I have a database called test. In it there is a table called people. People has 4 fields: fname, lname, age, city. I have a page with a form where people can enter in data.
<?php
include('header.php');
?>
<body>
<form action="getinformation.php" method="post" id="getinformation">
<div id="header">
<h1><strong>Search For Data</h1></strong>
</div>
<div id="main">
<table border="0" width="75%">
<tr>
<td align="right" width="10%">First Name: </td>
<td><input type="text" name="fname" id="fname" size="20" /></td>
</tr>
<tr>
<td align="right" width="10%">Last Name: </td>
<td><input type="text" name="lname" id="lname" size="20" /></td>
</tr>
<tr>
<td align="right" width="10%">Age: </td>
<td><input type="text" name="age" id="age" size="3" /></td>
</tr>
<tr>
<td align="right" width="10%">City: </td>
<td><input type="text" name="city" id="city" size="20" /></td>
</tr>
</table>
<input type="submit" />
</div>
</body>
<?php
include('footer.php');
?>
When the submit button is clicked it will send the data to another page named getinformation.php.
<?php
require_once('model.php');
$query = "SELECT * FROM people WHERE";
if (isset ($POST_fname) {
$fname = $_POST['fname'];
$query = $query . " fname = " . $fname . " AND" }
if (isset ($POST_lname) {
$lname = $_POST['lname'];
$query = $query . " lname = " . $lname . " AND" }
if (isset ($POST_age) {
$age = $_POST['age'];
$query = $query . " age = " . $age . " AND" }
if (isset ($POST_city) {
$city = $_POST['city'];
$query = $query . " city = " . $city . " AND" }
$query = rtrim($query, " AND");
?>
<div id=/"header/">
<h1><strong>This is the information you requested</h1></strong>
</div>
<div id=/"main/">
<?php
$statement = $db->prepare($query);
$statement->execute();
$products = $statement->fethAll();
$statement->closeCursor();
foreach ($products as $product) {
echo $product['fname'] . " " . $product['lname'] . " | " . $product['age'] . " | " . $product['city'] . '<br />';
?>
</div>
<?php
include('footer.php');
?>
I get an error
Parse error: syntax error, unexpected '{' in C:\Program Files\wamp\www\testwebpage\Model\getinformation.php on line 6
I have had this problem before with my isset function but aside from that working I'm wondering if the rest of the code looks fine (assuming isset worked perfectly)
You have a syntax error - missing closing parenthesis:
if (isset ($POST_fname) {
Should be
if (isset ( ..... ) ) {
You forgot to close the ) everywhere after isset and didn't put semicolons after "AND". Here is the fixed file:
<?php
require_once('model.php');
$query = "SELECT * FROM people WHERE";
if (isset ($POST_fname)) {
$fname = $_POST['fname'];
$query = $query . " fname = '" . $fname . "' AND";
}
if (isset ($POST_lname)) {
$lname = $_POST['lname'];
$query = $query . " lname = '" . $lname . "' AND";
}
if (isset ($POST_age)) {
$age = $_POST['age'];
$query = $query . " age = '" . $age . "' AND";
}
if (isset ($POST_city)) {
$city = $_POST['city'];
$query = $query . " city = '" . $city . "' AND";
}
$query = rtrim($query, " AND");
?>
<div id=/"header/">
<h1><strong>This is the information you requested</h1></strong>
</div>
<div id=/"main/">
<?php
$statement = $db->prepare($query);
$statement->execute();
$products = $statement->fethAll();
$statement->closeCursor();
foreach ($products as $product) {
echo $product['fname'] . " " . $product['lname'] . " | " . $product['age'] . " | " . $product['city'] . '<br />';
}
?>
</div>
<?php
include('footer.php');
?>
Forgot the ( at end of the if. look at the line 6 as said in the error output.
(isset ($POST_fname)
be carfull
isset() is a expression that have 2 parenteses"(" ")" you opened, but din't close.
on every 'if' do this
if(isset(anything))
any other problem, come here !
Related
Here is the error I get when I submit the updated form: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE id='19' LIMIT 1' at line 1
Here is the PHP and HTML for the edit (update) page.
