I'm currentely working on some project for my school in which I have to create a profile page where people can put their information throught the input form. The data is send to database and after that displayed in some nice table.
But on my way I have encountered some problems - this is an error that I'm echoing:
INSERT INTO info (name, surname, gender, birth, street, postal, city, country, citizenship, phone, mail) VALUES (Michael, xxx, male, 20-04-93, Skolegade, 4690, Copenhagen, Denmark, Polish, 22222222, admin#admin.com WHERE email = xxx#gmail.com) Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE email = xxx#gmail.com)' at line 1
This is my file index.html with the form
<body>
<h1>Update record <?php echo $user->email; ?></h1>
<form action="insertdata.php" method="post">
<label>Your name: </label><input type="text" name="name" /><br />
<label>Your surname: </label><input type="text" name="surname" /><br />
<label>Gender: </label><input type="text" name="gender" /><br />
<label>Date of birth: </label><input type="text" name="birth" /><br />
<label>Street name: </label><input type="text" name="street" /><br />
<label>Postal: </label><input type="text" name="postal" /><br />
<label>City: </label><input type="text" name="city" /><br />
<label>Country: </label><input type="text" name="country" /><br />
<label>Citizenship: </label><input type="text" name="citizenship" /><br />
<label>Phone number: </label><input type="text" name="phone" /><br />
<label>E-mail address: </label><input type="text" name="mail" /><br />
<input type="submit" value="submit" />
</form>
<?php
if($sql){//if the update worked
echo "<b>Update successful!</b>";
}
?>
And this is the code of file insertdata.php in which it finds an error:
<?php
// To protect any php page on your site, include main.php
// and create a new User object. It's that simple!
require_once '../includes/main.php';
$user = new User();
if(!$user->loggedIn()){
redirect('index.php');
}
require_once('functions.php');
connect_db();
$name = mysqli_real_escape_string($con, $_POST['name']);
$surname = mysqli_real_escape_string($con, $_POST['surname']);
$gender = mysqli_real_escape_string($con, $_POST['gender']);
$birth = mysqli_real_escape_string($con, $_POST['birth']);
$street = mysqli_real_escape_string($con, $_POST['street']);
$postal = mysqli_real_escape_string($con, $_POST['postal']);
$city = mysqli_real_escape_string($con, $_POST['city']);
$country = mysqli_real_escape_string($con, $_POST['country']);
$citizen = mysqli_real_escape_string($con, $_POST['citizen']);
$phone = mysqli_real_escape_string($con, $_POST['phone']);
$mail = mysqli_real_escape_string($con, $_POST['mail']);
$email = $user->email;
$sql = "INSERT INTO `info` (`name`, `surname`, `gender`, `birth`, `street`, `postal`, `city`, `country`, `citizenship`, `phone`, `mail`) VALUES (`$name`, `$surname`, `$gender`, `$birth`, `$street`, `$postal`, `$city`, `$country`, `$citizen`, `$phone`, `$mail` WHERE email = `$email`)";
echo $sql;
//$result = mysql_query($con,$sql);
if (!mysqli_query($con,$sql)) {
die('Error: ' . mysqli_error($con));
}
echo "1 ercord added";
mysqli_close($con);
?>
?>
Check
I tried to remove the " from the code at the end of the line but then code is messed up and it is displaying other errors
WHERE email = `$email`); "
e.g. that it can not read echo from the next line:
Parse error: syntax error, unexpected 'echo' (T_ECHO) in /data/home/vizionwe/public_html/try/insertdata.php on line 35
My deadline is until Tuesday, so I have to figure it out quick.
I'm looking forward to see your answers and ideas.
Fix your sql line:
$sql = "INSERT INTO `info` ";
$sql.= "(`name`, `surname`, `gender`, `birth`, `street`, `postal`, `city`, `country`, `citizenship`, `phone`, `mail`) VALUES ";
$sql.= "('".$name."', '".$surname."', '".$gender."', '".$birth."', '".$street."', '".$postal."', '".$city."', '".$country."', '".$citizen."', '".$phone."', '".$mail."')";
It seems to me, that you should use ' instead of ` around the values you try to put into the database.
