output from the database seems fine, but input from the update doesn't pass onto the database
edit.php - from here all values displays correctly
<?php
session_start();
$name = $_SESSION['name'];
$sur = $_SESSION['sur'];
$pass = $_SESSION['pass'];
echo $name.' '.$sur.' '.$pass;
//connect
$dbh = mysql_connect ("localhost", "xxx_admin", "xxx")
or die ('ERROR!');
mysql_select_db ("xxx_database");
$query="SELECT * FROM client_info WHERE (first='$name' AND last='$sur' AND password='$pass')";
$result=mysql_query($query);
$id = mysql_result($result,$i,"id");
$first = mysql_result($result,$i,"first");
$last = mysql_result($result,$i,"last");
$phone = mysql_result($result,$i,"phone");
$mob = mysql_result($result,$i,"mob");
$fax = mysql_result($result,$i,"fax");
$email = mysql_result($result,$i,"email");
$web = mysql_result($result,$i,"web");
$com = mysql_result($result,$i,"com");
$add = mysql_result($result,$i,"add");
$city = mysql_result($result,$i,"city");
$state = mysql_result($result,$i,"state");
$zip = mysql_result($result,$i,"zip");
$zone = mysql_result($result,$i,"zone");
$office = mysql_result($result,$i,"office");
$office_num = mysql_result($result,$i,"office_num");
$ext_mob = mysql_result($result,$i,"ext_mob");
$ext_phone = mysql_result($result,$i,"ext_phone");
$ext_office = mysql_result($result,$i,"ext_office");
$srv = mysql_result($result,$i,"srv");
$stype = mysql_result($result,$i,"stype");
$voip = mysql_result($result,$i,"voip");
$vpass = mysql_result($result,$i,"vpass");
$regDate = mysql_result($result,$i,"regDate");
$acct = mysql_result($result,$i,"acct");
$Nagent = mysql_result($result,$i,"Nagent");
$agents = mysql_result($result,$i,"agents");
$password = mysql_result($result,$i,"password");
?>
<html>
<head>
<title></title>
</head>
<body>
<form method="post" action="update.php" name="gen">
<b>Personal Info:</b>
<p>First Name:<input type="text" name="first" size="20" value="<?php echo $first; ?>"/></p>
<p>Last Name:<input type="text" name="last" size="20" value="<?php echo $last; ?>"/></p>
<p>Mob:<input type="text" name="mob" size="20" value="<?php echo $mob; ?>"/>
ext:<input type="text" name="ext_mob" size="4" value="<?php echo $ext_mob; ?>"/></p>
<p>Phone:<input type="text" name="phone" size="20" value="<?php echo $phone; ?>"/>
ext:<input type="text" name="ext_phone" size="4" value="<?php echo $ext_phone; ?>"/></p>
<p>Fax:<input type="text" name="fax" size="20" value="<?php echo $fax; ?>"/></p>
<p>E-mail:<input type="text" name="email" size="35" value="<?php echo $email; ?>"/></p>
<p>Address:<input type="text" name="add" size="40" value="<?php echo $add; ?>"/></p>
<p>City:<input type="text" name="city" size="20" value="<?php echo $city; ?>"/></p>
<p>State:<input type="text" name="state" size="20" value="<?php echo $state; ?>"/></p>
<p>Zip Code:<input type="text" name="zip" size="5" value="<?php echo $zip; ?>"/></p>
<p>Zone:<input type="text" name="zone" size="5" value="<?php echo $zone; ?>"/></p>
<br>
<b>Office Info:</b>
<p>Company:<input type="text" name="com" size="40" value="<?php echo $com; ?>"/></p>
<p>Office Address:<input type="text" name="office" size="40" value="<?php echo $office; ?>"/></p>
<p>Office Num #:<input type="text" name="office_num" size="15" value="<?php echo $office_num; ?>"/>
