I am trying to insert the value of a radio button when its checked into mysql db table. Below is the HTML and the PHP for doing so. Please let me know what is going wrong?
Here is the HTML first:
<div class='container'>
<label for='username' >Business*:</label><br/>
<input type="radio" name="bus" id="username" value="bus" maxlength="50" /><br/>
<span id='register_username_errorloc' class='error'></span>
</div>
<div class='container'>
<label for='username' >Personal*:</label><br/>
<input type="radio" name="pers" id="username" value="per" maxlength="50" /><br/>
<span id='register_username_errorloc' class='error'></span>
</div>
Now the PHP:
function InsertIntoDB(&$formvars)
{
$confirmcode = $this->MakeConfirmationMd5($formvars['email']);
$formvars['confirmcode'] = $confirmcode;
$insert_query = 'insert into '.$this->tablename.'(
name,
email,
username,
password,
confirmcode,
dob,
business,
personal
)
values
(
"' . $this->SanitizeForSQL($formvars['name']) . '",
"' . $this->SanitizeForSQL($formvars['email']) . '",
"' . $this->SanitizeForSQL($formvars['username']) . '",
"' . md5($formvars['password']) . '",
"' . $confirmcode . '",
"' . $this->SanitizeForSQL($formvars['dob']) . '",
"' . $this->SanitizeForSQL($formvars['bus']) . '",
"' . $this->SanitizeForSQL($formvars['pers']) . '"
)';
if(!mysql_query( $insert_query ,$this->connection))
{
$this->HandleDBError("Error inserting data to the table\nquery:$insert_query");
return false;
}
return true;
}
I think there is a logical error. You should only save one of the variable in radio button in database.
"' . $this->SanitizeForSQL($formvars['bus']) . '",
"' . $this->SanitizeForSQL($formvars['pers']) . '"
Related
The code does not perform the task/operation i want and it does not return any error. Note that i have added another column on tblchristianout to record the reason for the removal of selected member That is the problem am facing another issue will be adding the searching option on the select box for selecting a member, i have tried using seclect2 and chosen to add the feature but i have not succeded if i can get assistance on that matter also it will be much appreciated
<?php
session_start();
error_reporting(0);
include('includes/dbconnection.php');
if(isset($_POST['save']))
{
// Get the selected ID
$ID = $_POST["ID"];
$reason = $_POST['reason'];
// Select specific data from the old table
$sql = "SELECT * FROM tblchristian WHERE ID = $ID";
$result = mysqli_query($conn, $sql);
// Move the data to the new table
if (mysqli_num_rows($result) > 0) {
while ($row = mysqli_fetch_assoc($result)) {
$sql = "INSERT INTO tblchristianout (name, Code, number, Age, Sex, Occupation, Status, Country, Parish, Village, District, Email, Phone, Photo, Marital, Registeredby, lastname, Birthdate, CreationDate, reason)
VALUES ('" . $row["name"] . "','" . $row["Code"] . "','" . $row["number"] . "','" . $row["Age"] . "','" . $row["Sex"] . "','" . $row["Occupation"] . "','" . $row["Status"] . "','" . $row["Country"] . "','" . $row["Parish"] . "','" . $row["Village"] . "','" . $row["District"] . "','" . $row["Email"] . "','" . $row["Phone"] . "','" . $row["Marital"] . "','" . $row["Registeredby"] . "', '" . $row["lastname"] . "', '" . $row["Birthdate"] . "', '" . $row["CreationDate"] . "', '" . $row["reason"] . "')";
mysqli_query($conn, $sql);
}
}
// Delete the moved data from the old table
$ID = $_POST['ID'];
$sql = "DELETE FROM tblchristian WHERE ID = $ID";
if (mysqli_query($conn, $sql)) {
echo "Data moved and deleted successfully";
} else {
echo "Error deleting data: " . mysqli_error($conn);
}
mysqli_close($conn);
}
?>
<div class="card-body">
<!-- Date -->
<form role="form" id="" method="post" enctype="multipart/form-data" class="form-horizontal">
<div class="card-body">
<div class="form-group">