<?php
require_once('../../../private/initialize.php');
if(!isset($_GET['id'])) {
redirect_to(url_for('/staff/subjects/index.php'));
}
$id = $_GET['id'];
if(is_post_request()) {
// Handle form values sent by new.php
$subject = [];
$subject['id'] = $id;
$subject['menu_name'] = $_POST['menu_name'] ?? '';
$subject['description'] = $_POST['description'] ?? '';
$result = update_subject($subject);
if($result === true) {
redirect_to(url_for('/staff/subjects/show.php?id=' . $id));
} else {
$errors = $result;
}
} else {
$subject = find_subject_by_id($id);
}
$subject_set = find_all_subjects();
$subject_count = mysqli_num_rows($subject_set);
mysqli_free_result($subject_set);
?>
<?php $page_title = 'Edit Subject'; ?>
<?php include(SHARED_PATH . '/staff_header.php'); ?>
<a class="back-link" href="<?php echo url_for('/staff/subjects/index.php'); ?>">« Back to List</a>
<div class="subject edit">
<h1>Edit Subject</h1>
<?php echo display_errors($errors); ?>
<form action="<?php echo url_for('/staff/subjects/edit.php?id=' . h(u($id))); ?>" method="post">
<dl>
<dt>Subject name</dt>
<dd><input type="text" name="menu_name" value="<?php echo h($subject['menu_name']); ?>"</dd>
</dl>
<dl>
<dt>Description</dt>
<dd>
<textarea name="description" cols="60" rows="10"><?php echo h($subject['description']); ?></textarea>
</dd>
</dl>
<div id="operations">
<input type="submit" value="Edit Subject" />
</div>
</form>
</div>
<?php include(SHARED_PATH . '/staff_footer.php'); ?>
This is my PHP update to update the record.
//UPDATE SUBJECTS
function update_subject($subject) {
global $db;
$errors = validate_subject($subject);
if(!empty($errors)) {
return $errors;
}
$sql = "UPDATE subjects SET ";
$sql .= "menu_name='" . db_escape($db, $subject['menu_name']) . "', ";
$sql .= "description='" . db_escape($db, $subject['description']) . "', ";
$sql .= "WHERE id='" . db_escape($db, $subject['id']) . "' ";
$sql .= "LIMIT 1";
$result = mysqli_query($db, $sql);
// For UPDATE statements, $result is true/false
if($result) {
return true;
} else {
// UPDATE failed
echo mysqli_error($db);
db_disconnect($db);
exit;
}}
You have a comma ( , ) right before the WHERE
$sql .= "description='" . db_escape($db, $subject['description']) . "', ";
$sql .= "WHERE id='" . db_escape($db, $subject['id']) . "' ";
change it to:
$sql .= "description='" . db_escape($db, $subject['description']) . "' ";
Remove the , at the last from this line :
$sql .= "description='" . db_escape($db, $subject['description']) . "', ";
Use this :
$sql .= "description='" . db_escape($db, $subject['description']) . "' ";
I'm trying to do a multiple edit function, the code goes through but the database is not updated. I figure the problem is that at WHERE id = $id no value gets called out because if I replace $id with an actual id e.g. id = 001 the entry 001 gets updated.
This page selects which entries get edited
<?php
if (!mysqli_connect_errno($con)) {
$queryStr = "SELECT * " . "FROM crewlist";
}
$result = mysqli_query($con, $queryStr);
while ($row = mysqli_fetch_array($result)) {
if (date("Y-m-d") > $row['start_date'] && date("Y-m-d") < $row['end_date']) {
echo "<tr><th>" . "<input type = 'checkbox' name = 'checkbox2[]' value='" . $row['crew_name']. "' >" . "</th>";
echo "<th>" . "" . $row["crew_name"] . "";
echo "<th>" . $row["crew_rank"] . "</th>";
echo "<th>" . $row["start_date"] . "</th>";
echo "<th>" . $row["end_date"] . "</th>";
echo "<th>" . $row["watchkeeping"] . "</th>";
echo "<th>" . $row["active"] . "</th>";
} else {
}
}
?>
This is the edit page
<?php include 'header.php'; ?>
<div id="container4"><?php
require ("dbfunction.php");
$con = getDbConnect();
$checkbox2 = $_POST['checkbox2'];
if (!mysqli_connect_errno($con)) {
$str = implode($checkbox2);
$queryStr = "SELECT * " .