ext:<input type="text" name="ext_office" size="4" value="<?php echo $ext_office; ?>"/></p>
<p>Website:<input type="text" name="web" size="30" value="<?php echo $web; ?>"/></p><br>
Old password:
<input type="password" size="20" name="oldpassword">
New password:
<input type="password" size="20" name="newpassword">
verify new password
<input type="password" size="20" name="verpassword">
<input type="text" size="20" name="id" value="<?php echo $id; ?>">
<input type="submit" value="Update Database">
</form>
</body>
</html>
update.php - it says update success , but there are no changes on my database
<?php
session_start();
$ud_id=$_POST['id'];
$name = $_SESSION['name'];
$sur = $_SESSION['sur'];
$pass = $_SESSION['pass'];
$ud_first = $_POST['first'];
$ud_last = $_POST['last'];
$ud_phone = $_POST['phone'];
$ud_mob = $_POST['mob'];
$ud_fax = $_POST['fax'];
$ud_email = $_POST['email'];
$ud_web = $_POST['web'];
$ud_com = $_POST['com'];
$ud_add = $_POST['add'];
$ud_city = $_POST['city'];
$ud_state = $_POST['state'];
$ud_zip = $_POST['zip'];
$ud_zone = $_POST['zone'];
$ud_office = $_POST['office'];
$ud_office_num = $_POST['office_num'];
$ud_ext_mob = $_POST['ext_mob'];
$ud_ext_phone = $_POST['ext_phone'];
$ud_ext_office = $_POST['ext_office'];
$ud_password = $_POST['newpassword'];
//connect
$dbh = mysql_connect ("localhost", "xxx_admin", "xxx")
or die ('ERROR!');
mysql_select_db ("xxx_database");
$query="UPDATE client_info SET first='$ud_first',last='$ud_last',phone='$ud_phone',mob='$ud_mob',fax='$ud_fax',email='$ud_email',web='$ud_web',com='$ud_com',add='$ud_add',city='$ud_city',state='$ud_state',zip='$ud_zip',zone='$ud_zone',office='$ud_office',office_num='$ud_office_num',ext_mob='$ud_ext_mob',ext_phone='$ud_ext_phone',ext_office='$ud_ext_office',password='$ud_password' WHERE id='$ud_id'";
mysql_query($query);
echo "Record Updated at ID: ".$ud_id;
mysql_close();
?>
As I don't know your table structure, Try this and debug accordingly.
$query="UPDATE client_info SET first='$ud_first',
last='$ud_last',
phone='$ud_phone',
mob='$ud_mob',
fax='$ud_fax',
email='$ud_email',
web='$ud_web',
com='$ud_com',
add='$ud_add',
city='$ud_city',
state='$ud_state',
zip='$ud_zip',
zone='$ud_zone',
office='$ud_office',
office_num='$ud_office_num',
ext_mob='$ud_ext_mob',
ext_phone='$ud_ext_phone',
ext_office='$ud_ext_office',
password='$ud_password' WHERE id=$ud_id;";
mysql_query($query) or die(mysql_error());
of all i STRONGLY suggest you escape your user input before sending anything to the DB. it will escape special charaters and pevent use of keywords to mess your db. to do so, simply use mysql_real_escape_string() like so;
$ud_first = mysql_real_escape_string($_POST['first']);
You sould check mysqli as mysql being decretated. If your just starting your code, i usggest you switch as soon as possible. Efficiency and security will increase.
Add an ; at the end of you query. Will help the server to know where it ends.
change or die ('ERROR!'); by or die (mysql_error()); This will echo the last error encourtered by mysql server. It will most likely tell you what your probelm is.
I give you those hints as i don't see why your code don't work as expected.
Something out of the range of this question but why assign each of the result values separately?