<label>Tarehe:</label>
<div class="input-group date" id="reservationdate" >
<input type="date" name="date" class="form-control " required />
</div>
</div>
<div class="form-group ">
<label for="exampleInputPassword1">Jina la Mshiriki</label>
<select name="name" class="anyname form-control" data-live-search="true" required>
<option value="">chagua Mshiriki</option>
<?php
$sql="SELECT * from tblchristian";
$query = $dbh -> prepare($sql);
$query->execute();
$results=$query->fetchAll(PDO::FETCH_OBJ);
if($query->rowCount() > 0)
{
foreach($results as $row)
{
?>
<option value="<?php echo $row->ID;?>"><?php echo $row->name;?></option>
<?php
}
} ?>
</select>
</div>
<div class="form-group ">
<label for="exampleInputPassword1">Ondolewa Kwa</label>
<select name="reason" class="form-control">
<option value="Uhamisho">Uhamisho</option>
<option value="Kifo">Kifo</option>
<option value="Kuasi">Kuasi</option>
</select>
</div>
</div>
<div class="modal-footer text-right">
<button type="submit" name="save" class="btn btn-primary">Submit</button>
<button type="button" class="btn btn-default" data-dismiss="modal">Cancel</button>
</div>
</form>
</div>
my include/dbconnection.php code
<?php
// DB credentials.
define('DB_HOST','localhost');
define('DB_USER','root');
define('DB_PASS','');
define('DB_NAME','churchdb');
// Establish database connection.
try
{
$dbh = new PDO("mysql:host=".DB_HOST.";dbname=".DB_NAME,DB_USER, DB_PASS,array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'utf8'"));
}
catch (PDOException $e)
{
exit("Error: " . $e->getMessage());
}
$conn = mysqli_connect("localhost","root","","churchdb");
?>
My php won't update my products table. I know my GET request worked as I tested it with echo to display the id. I am confused as to how I can get it to work? I think it may be something to do with the form action= on my form but I am confused! Can someone please help?
<?php
// Connection file
require 'db.php';
if (((!empty($_GET["mode"])) && (!empty($_GET["id"]))) && ($_GET["mode"] == "update")) {
// If update
echo $_GET['id'];
if (isset($_POST["updateSubmit"])) {
$pName = $_POST["updateProductName"];
echo $pName;
$query = "UPDATE products "
. "SET p_name = '" . $_POST["updateProductName"] . "', "
. "p_type = '" . $_POST["updateProductType"] . "', "
. "p_desc = '" . $_POST["updateProductDesc"] . "', "
. "p_price = '" . $_POST["updateProductPrice"] . "', "
. "p_stock = " . $_POST["updateProductStock"] . ", "
. "WHERE id=" . $_GET['id'] . ";";
$result = mysqli_query($conn, $query);
}
}
?>
<div>
<form id="updateForm" name="updateForm" action="<?php echo "?mode=update&id=" . $productDetails["id"]; ?>" method="post">
<label>Product name:</label><br>
<input type="text" name="updateProductName"><br>
<label>Product type</label><br>
<select name="updateProductType">
<option value="Jackets/coats">Jackets/coats</option>
<option value="Accessories">Accessories</option>
<option value="Shirts">Shirts</option>
<option value="Jeans">Jeans</option>
<option value="Trousers">Trousers</option>
<option value="Shoes">Shoes</option>
<option value="Suits">Suits</option>
</select>
<p>Product description:</p>
<textarea name="updateProductDesc" rows="10" cols="30"></textarea><br>
<label>Product price:</label><br>
<input type="text" name="updateProductPrice"><br>
<label>Stock level:</label><br>
<input type="text" name="updateProductStock"><br>
<input type="submit" name="updateSubmit" value="Submit">
</form>
</div>
<?php
?>
I think the problems are misusing of ' in one or both of these lines
. "p_price = '" . $_POST["updateProductPrice"] . "', "
. "p_stock = " . $_POST["updateProductStock"] . ", "
If the type is string you need to use ' as you used in p_price otherwise if it is float or int you should not use ' as you did for p_stock.
