I don't know the id from this user because it executes at the same time, any solutions?
P.S: ID, auto increment primary key
I want to know that security data is from that user (id).
You can get the last inserted id in mysqli using
$conn->insert_id;
Right after executing the insertion of the item. ($conn being the instance of the msqli class)
I am assuming by "Boolean" that it is coming out as "false"...
Can anyone explain what could be wrong here?
My code may be flawed altogether, but I would like some constructive criticism.
<?php
if ($_SERVER['REQUEST_METHOD'] = "POST") {
include("mytableconn.php");
$firstName = mysqli_real_escape_string($conn, trim($_POST['firstn']));
$lastName = mysqli_real_escape_string($conn, trim($_POST['lastn']));
$email = mysqli_real_escape_string($conn, trim($_POST['uemail']));
$password = mysqli_real_escape_string($conn, trim($_POST ['userpasscode']));
$cryption = "$2y$10$";
$chars = "thisisseriouslyfucked1";
$crypchar = $cryption . $chars;
$crypass = crypt($password, $crypchar);
$user = $conn->prepare("
INSERT INTO mytable(first_name, last_name, e_mail, pass_word)
VALUES(?, ?, ?, ?)
");
$user = $user->bind_param("ssss", $firstName, $lastName, $email, $crypass);
$user->execute();
$user->close();
$conn->close();
}else {
echo("Sorry, an unexpected error occurred");
}
?>
When you prepare the sql you assign it as a variable - you should then test that variable before proceeding to check that the sql is valid.
mysqli_prepare() returns a statement object or FALSE if an error
occurred
<?php
if ( $_SERVER['REQUEST_METHOD'] = "POST" ) {
include("mytableconn.php");
$firstName = mysqli_real_escape_string($conn, trim($_POST['firstn']));
$lastName = mysqli_real_escape_string($conn, trim($_POST['lastn']));
$email = mysqli_real_escape_string($conn, trim($_POST['uemail']));
$password = mysqli_real_escape_string($conn, trim($_POST['userpasscode']));
$cryption = "$2y$10$";
$chars = "thisisseriouslyfucked1";
$crypchar = $cryption . $chars;
$crypass = crypt( $password, $crypchar );
$stmt = $conn->prepare("insert into `mytable` ( `first_name`, `last_name`, `e_mail`, `pass_word` ) values (?, ?, ?, ?)");
if( $stmt ){
$stmt->bind_param("ssss", $firstName, $lastName, $email, $crypass);
$stmt->execute();
$stmt->close();
}
$conn->close();
}else {
echo("Sorry, an unexpected error occurred");
}
?>
The script is already working fine but I want to insert a command that allows only if the username is not yet used.
if (isset($_POST['submit'])) {
$firstname = htmlentities($_POST['firstname'], ENT_QUOTES);
$lastname = htmlentities($_POST['lastname'], ENT_QUOTES);
$position = htmlentities($_POST['position'], ENT_QUOTES);
$username = htmlentities($_POST['username'], ENT_QUOTES);
$password = htmlentities($_POST['password_two'], ENT_QUOTES);
$uniqid = uniqid('', true);
if ( $firstname == '' || $lastname == '' || $position == '' || $username == '' || $password == '') {
$error = 'ERROR: Please fill in all required fields!';
renderForm($error, $firstname, $lastname, $position, $username, $password);
} else {
if ($stmt = $connection->prepare("INSERT INTO employee (uniqid, firstname, lastname, position, username, password) VALUES (?, ?, ?, ?, ?, ?)")) {
$stmt->bind_param("ssssss", $uniqid, $firstname, $lastname, $position, $username, $password);
$stmt->execute();
$stmt->close();
} else {
echo "ERROR: Could not prepare SQL statement.";
}
header("Location: regemployee.php");
}
} else {
renderForm();
}
Make username unique on the DB, then when you try to insert the same username in to the DB again, the insert will through an error.
Alternatively you could do a SELECT * FROM employee WHERE username = ? and check if results is > 0.
Then you would know it exists already.
Do another SELECT query which checks if the submitted username already exist:
$stmt = $connection->prepare("SELECT * FROM employee WHERE username = ?");
$stmt->bind_param("s", $username);
$stmt->execute();
Then get the number of results:
$stmt->store_result();
$noofres = $stmt->num_rows;
$stmt->close();
Then, create a condition that if it yet doesn't exist, it will do the insert query:
if($noofres == 0){
/* INSERT QUERY HERE */
} else {
echo 'Username already taken.';
}
I am trying to avoid duplicate entries of automatically generated random numbers in an SQLite3 DB through PHP. For that i have prepared Statements in a do while loop. The random numbers are generated and then a query checks if the number already exists. If Yes, generate again, if no, carry on.