You expect one result and as $i not set is actually null it works
maybe you could simplify your life and code by using
$r = mysql_fetch_assoc($result);
foreach($r as $key=>$value){ $$key=$value; }
If there would be more rows expected or possible, you would have to close it in a foreach loop or similar solution. Other side, processing the post and securing input may be short&simple too
$allowed_post_vars=array('city','zip',...); // define ok variables
foreach($allowed_post_vars as $postvar)// each of them
{ $ud='ud_'.$postvar; // prepare longer name, like $ud_city etc
$$ud=mysql_real_escape_string($_POST[$postvar]); //assign it sanitized value
}
Related
I am a newbie to PHP. & My PHP Code doesn't work, I want to update some date using MySQL but it seems that first IF condition is 'false' i don't why, I am using PHP 7 & XAMP as a local host, Dreamweaver as an IDE & this is my code:
if(isset($_POST["btn_edit"]))
{
$name = $_POST["name"];
$email = $_POST["email"];
$password = $_POST["password"];
if(!empty($_FILES["img"]["name"]))
{
$img = $_FILES["img"]["name"];
$img_temp = $_FILES["img"]["tmp_name"];
if(move_uploaded_file($img_temp, "assets/images/".$img))
{
$query = mysqli_query($Connection, "UPDATE entry_data SET names='$name',emails='$name',passwords='$password',images='$img' WHERE id='$ID'");
if($query)
{
$result = header("Location:index.php");
}
else
{
echo mysql_error();
}
}
}
else
{
$query = mysqli_query($Connection, "UPDATE entry_data SET names='$name',emails='$name',passwords='$password',images='$img' WHERE id='$ID'");
if($query)
{
echo "<h5>Updated</h5>";
}
}
}
it showing me nothing just refresh the page & this is HTML CODE:
<form method="post" enctype="multipart/form-data">
<input name="name" value="<?php echo $name ?>" />
<input name="email" value="<?php echo $email ?>" />
<input name="password" value="<?php echo $password ?>" />
<img width="50" height="50" src="<?php echo 'assets/images/'.$row[4] ?>" />
<input name="img" type="file" class="text-info" required="required" />
<br/>
<input name"btn_edit" type="submit" />
<?php if(isset($_POST["btn_edit"])) echo $result ?>
You have syntax issue in your button HTML.
This:-
<input name"btn_edit" type="submit" />
Need to be:-
<input name="btn_edit" type="submit" /><!-- = is missing in name -->
So I am trying to update data into my database by using a form and populating it.
The problem is that it is coming up with this error:
Query error: Unknown column 'customer_id' in 'where clause'
And I am not sure why. Nothing in my database is called customer id
This is my code for the form
<form method="post" action="code/update_cust.php">
<h2 id="input_form_heading">Client Update Form:</h2>
<h3>Enter your details into the form and when you are ready click the submit button </h3>
<?php
// Read the values passed in the URL and store in the variable C_num
$C_num = $_GET['id'];
$query = "SELECT * FROM client WHERE C_num='$C_num'"; // run a select query to return the existing data for the record
$results = mysqli_query($conn, $query );
if(!$results) { // capture any errors
echo ("Query error: " . mysqli_error($conn));
}
else {
// fetch and store the results for later use if no errors
while ($row = mysqli_fetch_array($results)) {
$C_num =$row['C_num'];
$C_Firstname = $row['C_Firstname'];
$C_Lastname = $row['C_Lastname'];
$Unitnum = $row['Unitnum'];
$Housenum = $row['Housenum'];
$C_Street = $row['C_Street'];
$C_Suburb = $row['C_Suburb'];
$C_City = $row['C_City'];
$C_Postcode = $row['C_Postcode'];
$C_State = $row['C_State'];
$C_Phone = $row['C_Phone'];
$C_Email = $row['C_Email'];
}
?>
<p>Client Number:</p><input type="text" name="cnum" value="<?=$C_num?>"><br>
<p>First Name:</p><input type="text" name="cfirstname" value="<?=$C_Firstname?>" required><br>
<p>Last Name:</p><input type="text" name="clastname" value="<?=$C_Lastname?>" required><br>
<p>Unit Number: </p><input type="text" name="unitnumber" value="<?=$Unitnum?>" ><br>
<p>House Number: </p><input type="text" name="housenumber" value="<?=$Housenum?>" ><br>
<p>Street:</p><input type="text" name="street" value="<?=$C_Street?>" required><br>
<p>Suburb:</p><input type="text" name="suburb" value="<?=$C_Suburb?>" required><br>
<p>City:</p><input type="text" name="city" value="<?=$C_City?>" required><br>
<p>Post Code:</p><input type="text" name="postcode" value="<?=$C_Postcode?>" required><br>
<p>State:</p> <select class="form-control" type="text" name="state" value="<?=$C_State?>" ><br> <!-- "form control" and "required" changes the input fields color (see css)-->
<option value="">Please choose a state</option>
<option value="ACT">ACT</option>
<option value="NSW">NSW</option>