"FROM crewlist WHERE ($str) && crew_id";
}
$result = mysqli_query($con, $queryStr);
?><form action="handlemultiedit.php" method="post"><?php
if ($_POST['submit']) {
$checkbox2 = $_POST['checkbox2'];
foreach ($checkbox2 as $crewname) {
?>
<input type="hidden" name="crew_id" value="<?php $id = isset($_GET['id']) ? $_GET['id'] : ''; ?>" />
<?php echo "<tr><th>" . $crewname . ":</th><br>";
echo " <tr>
<td>Shift 1:</td>
<td><input type=\"time\" name=\"start_hour\" value=\"start_hour\" id=\"start_hour\" step=\"1800\" required> to <input type=\"time\" name=\"end_hour\" value=\"end_hour\" id=\"end_hour\" step=\"1800\" required>
</td>
</tr>
<tr>
<td>Shift 2:</td>
<td><input type=\"time\" name=\"start_hour2\" value=\"start_hour2\" id=\"start_hour2\" step=\"1800\" required> to <input type=\"time\" name=\"end_hour2\" value=\"end_hour2\" id=\"end_hour2\" step=\"1800\" required>
</td>
</tr><br><br>";
?><?php
}?><td><input type="submit" value="Submit" ></td></form><?php
}
?>
print_r($_POST);
require 'dbfunction.php';
$con = getDbConnect();
$crew_id = $_POST["crew_id"];
$start_hour = $_POST["start_hour"];
$end_hour = $_POST["end_hour"];
$start_hour2 = $_POST["start_hour2"];
$end_hour2 = $_POST["end_hour2"];
if (!mysqli_connect_errno($con)) {
$sqlQueryStr = "UPDATE crewlist SET start_hour = '$start_hour',end_hour = '$end_hour', start_hour2 = '$start_hour2',end_hour2 = '$end_hour2' WHERE crew_id = $crew_id";
mysqli_query($con, $sqlQueryStr);
}
//header('Location: crewlisting.php');
mysqli_close($con);
?>
Try placing single quotes (i.e. 's) around your final variable in your statement, as you have done with all of your other variables, i.e. change it to "WHERE crew_id = '$crew_id'";
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 8 years ago.
Improve this question
<?php
include("Header.php");
echo "<br>";
$stockCode = "";
$stockItem = "";
$stockLeft = "";
$stockOut = "";
$minimum = "";
$pricePI = "";
$location = "";
// Check if posts are set
if(isset($_POST['stockCode'])){
$stockCode = $_POST['stockCode'];
}
if(isset($_POST['stockItem'])){
$stockItem = $_POST['stockItem'];
}
if(isset($_POST['stockLeft'])){
$stockLeft = $_POST['stockLeft'];
}
if(isset($_POST['stockOut'])){
$stockOut = $_POST['stockOut'];
}
if(isset($_POST['minimum'])){
$minimum = $_POST['minimum'];
}
if(isset($_POST['pricePI'])){
$pricePI = $_POST['pricePI'];
}
if(isset($_POST['location'])){
$location = $_POST['location'];
}
// Do validation before adding to database
if(
($stockCode == null)||
($stockItem == null)||
($stockLeft == null)||
($stockOut == null)||
($pricePI == null)||
($location == null)||
($location == "Select Location")
){
echo "<div class='font3'>Fields Stock Code, Stock Item, Stock Left, Stock Out, Price Per Item and location must be filled.</div>";
} else {
// Write to database
$connection = mysqli_connect($host,$user,$pass,$dbnm);
// Check to see if the Stock Code already exists in the database
$checkQ = "SELECT COUNT(*) FROM Ekhaya_Inventory WHERE ((ekhaya_inventory_stock_code = '" . $stockCode . "') AND (ekhaya_inventory_location = '" . $location . "'))";
$result = mysqli_query($connection,$checkQ);
while($row[0] = mysqli_fetch_array($result)){
echo $row[0];
if($row[0] == 0){
$quick_cal = $stockLeft * $pricePI;
$formated_cal = number_format($quick_cal,2);