Like this:
$sql = "INSERT INTO `info` (`name`, `surname`, `gender`, `birth`, `street`, `postal`, `city`, `country`, `citizenship`, `phone`, `mail`) VALUES ('$name', '$surname', '$gender', '$birth', '$street', '$postal', '$city', '$country', '$citizen', '$phone', '$mail' WHERE email = '$email')";
"INSERT INTO info (name, surname, gender, birth, street, postal, city, country, citizenship, phone, mail) VALUES ('".$name."', '".$surname."', '".$gender."', '".$birth."', '".$street."', '".$postal."', '".$city."', '".$country."', '".$citizen."', '".$phone."', '".$mail."')"
Related
ERROR:
You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near '#ami.com, '50cb0778758634b4a6f959ed4bf2debd')' at line 144
HTML CODE
<form action="" method="post">
<table>
<tbody>
<tr>
<td>
<div>
<input type="text" name="name" placeholder="Name">
</div>
<div>
<input type="text" name="city" placeholder="City">
</div>
<div>
<input type="text" name="zip" placeholder="Zip-Code">
</div>
<div>
<input style="padding:7px 10px; margin-top:5px;width:336px;" type="email" name="email" placeholder="Email" >
</div>
</td>
<td>
<div>
<input type="text" name="address" placeholder="Address">
</div>
<div>
<input type="text" name="country" placeholder="Country">
</div>
<div>
<input type="text" name="phone" placeholder="Phone">
</div>
<div>
<input style="padding:7px 10px; margin-top:5px;width:336px;" type="password" name="pass" placeholder="Password">
</div>
</td>
</tr>
</tbody>
</table>
<div class="search"><div><button class="grey" name="register">Create Account</button></div></div>
<p class="terms">By clicking 'Create Account' you agree to the Terms & Conditions.</p>
<div class="clear"></div>
</form>
PHP CODE
public function customerRegistration($data)
{
$name = mysqli_real_escape_string($this->db->link, $data['name']);
$address = mysqli_real_escape_string($this->db->link, $data['address']);
$city = mysqli_real_escape_string($this->db->link, $data['city']);
$country = mysqli_real_escape_string($this->db->link, $data['country']);
$zip = mysqli_real_escape_string($this->db->link, $data['zip']);
$phone = mysqli_real_escape_string($this->db->link, $data['phone']);
$email = mysqli_real_escape_string($this->db->link, $data['email']);
$pass = mysqli_real_escape_string($this->db->link, md5($data['pass']));
if ($name == "" || $address == "" || $city == "" || $country == "" || $zip == "" || $phone == "" || $email == ""|| $pass == "") {
$msg = "fileds must not be empty";
return $msg;
}
// email query
$mailquery = "SELECT * FROM tbl_customer WHERE email='$email' LIMIT 1";
$checkmail = $this->db->select($mailquery);
// password query
$passquery = "SELECT * FROM tbl_customer WHERE pass='$pass' LIMIT 1";
$checkpass = $this->db->select($passquery);
// return $checkmail;
if ($checkmail != false) {
$msg = "Email already exit";
return($msg);
} elseif( $checkpass != false) {
$msg = "Password already exit";
return($msg);
} else {
$query = "INSERT INTO tbl_customer(name, address, city, country, zip, phone, email, pass) VALUES('$name', '$address', '$city', '$country', '$zip', '$phone', $email, '$pass')";
$inserted_row = $this->db->insert($query);
if ($inserted_row) {
$msg = "Customer data inserted successfully";
return $msg;
} else {
$msg = "Customer data not inserted";
return $msg;
}
}
}
Your Problem is Here:
$query = "INSERT INTO tbl_customer(name, address, city, country, zip, phone, email, pass) VALUES('$name', '$address', '$city', '$country', '$zip', '$phone', $email, '$pass')";
You have missed single quote mark in $email. It will be like this ('$email').