<option value="NT">NT</option>
<option value="QLD">QLD</option>
<option value="SA">SA</option>
<option value="TAS">TAS</option>
<option value="VIC">VIC</option>
<option value="WA">WA</option>
</select><br>
<p>Phone:</p><input type="tel" name="phone" value="<?=$C_Phone?>" ><br>
<p>Email:</p><input type="email" name="email" value="<?=$C_Email?>" required><br>
<br><br>
<input type="submit" name="submit" value= "Update">
<input type ="reset" name="reset" value ="Reset">
<?php
// Redirect the browser window back to the select query page if there are no errors
header("location: display_cust.php");
}
?>
</form>
And this is the code to action the form
<?php
// MySQL Database Connect
require_once("connection.php");
// Read the values passed in the URL and store in the variable C_num
$C_num = $_GET['id'];
// read the values from the form and store in variables
$C_num = $_POST['cnum'];
$C_Firstname = $_POST['cfirstname'];
$C_Lastname = $_POST['clastname'];
$Unitnum = $_POST['unitnumber'];
$Housenum = $_POST['housenumber'];
$C_Street = $_POST['street'];
$C_Suburb = $_POST['suburb'];
$C_City = $_POST['city'];
$C_Postcode = $_POST['postcode'];
$C_State = $_POST['state'];
$C_Phone = $_POST['phone'];
$C_Email = $_POST['email'];
// escape variables for security
$C_num = mysqli_real_escape_string($conn, $C_num);
$C_Firstname = mysqli_real_escape_string($conn, $C_Firstname);
$C_Lastname = mysqli_real_escape_string($conn, $C_Lastname);
$Unitnum = mysqli_real_escape_string($conn, $Unitnum);
$Housenum = mysqli_real_escape_string($conn, $Housenum );
$C_Street = mysqli_real_escape_string($conn, $C_Street);
$C_Suburb = mysqli_real_escape_string($conn, $C_Suburb);
$C_City = mysqli_real_escape_string($conn, $C_City);
$C_Postcode = mysqli_real_escape_string($conn, $C_Postcode);
$C_State = mysqli_real_escape_string($conn, $C_State);
$C_Phone = mysqli_real_escape_string($conn, $C_Phone);
$C_Email = mysqli_real_escape_string($conn, $C_Email);
// update the record from the database corresponding to the primary key value passed in the variable id
$query = "UPDATE FROM client WHERE C_num='$C_num'";
$results = mysqli_query($conn, $query );
if(!$results) {
echo ("Query error: " . mysqli_error($conn));
exit;
}
else {
header("location: ../update_cust1.php");
}
?>
Any ideas? I am a little confused
I'm new in working on PHP. My little project works on display first and last name of student, according to h/is/er id.
index page should have 3 text box:
student id
first name
last name
when inserting student id in the first text box and press enter key, related information must appear in the other two boxes(first and last name).
Code in validation.php:
$con = new mysqli('localhost', 'root', '', 'db_sars') or die(mysqli_error());
$student_no = $_GET['student_no'];
$query = "SELECT student_no,firstname,lastname FROM student WHERE student_no = '$student_no'";
$result = mysqli_query($con, $query);
if (mysqli_num_rows($result)<1) {
echo "<span class='green'>Available</span>";
}
else{
$followingdata = $result->fetch_assoc();
echo $followingdata["firstname"].'<br />';
echo $followingdata["lastname"].'<br />';
}
index.html contains ajax script and text boxes:
</br><input type="text" name="student_no" id="student_no" placeholder="Enter student #"></div></br>
<input type="text" name="firstname" id="firstname" >
<input type="text" name="lastname" id="lastname" >
A basic approach: Since the page reloads when you submit the form, you could simply populate the values of the inputs when you load the page by storing your values rather than echo-ing them:
PHP:
$first = $followingdata["firstname"];
$last = $followingdata["lastname"];
HTML:
<input type="text" name="firstname" id="firstname" value="<? echo $first ?>">
<input type="text" name="lastname" id="lastname" value="<? echo $last ?>">
php
$followingdata = $result->fetch_assoc();
$first_name = $followingdata["firstname"];
$last_name = $followingdata["lastname"];
echo json_encode(array(
'first' = $first_name,
'last' = $last_name,
));
your ajax succeed callback function
function (data) {
obj = JSON.parse(data);
if (obj) {
var first = obj.first;
var last = obj.last;
document.getElementById('firstname').value = first;
document.getElementById('lastname').value = last;
}
}
html
<input type="text" name="student_no" id="student_no" placeholder="Enter student #"></div>
<input type="text" name="firstname" id="firstname" >
<input type="text" name="lastname" id="lastname" >
I am wanting to populate a drop down list from another mysql table and then assign the values from two of the columns into variables - i.e. "select name, eid, perc from employee". "John Doe" would be $eid = 1234 and $perc = 20.