$myquery =
"INSERT INTO Ekhaya_Inventory
(
ekhaya_inventory_stock_code,
ekhaya_inventory_stock_item,
ekhaya_inventory_quantity_stock_left,
ekhaya_inventory_quantity_stock_out,
ekhaya_inventory_quantity_minimum,
ekhaya_inventory_price_per_item,
ekhaya_inventory_value_of_stock_left,
ekhaya_inventory_location,
ekhaya_inventory_date_time_modified
)
VALUES
(
'" . $stockCode . "',
'" . $stockItem . "',
'" . $stockLeft . "',
'" . $stockOut . "',
'" . $minimum . "',
'" . $pricePI . "',
'" . $formated_cal . "',
'" . $location . "',
'" . $date . "'
)
";
mysqli_query($connection,$myquery);
echo "<div class='font3'>New Item Added Successfully</div>";
// Add a log to database
$query =
"INSERT INTO Ekhaya_Logs
(
ekhaya_logs_name,
ekhaya_logs_surname,
ekhaya_logs_username,
ekhaya_logs_activity,
ekhaya_logs_ip_address,
ekhaya_logs_date_time
) VALUES (
'" . $_SESSION['SECURE#NAME'] . "',
'" . $_SESSION['SECURE#SURNAME'] . "',
'" . $_SESSION['SECURE#USERNAME'] . "',
'" . $_SESSION['SECURE#NAME'] . " " . $_SESSION['SECURE#SURNAME'] . " added [ITEM] Stock Code: " . $stockCode . " to " . $location . "'s inventory',
'" . $_SERVER['REMOTE_ADDR'] . "',
'" . $date . "')";
mysqli_query($connection,$query);
} else {
echo "<div style='color:red' class='font3'>Stock Code " . $stockCode . " already exists for " . $location . "</div>";
}
}
mysqli_close($connection);
$stockCode = "";
$stockItem = "";
$stockLeft = "";
$stockOut = "";
$minimum = "";
$pricePI = "";
$location = "";
}
?>
</br>
<form action="AddItem.php" method="post">
<table class="table_mod">
<tr>
<td class="td_mod">
Stock Code:
</td>
<td class="td_mod">
<input type="text" name="stockCode">
</td>
</tr>
<tr>
<td class="td_mod">
Stock Item:
</td>
<td class="td_mod">
<input type="text" name="stockItem">
</td>
</tr>
<tr>
<td class="td_mod">
Stock Left:
</td>
<td class="td_mod">
<input type="text" name="stockLeft">
</td>
</tr>
<tr>
<td class="td_mod">
Stock Out:
</td>
<td class="td_mod">
<input type="text" name="stockOut">
</td>
</tr>
<tr>
<td class="td_mod">
Minimum:
</td>
<td class="td_mod">
<input type="text" name="minimum">
</td>
</tr>
<tr>
<td class="td_mod">
Price Per Item:
</td>
<td class="td_mod">
<input type="text" name="pricePI">
</td>
</tr>
<tr>
<td class="td_mod">
Location:
</td>
<td class="td_mod">
<select class="textbox_login" name="location">
<option>Select Location</option>
<option value="Tech Stud">Tech Stud</option>
</select>
</td>
</tr>
<tr>
<td>
<input type="Submit" value="Submit New Item">
</td>
</tr>
</table>
</form>
Can someone please tell me why this is not working ? The main if statement pushes out this item already exists but the data does note exist in the database. And when i use the mysqli count function it always returns 1.
There is a bug in your while loop assignment. Change this line:
while($row[0] = mysqli_fetch_array($result)){
To this:
while($row = mysqli_fetch_array($result)){
You might consider generally using var_dump instead of echo when debugging. It can provide more insight into what's actually going on.
I have this problem while updating my database, so, it all works, i mean i have the form, it prints the values, but when i try to update it, everything gets updated apart from the username and password..
Here is the code i use..