So Your SQL Command would be:
$query = "INSERT INTO tbl_customer(name, address, city, country, zip, phone, email, pass) VALUES('$name', '$address', '$city', '$country', '$zip', '$phone', '$email', '$pass')";
You've missed ' for $email;)
Try to change
$query = "INSERT INTO tbl_customer(name, address, city, country, zip, phone, email, pass) VALUES('$name', '$address', '$city', '$country', '$zip', '$phone', $email, '$pass')";
to
$query = "INSERT INTO tbl_customer(name, address, city, country, zip, phone, email, pass) VALUES('$name', '$address', '$city', '$country', '$zip', '$phone', '$email', '$pass')";
I am trying to input the information from the form html into mysql table. I keep getting an error code but I do not understand it and I tried to research for solution but i came up short.
I put security because protecting my login information.
Please help me?
Here is the html:
<!DOCTYPE HTML>
<html>
<head>
<title> form</title>
<style type="text/css/css">
h2{
text-align: center;
margin-top: 2cm;
}
</style>
</head>
<body>
<form action='formDB2.php' method='POST'>
<p> Your Last Name: <input type="text" name="lastname" id="lastname" value="" size="30" /></p>
<p> Your First Name: <input type="text" name="firstname" id="firstname" value="" size="30" /></p>
<p>Age: <input name="age" type="text " id="age "/> </p>
<p>gender: <select name="sex" id="gender">
<option> Male </option>
<option>Female </option>
</select> </p>
<hr />
<p><input type="reset" value="REST"/><input type="submit" name="Submit" value="Submit" /></p>
</form>
</body>
</html>
Here the mysql/php code:
<?php
$link = mysqli_connect("localhost","*security*","*security*","*security*");
if($link === false){
die("ERROR: Could not connect. " . mysqli_connect_error());
}
$lastname = mysqli_real_escape_string($link, $_POST['lastname']);
$firstname = mysqli_real_escape_string($link, $_POST['firstname']);
$age = mysqli_real_escape_string($link, $_POST['age']);
$gender = mysqli_real_escape_string($link, $_POST['sex']);
$sql = "INSERT INTO trainer(trainer_id, lastname, firstname, age, gender) VALUES (0,'$firstname', '$lastname', '$age' , '$gender')";
if(mysqli_query($link,$sql)){
echo "Records added successfully.";
} else{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
}
mysqli_close($link);
?>
Here is the output:
Here the account I want it to display:
trainer_id is your primary key, so it must be unique. You are always setting to 0 on your code:
$sql = "INSERT INTO trainer(trainer_id, lastname, firstname, age, gender) VALUES (0,'$firstname', '$lastname', '$age' , '$gender')";
You should set the field with auto increment http://dev.mysql.com/doc/refman/5.7/en/example-auto-increment.html and don't pass anything on your code:
$sql = "INSERT INTO trainer(lastname, firstname, age, gender) VALUES ('$firstname', '$lastname', '$age' , '$gender')";
So I'm trying to allow a form to add data to a mySQL table. I have this form
<form name="addBook" action="addBook.php" method="post" >
ISBN: <input type="text" name="isbn"><br />
Name: <input type="text" name="name"><br />
Edition: <input type="text" name="edition"><br />
Author: <input type="text" name="author"><br />
Class: <input type="text" name="class"><br />
Department: <input type="text" name="department"><br />
Condition: <input type="text" name="condition"><br /><br />
<input type="submit" value="Add Book">
</form>
Where addBook.php is...