It seems you used wrong for these two field. Since the p_price would be float and p_stock is string.
. "p_price = " . $_POST["updateProductPrice"] . ", "
. "p_stock = '" . $_POST["updateProductStock"] . "' , "
There are two issues with your query...
You Have one extra comma before the Where Section and your missing delimeters on p_stock.
Should be:
"p_stock = '" . $_POST["updateProductStock"] . "' "
and
. "WHERE id='" . $_GET['id'] . "'";
Trying to insert a query multiple records in the database, but get an error:
Warning: mysql_real_escape_string() expects parameter 1 to be string, array given in
Below I attach the code type and model
Please show where the error or where and in what direction the engine
view
<tr class="green_table">
<td class="td">
<input type="text" name="forma[]" />
<?php if ($error_forma) { ?>
<span class="error"><?php echo $error_forma; ?></span>
<?php } ?>
</td>
<td class="td">
<input type="text" name="linkto[]" />
</td>
<td class="td">
<input type="text" name="description[]" />
<?php if ($error_description) { ?>
<span class="error"><?php echo $error_description; ?></span>
<?php } ?>
</td>
<td class="td">
<input type="text" name="cvet[]" />
<?php if ($error_cvet) { ?>
<span class="error"><?php echo $error_cvet; ?></span>
<?php } ?>
</td>
<td class="td">
<input type="text" name="sizes[]" />
<?php if ($error_sizes) { ?>
<span class="error"><?php echo $error_sizes; ?></span>
<?php } ?>
</td>
<td class="td">
<input type="text" name="counts[]" />
<?php if ($error_counts) { ?>
<span class="error"><?php echo $error_counts; ?></span>
<?php } ?>
</td>
<td class="td">
<input type="text" name="tcena[]" />
<?php if ($error_tcena) { ?>
<span class="error"><?php echo $error_tcena; ?></span>
<?php } ?>
</td>
</tr>
model:
foreach($data as $key => $value){
$query = $this->db->query("INSERT INTO `" . DB_PREFIX
. "order` SET customer_id = '" . (int)$data['customer_id']
."',forma = '" . $this->db->escape($data['forma'])
. "', linkto = '" . $this->db->escape($data['linkto'])
. "', description = '" . $this->db->escape($data['description'])
. "', cvet = '" . $this->db->escape($data['cvet'])
. "', sizes = '" . $this->db->escape($data['sizes'])
. "', counts = '" . (int)$data['counts']
. "', tcena = '" . (int)$data['tcena']
. "', sposob = '" . $this->db->escape($data['sposob'])
. "', delivery_usa = '" . $this->db->escape($data['delivery_usa'])
. "', hint = '" . $this->db->escape($data['hint'])
. "', novapochta = '" . $this->db->escape($data['novapochta'])
. "', customer_group_id = '" . (int)$data['customer_group_id']
. "', firstname = '" . $this->db->escape($data['firstname'])
. "', lastname = '" . $this->db->escape($data['lastname'])
. "', email = '" . $this->db->escape($data['email'])
. "', telephone = '" . $this->db->escape($data['telephone'])
. "', date_added = '" . $this->db->escape(date('Y-m-d H:i:s'))
."', order_status_id =' 1"
."'");
$new_order_id = $this->db->getLastId();
}
Thanks!
This has nothing to do with OpenCart itself, it is about basic PHP. You need to loop through all the posted values and insert one set of values at a time.