Thanks!
if ($Act=='Save') {
mysql_query("BEGIN");
$sql = "Insert into tbl_galleries (gal_title,gal_image,username,password) Values (";
$sql.= "'". strip_tags(mysql_real_escape_string(trim($gal_title))). "','". strip_tags(mysql_real_escape_string(trim($gal_image))) ."','". strip_tags(mysql_real_escape_string(trim($username))). "',,'". strip_tags(mysql_real_escape_string(trim($password))). "',);";
$query = mysql_query($sql);
if(!$query){
mysql_query("ROLLBACK");
$myErrorsUpGr = mysql_error();
echo $myErrorsUpGr;
} else {
mysql_query("COMMIT");
echo 'Insertion was successfull.';
}
} else if ($Act=='Update'){
mysql_query("BEGIN");
$sql = " Update tbl_galleries set ";
$sql.= " gal_title='" . strip_tags(mysql_real_escape_string(trim($gal_title))) . "',";
$sql.= " gal_image='" . strip_tags(mysql_real_escape_string(trim($gal_image))) . "'";
$sql.= " where gal_id=" . $gal_id . ";";
$sql.= " username='" . strip_tags(mysql_real_escape_string(trim($username))) . "',";
$sql.= " password='" . strip_tags(mysql_real_escape_string(trim($password))) . "',";
<?php
include_once("db/envato_db.php");
if ($_SERVER['QUERY_STRING']!='')
{
$sql = "";
$sql = "SELECT gal_id,gal_title,gal_image,username,password FROM tbl_galleries where gal_id='" . $_REQUEST['gid'] ."';";
$query = mysql_query($sql) or $myErrorsP = mysql_error();
if(isset($myErrors) && $myErrorsP!='')
{
}
else
{
$row = mysql_fetch_row($query);
mysql_free_result($query);
$gal_id = $row[0];
$gal_title = $row[1];
$gal_image = $row[2];
$username = $row[3];
$password = $row[4];
}
}
?>
<tr>
<td width="104">Gallery Title:</td>
<td width="556"><input type="text" id="gtitle" name="gtitle" class="typeText" maxlength="50" value="<?php echo isset($gal_title)? $gal_title : ""?>" tabindex="1" /></td>
</tr>
<tr>
<td>Gallery Image:</td>
<td>
<input type="text" id="gimg" name="gimg" class="typeText" maxlength="100" value="<?php echo isset($gal_image)? $gal_image : ""?>" readonly/>
<input type="file" name="gimg_upl" id="gimg_upl"/>
Upload
</td>
</tr>
<tr>
<td width="104">Username:</td>
<td width="556"><input type="text" id="gusername" name="gusername" class="typeText" maxlength="50" value="<?php echo isset($username)? $username : ""?>" tabindex="1" /></td>
</tr>
<tr>
<td width="104">Password:</td>
<td width="556"><input type="text" id="gpassword" name="gpassword" class="typeText" maxlength="50" value="<?php echo isset($password)? $password : ""?>" tabindex="1" /></td>
</tr>
</table>
<table id="savetbl" style="width:680px;" cellpadding="3">
<tr>
<td align="center" colspan="2">
<?php
if(isset($gal_id) && $gal_id!='')
{
if(!isset($myErrorsP))
{
?>
<input type="button" value="» Update «" class="but" name="button" alt="Update" title="Update" onClick="Do_Update('Update', '<?php echo $gal_id?>');" tabindex="3">
<?php
}
}
else
{
if(!isset($myErrorsP))
{
?>
<input type="button" value="» Save «" class="but" name="button" alt="Save" title="Save" onClick="Do_Update('Save','0');" tabindex="3">
<?php
}
}
?>
</td>
</tr>
On your code you have this :
$sql.= " where gal_id=" . $gal_id . ";";
$sql.= " username='" . strip_tags(mysql_real_escape_string(trim($username))) . "',";
$sql.= " password='" . strip_tags(mysql_real_escape_string(trim($password))) . "',";
Try to set the where clause after the update of username & password :
$sql.= " username='" . strip_tags(mysql_real_escape_string(trim($username))) . "',";
$sql.= " password='" . strip_tags(mysql_real_escape_string(trim($password))) . "'";
$sql.= " where gal_id=" . $gal_id . ";";
Try this
$sql.= " where gal_id=" . $gal_id . ";";
$sql.= "AND username='" . strip_tags(mysql_real_escape_string(trim($username))) . "',";
$sql.= "AND password='" . strip_tags(mysql_real_escape_string(trim($password))) . "',";
Lines 22, 23, and 24 of your sample code
First of all sorry for my language. I am a doing a shopping cart application for my assignment for college. I have a problem with registration for. The problem is that it is inserting the first query
$addsql = "INSERT INTO customers(forename, surname, add1, add2, add3, postcode, phone, email, registered)
VALUES('"
. strip_tags(addslashes($_POST['forenameBox'])) . "', '"
. strip_tags(addslashes($_POST['surnameBox'])) . "', '"
. strip_tags(addslashes($_POST['add1Box'])) . "', '"
. strip_tags(addslashes($_POST['add2Box'])) . "', '"
. strip_tags(addslashes($_POST['add3Box'])) . "', '"
. strip_tags(addslashes($_POST['postcodeBox'])) . "', '"
. strip_tags(addslashes($_POST['phoneBox'])) . "', '"
. strip_tags(addslashes($_POST['emailBox'])) . "',
1)";
mysql_query($addsql);
and it does not insert the second one.