<?php
$con=mysqli_connect("cclloyd.com","cclloyd","","Inventory");
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
// escape variables for security
$isbn = mysqli_real_escape_string($con, $_POST['isbn']);
$name = mysqli_real_escape_string($con, $_POST['name']);
$edition = mysqli_real_escape_string($con, $_POST['edition']);
$author = mysqli_real_escape_string($con, $_POST['author']);
$class = mysqli_real_escape_string($con, $_POST['class']);
$department = mysqli_real_escape_string($con, $_POST['department']);
$condition = mysqli_real_escape_string($con, $_POST['condition']);
$sql="INSERT INTO Books (isbn, name, edition, author, class, department, condition)
VALUES ('$isbn', '$name', '$edition', '$author', '$class', '$department', '$condition')";
if (!mysqli_query($con,$sql)) {
die('Error: ' . mysqli_error($con));
}
mysqli_close($con);
header('Location: http://umassd.cclloyd.com/bookadded.php' ) ;
?>
And when I executed it, I get this error.
"Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'condition) VALUES ('l', 'lk', 'l', 'k', 'j', 'h', 'h')' at line 1"
Where those were just random things I put in to fill the form. Where is the error? I looked online a lot and they all say to enter it like I have it.
condition is reserved word for Mysql. Check the reserved words here
Put the word in quotes.
Please use this
$sql="INSERT INTO Books (`isbn`, `name`, `edition`, `author`, `class`, `department`, `condition`)
VALUES ('$isbn', '$name', '$edition', '$author', '$class', '$department', '$condition')";
I am able connect to mysql db where i have created a table called attorney_users. I would like to know what i am missing or doing wrong? I have post my function code below. when i register the user it confirms the success, but the table is not updated.
<?php
require_once('appvars.php');
require_once('connectvars.php');
// Connect to the database
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
if (isset($_POST['submit'])) {
// Grab the profile data from the POST
$username = mysqli_real_escape_string($dbc, trim($_POST['username']));
$firstname = mysqli_real_escape_string($dbc, trim($_POST['firstname']));
$lastname = mysqli_real_escape_string($dbc, trim($_POST['lastname']));
$firmname = mysqli_real_escape_string($dbc, trim($_POST['firmname']));
$email = mysqli_real_escape_string($dbc, trim($_POST['email']));
$password = mysqli_real_escape_string($dbc, trim($_POST['password']));
$password2 = mysqli_real_escape_string($dbc, trim($_POST['password2']));
if (!empty($username) && !empty($password) && !empty($password2) && ($password == $password2)) {
// Make sure someone isn't already registered using this username
$query = "SELECT * FROM attorney_users WHERE username = '$username'";
$data = mysqli_query($dbc, $query);
if (mysqli_num_rows($data) == 0) {
// The username is unique, so insert the data into the database
$query = "INSERT INTO attorney_users (username, firstname, lastname, firmname, email, password, date) VALUES ('$username', '$firstname', '$lastname', $firmname, $email, SHA('$password'), NOW())";
mysqli_query($dbc, $query);
// Confirm success with the user
echo '<p>Your new account has been successfully created. You\'re now ready to log in.</p>';
mysqli_close($dbc);
exit();
}
else {
// An account already exists for this username, so display an error message
echo '<p class="error">An account already exists for this username. Please use a different username.</p>';
$username = "";
}
}
else {
echo '<p class="error">You must enter all of the sign-up data, including the desired password twice.</p>';
}
}
mysqli_close($dbc);
?>
<div id="main-wrapper">
<div id="register-wrapper">
<form method="post" action = "<?php echo $_SERVER['PHP_SELF'];?>">
<fieldset>
<ul>
<label for="username">Username : </label>
<input type="text" id="username" name = "username" value = "<?php if (!empty($username)) echo $username; ?>" />
<label for="firstname">First Name : </label>
<input type="text" id="firstname" name = "firstname" />
<label for="lastname">Last Name : </label>
<input type="text" id="lastname" name = "lastname" />
<label for="firmn">Firm Name : </label>
<input type="text" id="firmname" name = "firmname" />
<label for="email">Email : </label>
<input type="text" id="email" name = "email" />
<label for="password">Password : </label>
<input type="password" id="password" name="password" />
<label for="password2">Verify Password : </label>
<input type="password" id="password2" name="password2" />
</li>
<li class="buttons">
<input type="submit" value="Register" name="submit" />
<input type="button" name="cancel" value="Cancel" onclick="location.href='index.php'" />
</li>
</ul>
</fieldset>
</form>
</div>
</div>
</body>
</html>
date is reserved in mysql, use ` around column name
$query = "INSERT INTO attorney_users (`username`, `firstname`,
`lastname`, `firmname`, `email`, `password`, `date`)
VALUES ('$username', '$firstname', '$lastname', $firmname,
$email, SHA('$password'), NOW())";
And why are you using mysqli_real_escape_string for escaping , you can use prepared statement here.