Atleast, this is what i am trying to achieve...
But for some reason unknown to me, the PHP log keeps showing me that the maximum execution Time of 30 secs has been exeeded at the query line. Firstly, i tried doing the whole thing without prepared statements and it didn't work. I thought that was because i had php variables in the query. So i switched to Prepared Statements without success.
I checked all the POST Variables via Firebug and everything seems to be fine there. It is the Prepared Statement which is giving me diarrhea!!
Can you guys please help me ?
The PHP Code:
<?php
$adate = $_POST['adate'];
$ddate = $_POST['ddate'];
$ad = $_POST['ad'];
$dd = $_POST['dd'];
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$email = $_POST['email'];
$address = $_POST['address'];
$postal = $_POST['postal'];
$city = $_POST['city'];
$country = $_POST['country'];
$tel = $_POST['tel'];
$message = $_POST['message'];
$price = $_POST['price'];
$bkfst = $_POST['bkfst'];
$rnum = $_POST['rnum'];
$rtype = $_POST['rtype'];
$robotest = $_POST['blnk'];
$bid = 0;
$cid = 0;
$adate = $adate . " 20:00:00";
$ddate = $ddate . " 13:00:00";
if ($robotest)
$error = "You are a gutless robot.";
else {
function bid()
{
$bid = mt_rand(111111, 999999);
if (($bid % 10) == 0) {
$bid = $bid + 123;
}
}
function cid()
{
$cid = mt_rand(11111, 99999);
if (($cid % 10) == 0) {
$cid = $cid + 123;
}
}
include 'connect.php';
do {
cid();
--> $sth = $db->prepare("SELECT COUNT (CustomerID) from Customer WHERE CustomerID = ?");
$sth->execute(array($cid));
} while ($sth->fetchColumn() > 0);
$sth = $db->prepare("INSERT INTO Customer (CustomerID, FirstName, LastName, Address, PostalCode, City, Country, EMail, Phone) VALUES ('$cid', '$fname', '$lname', '$address', '$postal', '$city', '$country', '$email', '$tel')");
$sth->execute();
do {
bid();
--> $sth = $db->prepare("SELECT COUNT (BookingID) from Booking WHERE BookingID = ?");
$sth->execute(array($bid));
} while ($sth->fetchColumn() > 0);
$sth = $db->prepare("INSERT INTO Booking (BookingID, Arrival, Checkout, RoomNumber, CustomerID, Breakfast, Comment, Paid) VALUES ('$bid', '$adate', '$ddate', '$rnum', '$cid', '$bkfst', '$message', 'N')");
$sth->execute();
$subject = "Your Booking";
$message = "Hi $fname,\n\nA $rtype from $ad to $dd has been booked for you.\n\nYour Booking Code is $bid.\n\nRegards.";
mail($email, $subject, $message);
echo 'The Booking completed successfully! Check your E-Mail for further Information.';
}
?>
Lines beginning with --> in the code are the problematic lines.
And Yes, I am a Newbie who is learning by doing and also learning by annoying people in the Stack Overflow Forums :)
Thanks.
EDIT:
This is how my Code looks now. All the errors are gone but php is not inserting anything to the DB. The Email is sent correctly with the generated number.
<?php
$adate = $_POST['adate'];
$ddate = $_POST['ddate'];
$ad = $_POST['ad'];
$dd = $_POST['dd'];
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$email = $_POST['email'];
$address = $_POST['address'];
$postal = $_POST['postal'];
$city = $_POST['city'];
$country = $_POST['country'];
$tel = $_POST['tel'];
$message = $_POST['message'];
$price = $_POST['price'];
$bkfst = $_POST['bkfst'];
$rnum = $_POST['rnum'];
$rtype = $_POST['rtype'];
$robotest = $_POST['blnk'];
$adate = $adate . " 20:00:00";
$ddate = $ddate . " 13:00:00";
$cid;
$bid;
if ($robotest)
$error = "You are a gutless robot.";
else {
function bid()
{
global $bid;
$bid = mt_rand(111111, 999999);
if (($bid % 10) == 0) {
$bid = $bid + 123;
}
}
function cid()
{
global $cid;
$cid = mt_rand(11111, 99999);
if (($cid % 10) == 0) {
$cid = $cid + 123;
}
}
include 'connect.php';
do {
global $cid;
cid();
$sth = $db->prepare('SELECT COUNT (CustomerID) from Customer WHERE CustomerID = ?');
$sth->execute(array($cid));
} while ($sth->fetchColumn() > 0);
global $cid;
$sth = $db->prepare('INSERT INTO Customer (CustomerID, FirstName, LastName, Address, PostalCode, City, Country, EMail, Phone) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)');
$sth->execute(array($cid, $fname, $lname, $address, $postal, $city, $country, $email, $tel));
do {
global $bid;
bid();
$sth = $db->prepare('SELECT COUNT (BookingID) from Booking WHERE BookingID = ?');
} while ($sth->fetchColumn() > 0);
global $bid;
global $cid;
$sth = $db->prepare('INSERT INTO Booking (BookingID, Arrival, Checkout, RoomNumber, CustomerID, Breakfast, Comment, Paid) VALUES (?, ?, ?, ?, ?, ?, ?, ?)');
$sth->execute(array($bid, $adate, $ddate, $rnum, $cid, $bkfst, $message, 'N'));
$subject = "Your Booking";
global $bid;
$message = "Hi $fname,\n\nA $rtype from $ad to $dd has been booked for you.\n\nYour Booking Code is $bid.\n\nRegards.";
mail($email, $subject, $message);
echo 'The Booking completed successfully! Check your E-Mail for further Information.';
}
?>
hhmmm...
