Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 322
  • Last Modified:

INSERT records into MySQL 4.1.20 database using PHP form

I've written a simple form to insert records from PHP into a MySQL database and am receiving the error,

"could not add the entry because:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''TEST', 'TES', 'test', 'test', 'est', 'test', 'test', 'test', 'test', 'essay_cho' at line 1."

I'm pretty sure the PHP is clean and it's the SQL query part of the code that is wrong. I've attached the code for the page. Please let me know if I need to set up dummy logins and passwords for testing.

Any help is greatly appreciated.
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Add an Entry</title>
<style type="text/css" media="screen">
	.error {color:red;}
</style>
</head>

<body>
<?php
/* This script adds a blog entry to the database */

ini_set ('display_errors',1);// display errors

if(isset($_POST['submitted'])) { // handle the form

	// connect and select:
	$dbc = mysql_connect('localhost', 'username', 'password');
	mysql_select_db('trash4cash2010');
	
	//Validate the form data:
	$problem = FALSE;
	if (!empty($_POST['last_name']) ) {
		$last_name = mysql_real_escape_string(trim($_POST['last_name']));
	} else {
		print '<p class="error">Please enter your last name.</p>';
		$problem = TRUE;
	}
	
	if (!empty($_POST['first_name']) ) {
		$first_name = mysql_real_escape_string(trim($_POST['first_name']));
	} else {
		print '<p class="error">Please enter your first name.</p>';
		$problem = TRUE;
	}
	
	if (!empty($_POST['email']) ) {
		$email = mysql_real_escape_string(trim($_POST['email']));
	} else {
		print '<p class="error">Please enter your email address.</p>';
		$problem = TRUE;
	}
	
	if (!empty($_POST['phone']) ) {
		$phone = mysql_real_escape_string(trim($_POST['phone']));
	} else {
		print '<p class="error">Please enter your phone number.</p>';
		$problem = TRUE;
	}
	
	if (!empty($_POST['school']) ) {
		$school = mysql_real_escape_string(trim($_POST['school']));
	} else {
		print '<p class="error">Please enter your high school.</p>';
		$problem = TRUE;
	}
	
	if (!empty($_POST['school_city']) ) {
		$school_city = mysql_real_escape_string(trim($_POST['school_city']));
	} else {
		print '<p class="error">Please enter your high school city.</p>';
		$problem = TRUE;
	}
	
	if (!empty($_POST['school_city']) ) {
		$school_city = mysql_real_escape_string(trim($_POST['school_city']));
	} else {
		print '<p class="error">Please enter your high school city.</p>';
		$problem = TRUE;
	}
	
	if (!empty($_POST['school_phone']) ) {
		$school_phone = mysql_real_escape_string(trim($_POST['school_phone']));
	} else {
		print '<p class="error">Please enter your high school phone number.</p>';
		$problem = TRUE;
	}
	
	if (!empty($_POST['counselor']) ) {
		$counselor = mysql_real_escape_string(trim($_POST['counselor']));
	} else {
		print '<p class="error">Please enter the name of your Guidance Counselor.</p>';
		$problem = TRUE;
	}
	
	if (!empty($_POST['college']) ) {
		$college = mysql_real_escape_string(trim($_POST['college']));
	} else {
		print '<p class="error">Please enter the name of the college you anticipate attending.</p>';
		$problem = TRUE;
	}
	
	if (!empty($_POST['essay_choice']) ) {
		$essay_choice = mysql_real_escape_string(trim($_POST['essay_choice']));
	} else {
		print '<p class="error">Please enter your essay choice.</p>';
		$problem = TRUE;
	}
	
		if (!empty($_POST['essay']) ) {
		$essay = strip_tags(mysql_real_escape_string(trim($_POST['essay'])));
	} else {
		print '<p class="error">Please enter your essay.</p>';
		$problem = TRUE;
	}
	
		if (!empty($_POST['date_entered']) ) {
		$date_entered = strip_tags(mysql_real_escape_string(trim($_POST['date_entered'])));
	} else {
		print '<p class="error">Please enter the date.</p>';
		$problem = TRUE;
	}
	
	
	if (!$problem) {//there is no problem so insert into database
	
		// Define the query:
		$query = "INSERT INTO applications (entry_id, last_name, first_name, email, phone, school, school_city, school_phone, counselor, college, essay_choice, essay, date_entered) VALUES (0 '$last_name', '$first_name', '$email', '$phone', '$school', '$school_city', '$school_phone', '$counselor', '$college', '$essay_choice', '$essay', '$date_entered)";
		