It should be like this:
$values_count = count($data['forma']);
for ($i = 0; $i < $values_count; $i++) {
$query = $this->db->query("INSERT INTO `" . DB_PREFIX . "order` SET"
. " customer_id = " . (int)$data['customer_id']
. ",forma = '" . $this->db->escape($data['forma'][$i])
. "', linkto = '" . $this->db->escape($data['linkto'][$i])
. "', description = '" . $this->db->escape($data['description'][$i])
. "', cvet = '" . $this->db->escape($data['cvet'][$i])
. "', sizes = '" . $this->db->escape($data['sizes'][$i])
. "', counts = " . (int)$data['counts'][$i]
. ", tcena = " . (int)$data['tcena'][$i]
. ", sposob = '" . $this->db->escape($data['sposob'][$i])
. "', delivery_usa = '" . $this->db->escape($data['delivery_usa'][$i])
. "', hint = '" . $this->db->escape($data['hint'][$i])
. "', novapochta = '" . $this->db->escape($data['novapochta'][$i])
. "', customer_group_id = " . (int)$data['customer_group_id'] [$i]
. ", firstname = '" . $this->db->escape($data['firstname'][$i])
. "', lastname = '" . $this->db->escape($data['lastname'][$i])
. "', email = '" . $this->db->escape($data['email'][$i])
. "', telephone = '" . $this->db->escape($data['telephone'][$i])
. "', date_added = NOW()"
. ", order_status_id = 1");
$new_order_id = $this->db->getLastId();
}
Integer values does not need to be escaped with '1' when You typecast them to (int).
You form fields are arrays like : forma[], linkto[] which cannot be used with $this->db->escape().
Please echo the variable $value within the loop foreach($data as $key => $value){ and update your code.
Have a nice day !!
Anyone who can point a php novice in the right direction? It won't update the database and I can't figure it out. I get the article that I want to change and put it a form, and use the "update1.php" file to update the database.
Getting the article:
<?php
include ('../db_connect.php');
$getid = $_GET['artikkelID'];
$query = mysql_query('SELECT tittel, ingress, publ, tekst, forfatter, bildetekst, photo FROM hovedartikler WHERE artikkelID = "' . $getid . '"');
$rows = mysql_fetch_assoc($query);
$titteldb = $rows['tittel'];
$ingressdb = $rows['ingress'];
$tekstdb = $rows['tekst'];
$forfatterdb = $rows['forfatter'];
$bildetekstdb = $rows['bildetekst'];
$photodb = $rows['photo'];
echo '<form action="update1.php" method="post" enctype="multipart/form-data">
<span>
ArtikkelID
<input type="text" name="artikkelID" readonly="readonly" size="3" value="' . $getid . '">
</span>
<span style="margin-left: 20px;">
Artikkelens Tittel ( maks 100 tegn)
<input type="text" name="tittel" cols="80" size="50" value="' . $titteldb . '" /><br />
</span>
<br />
Ingress (maks 255 tegn)<br />
<textarea name="ingress" rows="4" cols="60" />' . $ingressdb . '</textarea><br />
Artikkelens tekst (ingen begrensning på antall tegn)<br />
<textarea id="textarea1" name="tekst" size="100%">' . $tekstdb . '</textarea>
<script language="javascript1.2">
generate_wysiwyg("textarea1");
</script>
Skriv inn artikkelens forfatter (maks 50 tegn)<br />
<input type="text" name="forfatter" size="80" cols="80" value="' . $forfatterdb . '" /><br />
Skriv inn tekst til artikkel-bilde<br />
<textarea name="bildetekst" rows="3" cols="60">' . $bildetekstdb . '</textarea><br />
Last opp bilde til bruk i artikkelen<br />
<input type="hidden" name="MAX_FILE_SIZE" value="2000000">
<input type="file" name="file" size="80" value="' . $photodb . '" /><br />
<br />
<input type="submit" name="submit" value="Oppdater" />
</form>';
?>
And the update-script:
<?php
$id = $_POST['artikkelID'];
$tittel = $_POST['tittel'];
$ingress = $_POST['ingress'];
$tekst = $_POST['tekst'];
$forfatter = $_POST['forfatter'];
$bildetekst = $_POST['bildetekst'];
$pic = $_FILES['file']['name'];
include '../db_connect.php';
if(isset($_POST['Oppdater']))
$mysql_query=("UPDATE hovedartikler SET
tittel='" . $_POST['tittel'] . "', ingress='" . $_POST['ingress'] . "', tekst='" . $_POST['tekst'] . "', forfatter='" . $_POST['forfatter'] . "', bildetekst='" . $_POST['bildetekst'] . "', file='" . $_FILES['pic'] . "' WHERE artikkelID='$id'")
or die (mysql_error());
mysql_query($query);
echo "Artikkelen er oppdatert!<br/><br/>
Du vil nå automatisk bli dirigert til Admin-forsiden.";
print_r($ingress);
mysql_close();
?>
<script type="text/javascript">
setTimeout("window.location.href='http://mss-seil.no/admin/adminIndex.php'", 3000);
</script>
All help appreciated!