Any help with this would be greatly appreciated!
Thank you - Matt
Here is the code I have been working with:
PHP
<?php
//session_start();
$page_title = 'New invoice';
include ('includes/header.html');
// Check for form submission:
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
require ('mysqli_connect.php'); // Connect to the db.
/*$errors = array(); // Initialize an error array. */
// Invoice number is automatic
if (empty($_POST['op1'])) {
$errors[] = 'Operation needs to be entered.';
} else {
$op1 = mysqli_real_escape_string($dbc, trim($_POST['op1']));
}
// Amount:
if (empty($_POST['amount1'])) {
$errors[] = 'Amount to be charged.';
} else {
$amount1 = mysqli_real_escape_string($dbc, trim($_POST['amount1']));
}
// percentage:
if (empty($_POST['perc'])) {
$errors[] = 'Select a percentage.';
} else {
$perc = mysqli_real_escape_string($dbc, trim($_POST['perc']));
}
// eid:
if (empty($_POST['eid'])) {
$errors[] = 'Enter a techician.';
} else {
$eid = mysqli_real_escape_string($dbc, trim($_POST['eid']));
}
// Stocknum:
if (empty($_POST['stocknum'])) {
$errors[] = 'Need a stock number.';
} else {
$stocknum = mysqli_real_escape_string($dbc, trim($_POST['stocknum']));
}
// Stocknum:
if (empty($_POST['myear'])) {
$errors[] = 'Enter vehicle year.';
} else {
$myear = mysqli_real_escape_string($dbc, trim($_POST['myear']));
}
if (empty($_POST['make'])) {
$errors[] = 'Enter vehicle make.';
} else {
$make = mysqli_real_escape_string($dbc, trim($_POST['make']));
}
if (empty($_POST['model'])) {
$errors[] = 'Enter vehicle model.';
} else {
$model = mysqli_real_escape_string($dbc, trim($_POST['model']));
}
if (empty($_POST['vin'])) {
$errors[] = 'Enter last 6 of the VIN.';
} else {
$vin = mysqli_real_escape_string($dbc, trim($_POST['vin']));
}
if (empty($_POST['mileage'])) {
$errors[] = 'Enter current mileage.';
} else {
$mileage = mysqli_real_escape_string($dbc, trim($_POST['mileage']));
}
if (empty($errors)) { // If everything's OK.
$q = "INSERT INTO `mwcc`.`wp` (`tdate`, `stocknum`, `myear`, `make`, `model`,`vin`, `eid`, `op1`, `amount1`,`mileage`,`ecomm`) VALUES (CURRENT_DATE(), '$stocknum', '$myear', '$make', '$model','$vin', '$eid', '$op1', '$amount1','$mileage', ($amount1*$perc));";
$r = #mysqli_query ($dbc, $q); // Run the query.
//echo ($q);
if ($r) { // If it ran OK.
// Print a message:
echo '<h1>Success!</h1>
<p>Invoice has been created!<br /></p>';
} else { // If it did not run OK.
