Link to home
Start Free TrialLog in
Avatar of kallestie
kallestieFlag for United States of America

asked on

PHP Insert Post Data into MySQL

For some reason this query does not insert. The connection is there. Does anyone see a syntax error or something? I cannot figure out why it will not insert.

$registration_query = "INSERT INTO event_users (first_name,last_name,company,phone,email,passwrd,is_active,last_login,super_admin,address,address2,city,state,zip,phone,URL) values ('$firstname','$lastname','$organization','$telephone','$email','$password1',1,GetDate(),0,'$address','$address2','$city','$state','$zip','$telephone','$URL')";
Avatar of nplib
nplib
Flag of Canada image

lets see the whole code.
what you should do is echo the query, copy and paste the outputted query into a query agent and run it and see what errors it produces

one of your variables might contain a ' in it, which will break said query

you could always mysql_real_escape_string() each variable to be sure.
Avatar of gamebits
I suppose you have after what you show

$result = mysql_query($registration_query)
Replace GetDate() with NOW(). GetDate is used in MS SQL, and Now() is the MySQL equivalent to GetDate(), and will get the current timestamp.
Curdate() will give you just the date if your field type is date
now() will give you date and time if your field type is datetime
Avatar of kallestie

ASKER

$registration_query = "INSERT INTO event_users (first_name,last_name,company,phone,email,passwrd,is_active,last_login,super_admin,address,address2,city,state,zip,phone,URL) values ('$firstname','$lastname','$organization','$telephone','$email','$password1',1,Curdate() ,0,'$address','$address2','$city','$state','$zip','$telephone','$URL')";
      
$result = mysql_query($registration_query);

This returns nothing.
ASKER CERTIFIED SOLUTION
Avatar of Loganathan Natarajan
Loganathan Natarajan
Flag of India image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
what about what I initially said about mysql_real_escape_string

the ones I didn't escape where password, because you shouldn't allow ' in a password anyways
or if you do you should be encrypting the password and there is no ' in encrypted strings.

$zip should be numbers,
$phone shoud be numbers
$url can't have a ' in it anyways, so you should be testing for that before hand and make sure they type a proper url.
$registration_query = "INSERT INTO event_users (first_name,last_name,company,phone,email,passwrd,is_active,last_login,super_admin,address,address2,city,state,zip,phone,URL) values ('".mysql_real_escape_string($firstname)."','".mysql_real_escape_string($lastname)."','".mysql_real_escape_string($organization)."','".mysql_real_escape_string($telephone)."','".mysql_real_escape_string($email)."','$password1',1,Curdate() ,0,'".mysql_real_escape_string($address)."','".mysql_real_escape_string($address2)."','".mysql_real_escape_string($city)."','".mysql_real_escape_string($state)."','$zip','$telephone','$URL')";
      
$result = mysql_query($registration_query);

Open in new window

I notice your password field is named 'passwrd', while all your other field names are not abbreviated. Is this field name accurate? If the missing 'o' is a typo, and the field name is actually 'password', you'll need to wrap the field name in backticks (`password`) because "password" is a reserved term in MySQL. Always a good idea to wrap all table and field names in backticks to avoid problems like this - even better idea to avoid using reserved words as table/field names.

Just another possibility. 'logudotcom's suggestion of adding the or die() error output will tell you if you've got field naming issues.
Thank you, I had phone 2 times.