For a start stop using mysql_* functions and start using mysqli or PDO and prepared statements with bound values or you will face SQL injection attacks.
Secondly, for now change mysql_query($query) to mysql_query($mysql_query) and remove the brackets from around the actual query and the die statement when setting the variable. You are trying to run the query held in $query but the UPDATE query is actually held in $mysql_query
It should look more like this:
$mysql_query = "UPDATE hovedartikler SET
tittel='" . $_POST['tittel'] . "', ingress='" . $_POST['ingress'] . "', tekst='" . $_POST['tekst'] . "', forfatter='" . $_POST['forfatter'] . "', bildetekst='" . $_POST['bildetekst'] . "', file='" . $_FILES['pic'] . "' WHERE artikkelID='$id'";
mysql_query($mysql_query);
$mysql_query=("UPDATE hovedartikler SET tittel='" . $_POST['tittel'] . "', ingress='" . $_POST['ingress'] . "', tekst='" . $_POST['tekst'] . "', forfatter='" . $_POST['forfatter'] . "', bildetekst='" . $_POST['bildetekst'] . "', file='" . $_FILES['pic'] . "' WHERE artikkelID='$id'") or die (mysql_error());
Note it's "$mysql_query" not "$query".
mysql_query($mysql_query);
Just a few side notes too:
the mysql_* functions should not really be used now. Take a look at mysqli or PDO.
You are not sanitizing your input before inserting it into the database. This is not a good idea - you're leaving yourself wide open to SQL injection attacks. You should escape strings and cast integers as integers. If you follow the first suggestion and use PDO or mysqli, look into using prepared statements.
Hope that helps!
Please look for SQL-Injections and escape your values from $_POST, please :) - And the Javascript-redirect can be replaced with a server-sided PHP-redirect with "header", I guess.
$mysql_query=("UPDATE hovedartikler SET
tittel='" . $_POST['tittel'] . "', ingress='" . $_POST['ingress'] . "', tekst='" . $_POST['tekst'] . "', forfatter='" . $_POST['forfatter'] . "', bildetekst='" . $_POST['bildetekst'] . "', file='" . $_FILES['pic'] . "' WHERE artikkelID='$id'")
or die (mysql_error());
mysql_query($query);
You've got a variable "$mysql_query" with the Update-Statement. But you send a variable "$query" to the mysql_query function. Shouldn't you send the $mysql_query variable to the mysql_query function? Maybe better variable names could be helpful :)
I do not know if this is the cause but you are using different quotes in the two files.
In the getting:
"' . $getid . '"'
And in the setting
WHERE artikkelID='$id'"
What datatype is artikkelID?
If it is an int, the first will work as double quote is not a string quote but a "grouping" quote which can be used to have columns with reserved words names
The last will not work as single quote IS a string quote, and you cannot use string for an int column.