// Public message:
echo '<h1>System Error</h1>
<p class="error">Uh oh. There has been an error. We apologize for any inconvenience.</p>';
// Debugging message:
echo '<p>' . mysqli_error($dbc) . '<br /><br />Query: ' . $q . '</p>';
} // End of if ($r) IF.
mysqli_close($dbc); // Close the database connection.
exit();
} else { // Report the errors.
echo '<h1>Error!</h1>
<p class="error">The following error(s) occurred:<br />';
foreach ($errors as $msg) { // Print each error.
echo " - $msg<br />\n";
}
echo '</p><p>Please try again.</p><p><br /></p>';
} // End of if (empty($errors)) IF.
mysqli_close($dbc); // Close the database connection.
} // End of the main Submit conditional.
?>
HTML :
<form action="newinv.php" method="post">
<p>Stock #
<input type="text" name="stocknum" size="15" maxlength="20" value="<?php if (isset($_POST['stocknum'])) echo $_POST['stocknum']; ?>" />
Last 6 of VIN
<input type="text" name="vin" size="15" maxlength="6" value="<?php if (isset($_GET['vin'])) echo $_POST['vin']; ?>" /> </p>
<p>Year
<input type="text" name="myear" size="4" maxlength="4" value="<?php if (isset($_POST['myear'])) echo $_POST['myear']; ?>" />
Make
<input type="text" name="make" size="30" maxlength="20" value="<?php if (isset($_POST['make'])) echo $_POST['make']; ?>" />
Model
<input type="text" name="model" size="30" maxlength="20" value="<?php if (isset($_POST['model'])) echo $_POST['model']; ?>" /></p>
Mileage
<input type="text" name="mileage" sizesize="15" maxlength="6" value="<?php if (isset($_POST['mileage'])) echo $_POST['mileage']; ?>" /> </p>
<p>Operation <input type="text" name="op1" size="60" maxlength="250" value="<?php if (isset($_POST['op1'])) echo $_POST['op1']; ?>" />
Amount <input type="text" name="amount1" size="8" maxlength="20" value="<?php if (isset($_POST['amount1'])) echo $_POST['amount1']; ?>" /></p>
<br>
<input type="radio" name="eid" value="1767">Alex H<br>
<input type="radio" name="eid" value="1688">Blake S<br>
<input type="radio" name="eid" value="1506">Brian M<br>
<input type="radio" name="eid" value="1898">Chris V<br>
<input type="radio" name="eid" value="3000">Kim R<br>
<input type="radio" name="eid" value="1916">Jorden U<br>
<input type="radio" name="eid" value="1931">Tina M<br>
<input type="radio" name="eid" value="1506">Tanner C<br>
<br>
<input type="radio" name="perc" value=".35">35%
<br>
<input type="radio" name="perc" value=".40">40%
<p><input type="submit" name="submit" value="Add" /></p>
</form>
My understanding from your question.
Get query result as you mentioned.select name, eid, perc from employee
For Front End if you want pass both values in single select then use some unique separator like i'm using double underscore __
<?php foreach($result as $user): ?>
<select name="eid__perc" >
<option value="<?php $user->eid . '__' . $user->perc?>">
<?php $user->name; //in array case $user['name'];?>
<option>
<select>
<?php endforeach;?>
And when you save information use same separator to explode data like
list($eid, $perc) = explode('__', $_POST['eid__per'])
You need to use WHERE condition for that:
SELECT name, eid, perc FROM employee WHERE eid = ? AND perc = ?
Than use mysqli_stmt_bind_param($stmt, 'ss', $eid, $perc); to bind parameters.
I'm always getting error when inserting the value to my database. but it's working when i'm using mySQL only, I'm new to SQLi so please be gentel.