Edit
Use this for checking error in query
$data = mysqli_query($dbc, $query) or die(mysqli_error());
change your $query from
$query = "INSERT INTO attorney_users (username, firstname, lastname, firmname, email, password, date) VALUES ('$username', '$firstname', '$lastname', $firmname, $email, SHA('$password'), NOW())";
to
$password = SHA1($password);
$query = "INSERT INTO attorney_users (`username`, `firstname`, `lastname`, `firmname`, `email`, `password`, `date`) VALUES ('{$username}', '{$firstname}', '{$lastname}', '{$firmname}', '{$email}', '{$password}', NOW())";
I created a table & when Submit button is hit after filling the form, those particulars should be inserted into the DB TABLE. But idk what's wrong with the code, it's echoing "Unable to select table".. My code is as follows:
<?php
if ( isset ( $_POST['submit'] ) )
{
mysql_connect("localhost","root","1234");
mysql_select_db("my_db")or die( "Unable to select database</span></p>");
$name1 = $_POST['name1'];
$email = $_POST['email'];
$password = $_POST['password'];
$confirmpassword = $_POST['confirmpassword'];
$gender = $_POST['gender'];
$place = $_POST['place'];
$college = $_POST['college'];
$result=MYSQL_QUERY("INSERT INTO USERS3 (id,name1,email,password,confirmpassword,gender,college,place)".
"VALUES ('NULL', '$name1', '$email', '$password', '$confirmpassword', '$gender', '$place', '$college')")or die( "<p><span style=\"color: red;\">Unable to select table</span></p>");
mysql_close();
echo "<p><span style=\"color: red;\">Thank You;</span></p>";
}
else
{
// close php so we can put in our code
?>
<form id="form1" action="" method="post">
Name:
<input type="text" name="name1" /><br/>
E-mail:
<input type="text" name="email" /><br/>
Password:
<input type="password" name="password" /><br/>
Confirm Password:
<input type="password" name="confirmpassword" /><br/>
Gender:
<input type="radio" name="gender" />
Male
<input type="radio" name="gender" />
Female
<br/>
Location:
<input type="text" name="place" /><br/>
College:
<input type="text" name="college" /><br/>
<input id="submit1" class="submit" type="submit" name="submit" value="Submit"/><br/>
<input type="reset" value="reset" />
</form>
<?php
} //close the else statement
?>
PHP doesn't recognise function with capital letters. Use small-case characters:
mysql_query( "INSERT INTO USERS3 ( id, name1, email,
`password`, confirmpassword, gender, college, place)
VALUES ('NULL', '$name1', '$email',
'$password', '$confirmpassword', '$gender', '$place',
'$college')") or die( "<p><span style=\"color: red;\">Unable to select table</span></p>");
mysql_close();
If 'id' is an autoincrement field, you shouldn't be passing any value for it - the database will deal with that.
Everything looks fine.Only problem(s) could be:
The table name might be incorrect.Especially, i suspect your correct table name is users3 instead of USERS3 .
The ideal way to check is:
Add following statement before $result=.....
echo "INSERT INTO USERS3 (id,name1,email,password,confirmpassword,gender,college,place)".
"VALUES ('NULL', '$name1', '$email', '$password', '$confirmpassword', '$gender', '$place', '$college')";
Run/Load the page.
Whatever is printed - copy it.
Go to phpmyadmin and select SQL Tab.Paste what you copied in previous step and run it.
phpmyadmin will display the exact error.