For example
I could query an int column like this
WHERE id > "20"
but not like this
WHERE id > '20'
Whereas for a string column
WHERE name = "Hello World"
Would try to match the name column with the Hello World column, not the Hello World string
First of all sorry for my language. I am a doing a shopping cart application for my assignment for college. I have a problem with registration for. The problem is that it is inserting the first query
$addsql = "INSERT INTO customers(forename, surname, add1, add2, add3, postcode, phone, email, registered)
VALUES('"
. strip_tags(addslashes($_POST['forenameBox'])) . "', '"
. strip_tags(addslashes($_POST['surnameBox'])) . "', '"
. strip_tags(addslashes($_POST['add1Box'])) . "', '"
. strip_tags(addslashes($_POST['add2Box'])) . "', '"
. strip_tags(addslashes($_POST['add3Box'])) . "', '"
. strip_tags(addslashes($_POST['postcodeBox'])) . "', '"
. strip_tags(addslashes($_POST['phoneBox'])) . "', '"
. strip_tags(addslashes($_POST['emailBox'])) . "',
1)";
mysql_query($addsql);
and it does not insert the second one.
$customer_id = mysql_insert_id(); // Gets The id Of Last MySql INSERT Query
$insert_query = 'INSERT INTO logins (
username,
password,
customer_id
)
VALUES
(
"' . $_POST['userregBox'] . '",
"' . md5($_POST['passregBox']) . '",
"' . $customer_id . '",
)';
mysql_query($insert_query);
header("Location: " . $basedir . "login.php?ok=1");
I tried different approaches with no result. I am using Xammp.
Here is the full code
<?php
session_start();
require_once("db.php");
/* Checking if user is logged in, if not redirecting to the main page */
if(isset($_SESSION['SESS_LOGGEDIN']) == TRUE) {
header("Location: " . $config_basedir);
}
if($_POST['login'])
{
$loginsql = "SELECT * FROM logins
WHERE username = '" . $_POST['userBox'] . "' AND password = '" . $_POST['passBox'] . "'";
$loginres = mysql_query($loginsql);
$numrows = mysql_num_rows($loginres);
if($numrows == 1)
{
$loginrow = mysql_fetch_assoc($loginres);
session_register("SESS_LOGGEDIN");
session_register("SESS_USERNAME");
session_register("SESS_USERID");
$_SESSION['SESS_LOGGEDIN'] = 1;
$_SESSION['SESS_USERNAME'] = $loginrow['username'];
$_SESSION['SESS_USERID'] = $loginrow['id'];
$ordersql = "SELECT id FROM orders WHERE customer_id = " . $_SESSION['SESS_USERID'] . " AND status <2";
$orderres = mysql_query($ordersql);
$orderrow = mysql_fetch_assoc($orderres);
session_register("SESS_ORDERNUM");
$_SESSION['SESS_ORDERNUM'] = $orderrow['id'];
header("Location: " . $config_basedir);
}
else
{
header("Location: http://" . $HTTP_HOST . $SCRIPT_NAME . "?error=1");
}
}
if($_POST['register'])
{
$loginchecksql = "SELECT * FROM logins
WHERE username = '" . $_POST['userBox'] . "'";
$logincheckres = mysql_query($loginchecksql);
$loginchecknumrows = mysql_num_rows($logincheckres);
if($loginchecknumrows == 1)
{
header("Location: http://" . $HTTP_HOST . $SCRIPT_NAME . "?error=3");
}
else{
if(empty($_POST['forenameBox']) ||
empty($_POST['surnameBox']) ||
empty($_POST['add1Box']) ||
empty($_POST['add2Box']) ||
empty($_POST['add3Box']) ||
empty($_POST['postcodeBox']) ||
empty($_POST['phoneBox']) ||
empty($_POST['userregBox']) ||
empty($_POST['passregBox']) ||
empty($_POST['emailBox']))
{
header("Location: " . $basedir . "login.php?error=2");
exit;
}
$addsql = "INSERT INTO customers(forename, surname, add1, add2, add3, postcode, phone, email, registered)
VALUES('"
. strip_tags(addslashes($_POST['forenameBox'])) . "', '"