insert.php
<?php
include("dbinfo.inc.php");
//connect to mysql server
$mysqli = new mysqli("localhost", $username, $password, $database);
//check if any connection error was encountered
if(mysqli_connect_errno()) {
echo "Error: Could not connect to database.";
exit;
}
//insert
$query = "insert into client_info set (
id = '".$mysqli->real_escape_string('')."',
first = '".$mysqli->real_escape_string($_POST['first'])."',
last = '".$mysqli->real_escape_string($_POST['last'])."',
phone = '".$mysqli->real_escape_string($_POST['phone'])."',
mob = '".$mysqli->real_escape_string($_POST['mob'])."',
fax = '".$mysqli->real_escape_string($_POST['fax'])."',
email = '".$mysqli->real_escape_string($_POST['email'])."',
web = '".$mysqli->real_escape_string($_POST['web'])."',
com = '".$mysqli->real_escape_string($_POST['com'])."',
address = '".$mysqli->real_escape_string($_POST['address'])."',
city = '".$mysqli->real_escape_string($_POST['city'])."',
state = '".$mysqli->real_escape_string($_POST['state'])."',
zip = '".$mysqli->real_escape_string($_POST['zip'])."',
zone = '".$mysqli->real_escape_string($_POST['zone'])."',
office = '".$mysqli->real_escape_string($_POST['office'])."',
office_num = '".$mysqli->real_escape_string($_POST['office_num'])."',
ext_mob = '".$mysqli->real_escape_string($_POST['ext_mob'])."',
ext_phone = '".$mysqli->real_escape_string($_POST['ext_phone'])."',
ext_office = '".$mysqli->real_escape_string($_POST['ext_office'])."',
srv = '".$mysqli->real_escape_string($_POST['srv'])."',
stype = '".$mysqli->real_escape_string($_POST['stype'])."',
voip = '".$mysqli->real_escape_string($_POST['voip'])."',
vpass = '".$mysqli->real_escape_string($_POST['vpass'])."',
regDate = '".$mysqli->real_escape_string($_POST['regDate'])."',
acct = '".$mysqli->real_escape_string($_POST['acct'])."',
Nagents = '".$mysqli->real_escape_string($_POST['Nagents'])."',
agents = '".$mysqli->real_escape_string($_POST['agents'])."',
password = '".$mysqli->real_escape_string($_POST['password'])."'
)";
//execute the query
if( $mysqli->query($query) ) {
//if saving success
echo "User was created.";
}else{
//if unable to create new record
echo "Database Error: Unable to create record.";
}
//close database connection
$mysqli->close();
?>
create.php
<html>
<head>
<title></title>
<script language="JavaScript">
var today=new Date();
var jran=today.getTime();
function random() {
ia=9301;
ic=49297;
im=233280;
jran = (jran*ia+ic) % im;
return jran/(im*1.0);
};
function rand(number) {
return Math.ceil(random()*number);
};
function makearray(n) {
this.length = n;
for (var i = 1; i <= n; i++) this[i] = 0;
return this;
}
var asciitable = new makearray (128);
asciitable.length=128;
for (var i=0;i<=127;i++) asciitable[i]="";
asciitable[33]="!"; asciitable[34]="\"";
asciitable[35]="#"; asciitable[36]="$";
asciitable[37]="%"; asciitable[38]="&";
asciitable[39]="'"; asciitable[40]="(";
asciitable[41]=")"; asciitable[42]="*";
asciitable[43]="+"; asciitable[44]=",";
asciitable[45]="-"; asciitable[46]=".";
asciitable[47]="/"; asciitable[48]="0";
asciitable[49]="1"; asciitable[50]="2";
asciitable[51]="3"; asciitable[52]="4";
asciitable[53]="5"; asciitable[54]="6";
asciitable[55]="7"; asciitable[56]="8";
asciitable[57]="9"; asciitable[58]=":";
asciitable[59]=";"; asciitable[60]="<";
asciitable[61]="="; asciitable[62]=">";
asciitable[63]="?"; asciitable[64]="#";
asciitable[65]="A"; asciitable[66]="B";
asciitable[67]="C"; asciitable[68]="D";
asciitable[69]="E"; asciitable[70]="F";
asciitable[71]="G"; asciitable[72]="H";
asciitable[73]="I"; asciitable[74]="J";
asciitable[75]="K"; asciitable[76]="L";
asciitable[77]="M"; asciitable[78]="N";
asciitable[79]="O"; asciitable[80]="P";