This is an infinite loop:
do {
cid();
$sth = $db->prepare("SELECT COUNT (CustomerID) from Customer WHERE CustomerID = ?");
$sth->execute(array($cid));
} while ($sth->fetchColumn() > 0);
Since your cid/bid() functions are badly constructed, the $cid you're using inside this do() loop will NEVER change from the $cid = 0 you did at the top of the script.
So the loop starts, you prepare/execute the query with CustomerID = 0, get back one of row of data with the count() results, which you fetch.
Then the loop rolls around again, and you RE-EXECUTE the query, with the exact same $cid = 0 value, so you continue reset the loop termination condition - you never end up with a value, because you keep query with the same bad/invalid cid=0.
It's pretty much the same like the good old BASIC program: 10 GOTO 10.
It's working now:
<?php
$adate = $_POST['adate'];
$ddate = $_POST['ddate'];
$ad = $_POST['ad'];
$dd = $_POST['dd'];
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$email = $_POST['email'];
$address = $_POST['address'];
$postal = $_POST['postal'];
$city = $_POST['city'];
$country = $_POST['country'];
$tel = $_POST['tel'];
$message = $_POST['message'];
$price = $_POST['price'];
$bkfst = $_POST['bkfst'];
$rnum = $_POST['rnum'];
$rtype = $_POST['rtype'];
$robotest = $_POST['blnk'];
$adate = $adate . " 20:00:00";
$ddate = $ddate . " 13:00:00";
$cid;
$bid;
if ($robotest)
$error = "You are a gutless robot.";
else {
function bid()
{
global $bid;
$bid = mt_rand(111111, 999999);
if (($bid % 10) == 0) {
$bid = $bid + 123;
}
}
function cid()
{
global $cid;
$cid = mt_rand(11111, 99999);
if (($cid % 10) == 0) {
$cid = $cid + 123;
}
}
include 'connect.php';
$sth = $db->prepare('SELECT COUNT (EMail) from Customer WHERE EMail = ?');
$sth->execute(array($email));
if($sth->fetchColumn() < 1){
do {
global $cid;
cid();
$sth = $db->prepare('SELECT COUNT (CustomerID) from Customer WHERE CustomerID = ?');
$sth->execute(array($cid));
} while ($sth->fetchColumn() > 0);
global $cid;
$sth = $db->prepare('INSERT INTO Customer (CustomerID, FirstName, LastName, Address, PostalCode, City, Country, EMail, Phone) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)');
$sth->execute(array($cid, $fname, $lname, $address, $postal, $city, $country, $email, $tel));
}else{
global $cid;
$sth = $db->prepare('SELECT CustomerID from Customer WHERE EMail = ?');
$sth->execute(array($email));
$id = $sth->fetch(PDO::FETCH_ASSOC);
$cid = $id['CustomerID'];
}
do {
global $bid;
bid();
$sth = $db->prepare('SELECT COUNT (BookingID) from Booking WHERE BookingID = ?');
} while ($sth->fetchColumn() > 0);
global $bid;
global $cid;
$booktime = date('Y-m-d H:i:s');
$sth = $db->prepare('INSERT INTO Booking (BookingID, Arrival, Checkout, RoomNumber, CustomerID, Breakfast, Comment, Paid, BookTime, Invoice) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)');
$sth->execute(array($bid, $adate, $ddate, $rnum, $cid, $bkfst, $message, 'N', $booktime, NULL));
$subject = "Your Booking";
global $bid;
$message = "Hi $fname,\n\nA $rtype from $ad to $dd has been booked for you.\n\nYour Booking Code is $bid.\n\nMention this Code if you need to get in touch with us.\n\nRegards.";
mail($email, $subject, $message);
echo 'The Booking completed successfully! Check your E-Mail for further Information.';
}
?>
No Clue, if this is the best way to do it but it is working perfectly.