		// execute the query
		if (@mysql_query($query)) {
			print'<p>The blog entry has been added!</p>';
		} else {
			print '<p class="error">could not add the entry because:<br />' . mysql_error() . '.</p><p>the query being run was: ' . $query . '</p>';
		}
		
	}//no problem
	
	mysql_close();
	
} // end for form submission if

// display form:
?>
<form action="add_entry.php" method="post">
		<ul>
			<li><p><strong>General Information</strong></p></li>
			<li>
				<label for="last_name">Last Name:</label>
				<input type="text" name="last_name" value="" />
			</li>
			<li>
				<label for="first_name">First Name:</label>
				<input type="text" name="first_name" value="" />
			</li>
			<li>
				<label for="email">E-mail:</label>
				<input type="text" name="email" value="" />
			</li>
			<li>
				<label for="phone">Phone Number:</label>
				<input type="text" name="phone" value="" />
			</li>
			<li>
				<label for="school">High School Name:</label>
				<input type="text" name="school" value="" />
			</li>
            <li>
				<label for="school_city">High School City:</label>
				<input type="text" name="school_city" value="" />
			</li>
			<li>
				<label for="school_phone">High School Phone Number:</label>
				<input type="text" name="school_phone" value="" />
			</li>
			<li>
				<label for="counselor">Name of Guidance Counselor:</label>
				<input type="text" name="counselor" value="" />
			</li>
			<li>
				<label for="college">College Anticipated to Attend:</label>
				<input type="text" name="college" value="" />
			</li>
			<li>
				<label for="essay_choice">Essay Choice:</label>
				<select name="essay_choice" value="essay_choice" /> 
                <option value="" selected="selected">Choose an essay prompt</option>
                <option value="essay_choice_1">Choice #1</option>
                <option value="essay_choice_2">Choice #2</option>
			</li>
            
            <li>
				<label for="essay">Essay:</label>
				<textarea name="essay" rows="8"></textarea>
			</li>
            
            <li>
				<label for="date_entered">Date Entered:</label>
				<input type="text" name="date_entered" value="" />
			</li>
      
			<li>
				<input type="submit" name="submit" value="Post This Entry!" />
	<input type="hidden" name="submitted" value="true" />
			</li>
		</ul>
	</form>
</body>
</html>

Open in new window

0
lisacowan
Asked:
lisacowan
  • 6
  • 3
  • 2
2 Solutions
 
kingofninesCommented:
missing closing quote for $date_entered...

'$essay', '$date_entered)";
0
 
lisacowanAuthor Commented:
Thanks for pointing that out, however, the problem still exists. The error message I'm getting says, "

could not add the entry because:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''test', 'test', 'test', 'test', 'test', 'test', 'test', 'test', 'test', 'essay_c' at line 1.

the query being run was: INSERT INTO applications (entry_id, last_name, first_name, email, phone, school, school_city, school_phone, counselor, college, essay_choice, essay, date_entered) VALUES (0 'test', 'test', 'test', 'test', 'test', 'test', 'test', 'test', 'test', 'essay_choice_1', 'test', 'test')

"

Lisa
0
 
gamebitsCommented:
Assuming entry_id is set to auto-increment try this

INSERT INTO applications (entry_id, last_name, first_name, email, phone, school, school_city, school_phone, counselor, college, essay_choice, essay, date_entered) VALUES ('', 'test', 'test', 'test', 'test', 'test', 'test', 'test', 'test', 'test', 'essay_choice_1', 'test', 'test')


0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
lisacowanAuthor Commented:
That did the trick. Thanks for the speedy answer!

Lisa
0
 
gamebitsCommented:
Thanks for the points and the grade, glad to help.

Gamebits
0
 
kingofninesCommented:
Your script had 2 errors, both of which caused the script to fail. One person pointed one out to you, the other pointed the other out to you and yet only one got points. Seems fair.
0
 
lisacowanAuthor Commented:
Good point. I'll try to figure out how to split the points.

Lisa
0
 
lisacowanAuthor Commented:
I re-posted the question so I can award points to you as well.

Lisa
0
 
lisacowanAuthor Commented:
Trying to increase point value to 500.
0
 
kingofninesCommented:
Thank you Lisa. Good of you to take the time to correct that.


Alan
0
 
lisacowanAuthor Commented:
I appreciate the help.

Lisa
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 6
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now