$customer_id = mysql_insert_id(); // Gets The id Of Last MySql INSERT Query
$insert_query = 'INSERT INTO logins (
username,
password,
customer_id
)
VALUES
(
"' . $_POST['userregBox'] . '",
"' . md5($_POST['passregBox']) . '",
"' . $customer_id . '",
)';
mysql_query($insert_query);
header("Location: " . $basedir . "login.php?ok=1");
I tried different approaches with no result. I am using Xammp.
Here is the full code
<?php
session_start();
require_once("db.php");
/* Checking if user is logged in, if not redirecting to the main page */
if(isset($_SESSION['SESS_LOGGEDIN']) == TRUE) {
header("Location: " . $config_basedir);
}
if($_POST['login'])
{
$loginsql = "SELECT * FROM logins
WHERE username = '" . $_POST['userBox'] . "' AND password = '" . $_POST['passBox'] . "'";
$loginres = mysql_query($loginsql);
$numrows = mysql_num_rows($loginres);
if($numrows == 1)
{
$loginrow = mysql_fetch_assoc($loginres);
session_register("SESS_LOGGEDIN");
session_register("SESS_USERNAME");
session_register("SESS_USERID");
$_SESSION['SESS_LOGGEDIN'] = 1;
$_SESSION['SESS_USERNAME'] = $loginrow['username'];
$_SESSION['SESS_USERID'] = $loginrow['id'];
$ordersql = "SELECT id FROM orders WHERE customer_id = " . $_SESSION['SESS_USERID'] . " AND status <2";
$orderres = mysql_query($ordersql);
$orderrow = mysql_fetch_assoc($orderres);
session_register("SESS_ORDERNUM");
$_SESSION['SESS_ORDERNUM'] = $orderrow['id'];
header("Location: " . $config_basedir);
}
else
{
header("Location: http://" . $HTTP_HOST . $SCRIPT_NAME . "?error=1");
}
}
if($_POST['register'])
{
$loginchecksql = "SELECT * FROM logins
WHERE username = '" . $_POST['userBox'] . "'";
$logincheckres = mysql_query($loginchecksql);
$loginchecknumrows = mysql_num_rows($logincheckres);
if($loginchecknumrows == 1)
{
header("Location: http://" . $HTTP_HOST . $SCRIPT_NAME . "?error=3");
}
else{
if(empty($_POST['forenameBox']) ||
empty($_POST['surnameBox']) ||
empty($_POST['add1Box']) ||
empty($_POST['add2Box']) ||
empty($_POST['add3Box']) ||
empty($_POST['postcodeBox']) ||
empty($_POST['phoneBox']) ||
empty($_POST['userregBox']) ||
empty($_POST['passregBox']) ||
empty($_POST['emailBox']))
{
header("Location: " . $basedir . "login.php?error=2");
exit;
}
$addsql = "INSERT INTO customers(forename, surname, add1, add2, add3, postcode, phone, email, registered)
VALUES('"
. strip_tags(addslashes($_POST['forenameBox'])) . "', '"
. strip_tags(addslashes($_POST['surnameBox'])) . "', '"
. strip_tags(addslashes($_POST['add1Box'])) . "', '"
. strip_tags(addslashes($_POST['add2Box'])) . "', '"
. strip_tags(addslashes($_POST['add3Box'])) . "', '"
. strip_tags(addslashes($_POST['postcodeBox'])) . "', '"
. strip_tags(addslashes($_POST['phoneBox'])) . "', '"
. strip_tags(addslashes($_POST['emailBox'])) . "',
1)";
mysql_query($addsql);
$customer_id = mysql_insert_id(); // Gets The id Of Last MySql INSERT Query
$insert_query = 'INSERT INTO logins (