asciitable[81]="Q"; asciitable[82]="R";
asciitable[83]="S"; asciitable[84]="T";
asciitable[85]="U"; asciitable[86]="V";
asciitable[87]="W"; asciitable[88]="X";
asciitable[89]="Y"; asciitable[90]="Z";
asciitable[91]="["; asciitable[92]="\\";
asciitable[93]="]"; asciitable[94]="^";
asciitable[95]="_"; asciitable[96]="`";
asciitable[97]="a"; asciitable[98]="b";
asciitable[99]="c"; asciitable[100]="d";
asciitable[101]="e"; asciitable[102]="f";
asciitable[103]="g"; asciitable[104]="h";
asciitable[105]="i"; asciitable[106]="j";
asciitable[107]="k"; asciitable[108]="l";
asciitable[109]="m"; asciitable[110]="n";
asciitable[111]="o"; asciitable[112]="p";
asciitable[113]="q"; asciitable[114]="r";
asciitable[115]="s"; asciitable[116]="t";
asciitable[117]="u"; asciitable[118]="v";
asciitable[119]="w"; asciitable[120]="x";
asciitable[121]="y"; asciitable[122]="z";
asciitable[123]="{"; asciitable[124]="|";
asciitable[125]="}"; asciitable[126]="~";
function nchar(num) {
if ((num>=33) && (num<=127)) return asciitable[num];
}
function doit() {
var i;
var n;
var s = "";
for (i=1;i<=8;i++) {
n=0;
while ( (n<=47) ||
((n>=58) && (n<=96)) ||
(n>=123)) n = rand(126);
s = s + nchar(n);
}
document.gen.password.value = s;
}
</script>
</head>
<body>
<form method="post" action="insert.php" name="gen">
<b>Personal Info:</b>
<p>First Name:<input type="text" name="first" size="20" /></p>
<p>Last Name:<input type="text" name="last" size="20" /></p>
<p>Mob:<input type="text" name="mob" size="20" />
ext:<input type="text" name="ext_mob" size="4" /></p>
<p>Phone:<input type="text" name="phone" size="20" />
ext:<input type="text" name="ext_phone" size="4" /></p>
<p>Fax:<input type="text" name="fax" size="20" /></p>
<p>E-mail:<input type="text" name="email" size="35" />
<p>Address:<input type="text" name="address" size="40" /></p>
<p>City:<input type="text" name="city" size="20" /></p>
<p>State:<input type="text" name="state" size="20" /></p>
<p>Zip Code:<input type="text" name="zip" size="5" /></p>
<p>Zone:<input type="text" name="zone" size="5" /></p>
<br>
<b>Office Info:</b>
<p>Company:<input type="text" name="com" size="40" /></p>
<p>Office Address:<input type="text" name="office" size="40" /></p>
<p>Office Num #:<input type="text" name="office_num" size="15" />
ext:<input type="text" name="ext_office" size="4" /></p>
<p>Website:<input type="text" name="web" size="30" /></p><br>
<b>Account Info:</b>
<p>Registry Date:<input type="text" name="regDate" size="30" /></p>
<p>Account:<input type="text" name="acct" size="20" /></p>
<p>Service:<input type="text" name="srv" size="15" /></p>
<p>Service Type:<input type="text" name="stype" size="40" /></p>
<p>Number of Agents:<input type="text" name="Nagents" size="3" /></p><br>
<b>Agent Info:</b>
<p>Agents:<input type="text" name="agents" size="40" /></p>
<p>VOID:<input type="text" name="voip" size="20" /></p>
<p>VOIP Password:<input type="text" name="vpass" size="20" /></p>
<br>
<input type="hidden" size="20" name="password">
<input type="submit" name="go" value="Insert to Database" onclick="doit()">
</form>
</body>
</html>
the error i get is when the scripts tries to insert the query to the DB
"Database Error: Unable to create record."
i tried to see if there are any output on my form, and there is, even tried to insert just one variable "first" still getting errors, don't know what I'm doing wrong here
If you are using SET syntax in INSERT statement, you should not use parenthesis around it.
-- One way to insert
INSERT INTO table SET col1 = 'val1', col2 = 'val2';
-- other way
INSERT INTO table(col1,col2) VALUES('val1','val2');
Also use native errors provided by the driver to see what's wrong with your query