Script won't save to database...

esmtech

I gotten this script to work almost perfectly but for some reason it won't save to the database. here is my relevant code. Can someone please help and tell me where I made my mistake.

<?php

// Declare unsuccess so a value is always available
$unsuccess = "";


// Declare success so a value is always available
$success = "";

// Turn on magic quotes to prevent SQL injection attacks
if(!get_magic_quotes_gpc())
	set_magic_quotes_runtime(1);
// Connect to database
$eg_objConn1 = mysql_connect("216.169.158.97", "esmtech", "esmtech456");
mysql_select_db("securedatadb", $eg_objConn1);

// Random confirmation code
$confirm_code = md5(uniqid(rand()));

// Validate users input
if(!empty($_POST))
{
	// Check zipcode has a value
	if(empty($_POST['zipcode'])) $eg_error['zipcode'] = "You must enter a value for zipcode!";
	// Check firstname has a value
	if(empty($_POST['firstname'])) $eg_error['firstname'] = "You must enter a value for firstname!";
	// Check passquestion has a value
	if(empty($_POST['passquestion'])) $eg_error['passquestion'] = "You must enter a value for passquestion!";
	// Check confirmemail has a value
	if(empty($_POST['confirmemail'])) $eg_error['confirmemail'] = "You must enter a value for confirmemail!";
	// Check telephone has a value
	if(empty($_POST['telephone'])) $eg_error['telephone'] = "You must enter a value for telephone!";
	// Check passanswer has a value
	if(empty($_POST['passanswer'])) $eg_error['passanswer'] = "You must enter a value for passanswer!";
	// Check lastname has a value
	if(empty($_POST['lastname'])) $eg_error['lastname'] = "You must enter a value for lastname!";
    // Check username has a value
	if(empty($_POST['username'])) $eg_error['username'] = "You must enter a value for username!";
    // Check password has a value
	if(empty($_POST['password'])) $eg_error['password'] = "You must enter a value for password!";
	// Check confirmpass has a value
	if(empty($_POST['confirmpass'])) $eg_error['confirmpass'] = "You must enter a value for confirmpass!";
	// Check state has a value
	if(empty($_POST['state'])) $eg_error['state'] = "You must enter a value for state!";
	// Check that confirmpass is the same as (comparison)
	if(isset($_POST['confirmpass'])) if($_POST['confirmpass'] != @$_POST['password']) $eg_error['confirmpass'] = "confirmpass must be the same as (password)!";
	// Check city has a value
	if(empty($_POST['city'])) $eg_error['city'] = "You must enter a value for city!";
	// Check address has a value
	if(empty($_POST['address'])) $eg_error['address'] = "You must enter a value for address!";
	// Check that confirmemail is the same as (comparison)
	if(isset($_POST['confirmemail'])) if($_POST['confirmemail'] != @$_POST['email']) $eg_error['confirmemail'] = "confirmemail must be the same as (email)!";
	// Check company has a value
	if(empty($_POST['company'])) $eg_error['company'] = "You must enter a value for company!";
	// Get Record Set
	$eg_reccount_email = mysql_query("SELECT COUNT(email) FROM temp_members WHERE email = '".$_POST['email']."'", $eg_objConn1);
	$eg_count_email = @mysql_fetch_array($eg_reccount_email, MYSQL_ASSOC);
	// Check if email is in data source
	if($eg_count_email['COUNT(email)'] > 0) $eg_error['email'] = "email must be unique (not in data source)!";
	// Close recordset
	if(isset($eg_reccount_email)) @mysql_free_result($eg_reccount_email);
	// Check email has a value
	if(empty($_POST['email'])) $eg_error['email'] = "You must enter a value for email!";
	// Check if any errors were returned and run relevant code
	if(empty($eg_error))
	{
		// Run query
		mysql_query("INSERT INTO `temp_members`(`confirm_code`, `firstname`, `lastname`, `company`, `address`, `address2`, `city`, `state`, `zipcode`, `telephone`, `fax`, `email`, `confirmemail`, `password`, `confirmpass`, `passquestion`, `passanswer`, 'username','agree') VALUES('".$confirm_code."', '".@$_POST['firstname']."', '".@$_POST['lastname']."', '".@$_POST['company']."', '".@$_POST['address']."', '".@$_POST['address2']."', '".@$_POST['city']."', '".@$_POST['state']."', '".@$_POST['zipcode']."', '".@$_POST['telephone']."', '".@$_POST['fax']."', '".@$_POST['email']."', '".@$_POST['confirmemail']."', '".@$_POST['password']."', '".@$_POST['confirmpass']."', '".@$_POST['passquestion']."', '".@$_POST['passanswer']."', '".@$_POST['username']."','".@$_POST['agree']."')", $eg_objConn1);
		// Conditional statement
		if(!empty($_POST))
		{
			$success = "A confirmation email has been sent to your email address!";
			$eg_text_1 = "\"Here is the confirmation link to activate your account.\nClick on this link to activate your account: \nhttp://www.secure-data.net/confirmation.php?passkey=$confirm_code\n\n";
			// Check required values have been passed to email
			if(!empty($_POST['email']))
			{
				// Send email
				mail(@$_POST['email'], "Your confirmation link to roderickrowser.com.", $eg_text_1, "From: Roderick Rowser <rrowser@roderickrowser.com>\r\n");

		}
	}
	else
	{
		$unsuccess = "Sorry we cannot send a confirmation link to your e-mail address. Please enter all required fields, thank you!";
	}
}
}

?>

cahva

Echo your insert query to see if its okay(and run it through mysql). Insert queries may not give you any error but you could try if [man]mysql_error()[/man] gives you any specific error. BTW, what's with the heavy use of error suppression @? Theres not many situations you would actually have to use them. Code the way that errors wont show up, dont suppress them 🙂 So get rid of all the @ characters atleast in front of $_POST. There's no need to suppress errors, they will help you spot the errors and notices.

igorlopez

You are overusing the character (which is valid for mySql syntax but not always necessary). The main problem is that you have managed to get a couple of ' instead of in the INSERT query.

Change from:

`passanswer`, 'username','agree') VALUES(

To:

`passanswer`, username, agree) VALUES(

or put in ` if you feel it is necessary.