Thanks for all the hints.
I am getting this error when I submit the form.
call to a member function bind_param() on a non-object
I have checked the console as well. It shows all the values I enter in the form. The values are getting stored in json variable and passed to the php page.It is on the bind_param() function, it shows the error. The same code works for the remaining 2 pages of my project, but it is not working for this one. Please help
Here is the PHP code
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "kites";
// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
alert("Connection failed");
}
else
{
// Check for empty fields
if(
empty($_POST['username']) || empty($_POST['password']) || empty($_POST['firstname']) || empty($_POST['lastname']) || empty($_POST['age']) || empty($_POST['contact']) || empty($_POST['streetname']) || empty($_POST['buildingname']) || empty($_POST['landmark']) || empty($_POST['area']) || empty($_POST['pincode']) || empty($_POST['email']) || empty($_POST['univ']) || empty($_POST['qualification']) || empty($_POST['dialcode']) || empty($_POST['countrycode']) || empty($_POST['bloodgroup']) || empty($_POST['school'])
)
{
echo json_encode(array('status'=>false,'msg'=>'No arguments provided'));
}
else if(is_numeric($_POST['firstname']) && is_numeric($_POST['lastname']))
{
echo json_encode(array('status'=>false,'msg'=>'Name should not contain numbers. Please try again'));
}
else if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))
{
echo json_encode(array('status'=>false,'msg'=>'Check your email id and try again'));
}
else if(!is_numeric($_POST['age']))
{
echo json_encode(array('status'=>false,'msg'=>'Age should contain only numbers'));
}
else{
$username = $_POST['username'];
$password = $_POST['password'];
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$age = $_POST['age'];
$bloodgroup = $_POST['bloodgroup'];
$contact = $_POST['contact'];
$streetname = $_POST['streetname'];
$buildingname = $_POST['buildingname'];
$landmark = $_POST['landmark'];
$area = $_POST['area'];
$pincode = $_POST['pincode'];
$email = $_POST['email'];
$univ = $_POST['univ'];
$school = $_POST['school'];
$qualification = $_POST['qualification'];
$dialcode = $_POST['dialcode'];
$countrycode = $_POST['countrycode'];
// $sql = "INSERT INTO join_form (name,email,contact,role,dialcode,countrycode) VALUES ('$name','$email','$contact','$role','$dialcode','$countrycode')";
$stmt = $conn->prepare("INSERT INTO register_form(username,password,firstname,lastname,age,bloodgroup,contact,streetname,buildingname,landmark,area,pincode,email,univ,school,qualification,dialcode,countrycode) VALUES(?, ?, ?, ?, ?, ?,?, ?, ?, ?, ?, ?,?, ?, ?, ?, ?, ?)");
$stmt->bind_param("ssssisssssssssssss",$username,$password,$firstname,$lastname,$age,$bloodgroup,$contact,$streetname,$buildingname,$landmark,$area,$pincode,$email,$univ,$school,$qualification,$dialcode,$countrycode);
$sql = $stmt->execute();
if ($sql) {
echo json_encode(array('status'=>true,'msg'=>"New record created successfully"));
// // Create the email and send the message
// $to = 'naitikgada1995#gmail.com'; // Add your email address inbetween the '' replacing yourname#yourdomain.com - This is where the form will send a message to.
// $email_subject = "Registration Successfull: $name";
// $email_body = "We have sent this mail to inform you that your registration is successfull\n\n"
// ."Here are the details:\n\n"
// ."Name: $name\n\nEmail: $email\n\nContact:$contact\n\nPassword: $password\n\n";
// $headers = "From: noreply#kiddo.com\n";
// $headers .= "Reply-To: $email";
// mail($to,$email_subject,$email_body,$headers);
// // $response['status'] = 'true';
}
else {
echo json_encode(array('status'=>false,'msg'=>'Enter different email id or contact number and try again'));
// return false;
// $response['feedback'] = 'false';
// $response['message'] = 'Sorry, something went wrong. Please try again. Try entering a different email id and contact number';
// echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}
// header("Content-Type: application/json; charset=utf-8", true);
}
}
?>
see if there is any spelling mistake or any other error in this line in the query
$stmt = $conn->prepare("INSERT INTO register_form(username,password,firstname,lastname,age,bloodgroup,contact,streetname,buildingname,landmark,area,pincode,email,univ,school,qualification,dialcode,countrycode) VALUES(?, ?, ?, ?, ?, ?,?, ?, ?, ?, ?, ?,?, ?, ?, ?, ?, ?)");