. strip_tags(addslashes($_POST['surnameBox'])) . "', '"
. strip_tags(addslashes($_POST['add1Box'])) . "', '"
. strip_tags(addslashes($_POST['add2Box'])) . "', '"
. strip_tags(addslashes($_POST['add3Box'])) . "', '"
. strip_tags(addslashes($_POST['postcodeBox'])) . "', '"
. strip_tags(addslashes($_POST['phoneBox'])) . "', '"
. strip_tags(addslashes($_POST['emailBox'])) . "',
1)";
mysql_query($addsql);
$customer_id = mysql_insert_id(); // Gets The id Of Last MySql INSERT Query
$insert_query = 'INSERT INTO logins (
username,
password,
customer_id
)
VALUES
(
"' . $_POST['userregBox'] . '",
"' . md5($_POST['passregBox']) . '",
"' . $customer_id . '",
)';
mysql_query($insert_query);
header("Location: " . $basedir . "login.php?ok=1");
}
}
else
{
require_once("header.php");
?>
<?php
if($_GET['ok'] == 1) {
echo "<b>Your registration was succesfull</b><p>Start shooping now</p>";
}
else
{
?>
<?php
if($_GET['error'] == 1) {
echo "<b>Incorrect details, please try again</b>";
}
?>
<?php
if($_GET['error'] == 2) {
echo "<b>Please fill all fields</b>";
}
?>
<?php
if($_GET['error'] == 3) {
echo "<b>User name exist</b>";
}
?>
<div style="width:50%;float:left;">
<fieldset style="width:90%;background:#fff; ">
<legend>Customer Login</legend>
<form action="<?php echo $SCRIPT_NAME; ?>" method="POST">
<ul>
<li>
<fieldset>
<legend>Username</legend>
<div>
<input type="textbox" name="userBox" class="text" />
</div>
<p class="guidelines">Please enter your username</p>
</fieldset>
</li>
<li>
<fieldset>
<legend>Password</legend>
<div>
<input type="password" name="passBox" class="text" />
</div>
<p class="guidelines">Please enter your password</p>
</fieldset>
</li>
<li>
<button type="submit" name="login" value="login">Log In</button>
</li>
</ul>
</form>
</fieldset>
</div>
<div style="width:50%;float:right;">
<fieldset style="width:95%;background:#fff; ">
<legend>Register</legend>
<form action="<?php echo $SCRIPT_NAME; ?>" method="POST">
<ul>
<li>
<fieldset>
<legend>Username</legend>
<div>
<input type="textbox" name="userregBox" class="text" />
</div>
<p class="guidelines">Please enter your username</p>
</fieldset>
</li>
<li>
<fieldset>
<legend>Password</legend>
<div>
<input type="password" name="passregBox" class="text" />
</div>
<p class="guidelines">Please enter your password</p>
</fieldset>
</li>
<li>
<fieldset>
<legend>Delivery details</legend>
<table style="width:99%;">
<tr>
<td>Forename</td>
<td><input type="text" name="forenameBox" class="text"></td>
</tr>
<tr>
<td>Surname</td>
<td><input type="text" name="surnameBox" class="text"></td>
</tr>
<tr>
<td>House Number, Street</td>
<td><input type="text" name="add1Box" class="text"></td>
</tr>
<tr>
<td>Town/City</td>
<td><input type="text" name="add2Box" class="text"></td>
</tr>
<tr>
<td>County</td>
<td><input type="text" name="add3Box" class="text"></td>
</tr>
<tr>
<td>Postcode</td>
<td><input type="text" name="postcodeBox" class="text"></td>
</tr>
<tr>
<td>Phone</td>
<td><input type="text" name="phoneBox" class="text"></td>
</tr>
<tr>
<td>Email</td>
<td><input type="text" name="emailBox"class="text"></td>
</tr>
</table>
</fieldset>
</li>
<li>
<button type="submit" name="register" value="Register">Register</button>
</li>
</ul>
</form>
</fieldset>
</div>
<?php
}
}
require_once("footer.php");
?>
You have an extra comma.
Change
"' . $customer_id . '",
to
"' . $customer_id . '"
in your INSERT INTO LOGINS query.