username,
password,
customer_id
)
VALUES
(
"' . $_POST['userregBox'] . '",
"' . md5($_POST['passregBox']) . '",
"' . $customer_id . '",
)';
mysql_query($insert_query);
header("Location: " . $basedir . "login.php?ok=1");
}
}
else
{
require_once("header.php");
?>
<?php
if($_GET['ok'] == 1) {
echo "<b>Your registration was succesfull</b><p>Start shooping now</p>";
}
else
{
?>
<?php
if($_GET['error'] == 1) {
echo "<b>Incorrect details, please try again</b>";
}
?>
<?php
if($_GET['error'] == 2) {
echo "<b>Please fill all fields</b>";
}
?>
<?php
if($_GET['error'] == 3) {
echo "<b>User name exist</b>";
}
?>
<div style="width:50%;float:left;">
<fieldset style="width:90%;background:#fff; ">
<legend>Customer Login</legend>
<form action="<?php echo $SCRIPT_NAME; ?>" method="POST">
<ul>
<li>
<fieldset>
<legend>Username</legend>
<div>
<input type="textbox" name="userBox" class="text" />
</div>
<p class="guidelines">Please enter your username</p>
</fieldset>
</li>
<li>
<fieldset>
<legend>Password</legend>
<div>
<input type="password" name="passBox" class="text" />
</div>
<p class="guidelines">Please enter your password</p>
</fieldset>
</li>
<li>
<button type="submit" name="login" value="login">Log In</button>
</li>
</ul>
</form>
</fieldset>
</div>
<div style="width:50%;float:right;">
<fieldset style="width:95%;background:#fff; ">
<legend>Register</legend>
<form action="<?php echo $SCRIPT_NAME; ?>" method="POST">
<ul>
<li>
<fieldset>
<legend>Username</legend>
<div>
<input type="textbox" name="userregBox" class="text" />
</div>
<p class="guidelines">Please enter your username</p>
</fieldset>
</li>
<li>
<fieldset>
<legend>Password</legend>
<div>
<input type="password" name="passregBox" class="text" />
</div>
<p class="guidelines">Please enter your password</p>
</fieldset>
</li>
<li>
<fieldset>
<legend>Delivery details</legend>
<table style="width:99%;">
<tr>
<td>Forename</td>
<td><input type="text" name="forenameBox" class="text"></td>
</tr>
<tr>
<td>Surname</td>
<td><input type="text" name="surnameBox" class="text"></td>
</tr>
<tr>
<td>House Number, Street</td>
<td><input type="text" name="add1Box" class="text"></td>
</tr>
<tr>
<td>Town/City</td>
<td><input type="text" name="add2Box" class="text"></td>
</tr>
<tr>
<td>County</td>
<td><input type="text" name="add3Box" class="text"></td>
</tr>
<tr>
<td>Postcode</td>
<td><input type="text" name="postcodeBox" class="text"></td>
</tr>
<tr>
<td>Phone</td>
<td><input type="text" name="phoneBox" class="text"></td>
</tr>
<tr>
<td>Email</td>
<td><input type="text" name="emailBox"class="text"></td>
</tr>
</table>
</fieldset>
</li>
<li>
<button type="submit" name="register" value="Register">Register</button>
</li>
</ul>
</form>
</fieldset>
</div>
<?php
}
}
require_once("footer.php");
?>
You have an extra comma.
Change
"' . $customer_id . '",
to
"' . $customer_id . '"
in your INSERT INTO LOGINS query.