[RESOLVED] Problem with inserting data to DB from a form

sansan

Hi guys, I'm new to PHP, and I'm trying to make a form which job is to insert the data into my database.

This is my HTML form:

<form action="addquestion.php" method="post" enctype="text/plain" name="ask me">
Name: <input name="name" type="text" style="width: 200px" tabindex="1">
Email: <input name="email" type="text" style="width: 200px"  tabindex="2">
Subject: <input name="subject" type="text" style="width: 200px"  tabindex="3">
Text: <textarea name="text" style="width: 250px; height: 150px" tabindex="4"></textarea>
<input name="Submit" type="submit" value="SEND" style="font: 100% Tahoma; width: 100px" tabindex="5">
</form>

Now this is my addquestion.php code:

<?php
//header.php includes all required information to establish the connection and to select the database.

include ('header.php');

$name = @intval(htmlspecialchars($_POST['name'])); 
$email = @intval(htmlspecialchars($_POST['email'])); 
$subject = @intval(htmlspecialchars($_POST['subject'])); 
$text = @intval(htmlspecialchars($_POST['text']));
$insert_query ="INSERT INTO 'mytable' ('name', 'email', 'subject', 'text') VALUES ($name, $email, $subject, $text)";
mysql_query($insert_query) or die (mysql_error());

include ('footer.php');
?>

but when i submit the form it goes to addquestion.php but it prints:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''mytable' ('name', 'email', 'subject', 'text') VALUES (0, 0, 0, 0)' at line 1

Why there is no data transmitted to addquestion.php?
Can anyone help me please?
Thanks in advance

zuhalter223

$insert_query ="INSERT INTO 'mytable' ('name', 'email', 'subject', 'text') VALUES ($name, $email, $subject, $text)";

Check your SQL statement.

Try this one instead...

$insert_query ="INSERT INTO mytable ('name', 'email', 'subject', 'text') VALUES ($name, $email, $subject, $text)";

Dont use single quotes around table names.

zuhalter223

zuhalter223;10926024 wrote:
$insert_query ="INSERT INTO 'mytable' ('name', 'email', 'subject', 'text') VALUES ($name, $email, $subject, $text)";

Check your SQL statement.

Try this one instead...

$insert_query ="INSERT INTO mytable ('name', 'email', 'subject', 'text') VALUES ($name, $email, $subject, $text)";

Dont use single quotes around table names.

Correction:

$insert_query ="INSERT INTO mytable (name,email, subject, text) VALUES ($name, $email, $subject, $text)";

Only use single quotes for values.

sansan

Thanks for your help, but still not working.

NogDog

Get rid of those [man]intval/man calls when populating your variables (unless they are supposed to contain integer values only). You probably should replace them with [man]mysql_real_escape_string/man in order to prevent SQL injection issues.

sansan

Get rid of those intval() calls when populating your variables (unless they are supposed to contain integer values only). You probably should replace them with mysql_real_escape_string() in order to prevent SQL injection issues.

i've changed the code as i understood from your post:

$name = @mysql_real_escape_string($_POST['name']); 
$email = @mysql_real_escape_string($_POST['email']); 
$subject = @mysql_real_escape_string($_POST['subject']); 
$text = @mysql_real_escape_string($_POST['text']);

but still not working??
can you give more explanation for this.
thanks for your help and still waiting for any other instructions

dagon

sansan;10926071 wrote:
but still not working??
can you give more explanation for this.
thanks for your help and still waiting for any other instructions

post your full current code and any\all errors you get.

sansan

This is my header.php:

<head>
<?php
require_once ('config/config.php');
?>
<title><?php echo main_title ?></title>
</head>
<?php
require_once ('config/connection.php');
?>

This is my config.php:

<?php
define("server","localhost");
define("db_user","myusername");
define("db_pass","mypassword");
define("db_name","mydbname");
define("main_title","mywebsitetitle");
?>

This is my connection.php

<?php
$connect= @mysql_pconnect(server,db_user,db_pass) or error_log("'Sorry, I was unable to esablish a connection because: '.mysql_error().' !'");

$db_select=@mysql_select_db(db_name,$connect) or error_log("'Sorry, I could not select the requested database because: '.mysql_error().' !'");
?>

This is my form in callme.php:

<form action="addquestion.php" method="post" enctype="text/plain" name="ask me">
Name: <input name="name" type="text" style="width: 200px" tabindex="1">
Email: <input name="email" type="text" style="width: 200px"  tabindex="2">
Subject: <input name="subject" type="text" style="width: 200px"  tabindex="3">
Text: <textarea name="text" style="width: 250px; height: 150px" tabindex="4"></textarea>
<input name="Submit" type="submit" value="SEND" style="font: 100% Tahoma; width: 100px" tabindex="5">
</form>

This is my addquestion.php code:

<?php
include ('header.php');

$name = @mysql_real_escape_string($_POST['name']); 
$email = @mysql_real_escape_string($_POST['email']); 
$subject = @mysql_real_escape_string($_POST['subject']); 
$text = @mysql_real_escape_string($_POST['text']); 
$insert_query ="INSERT INTO 'mytable' ('name', 'email', 'subject', 'text') VALUES ($name, $email, $subject, $text)"; 
mysql_query($insert_query) or die (mysql_error());
?>

This is the error message that results from addquestion.php:

Thanks in advance

dagon

well the values are empty they would work as empty if they where quoted, so thats a separate issue.

in addquestion.php, add

print_r($_POST);

at the top, fill in the form, submit it and see whats in the post array.

sansan

i think that there is no data moving from mailme.php to addquestion.php
because it prints:

Array()

plus it prints the same previous error message.

sansan

i think that there is no data moving from mailme.php to addquestion.php

just want to correct: mailme.php --> callme.php

dagon

callme.php is posting to addquestion.php, there's no mailme.php mentioned?

remove:

enctype="text/plain"

from the callme form and see if that helps.

sansan

sorry, i just mistyped mailme.php instead of callme.php

in addquestion.php, it prints the following:

Array ( [name] => sanname [email] => sanmail [subject] => sansubject [text] => santext [Submit] => SEND )
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''mytable' ('name', 'email', 'subject', 'text') VALUES (sanname, sanmail, sansubjec' at line 1

dagon

well all that is left is to quote the values in the mysql query and it should work

$insert_query ="INSERT INTO 'mytable' ('name', 'email', 'subject', 'text') VALUES ('$name', '$email', '$subject', '$text')";

sansan

There is something, i hope that it's not affecting the insert query, but "mytable" table contains the following columns:

id, name, email, subject, text, answer, view

and i'm not sending all the data for a full record, i'm sending part of the data, because i'm going to fill the 'answer' and 'view' fields later.

could it be the problem??

dagon

are you saying your still getting an error after changing the $insert_query to what i posted above? or is this a new issue?

sansan

no, this is a new issue. my basic db design is as i mentioned previously, so could it be that it is because i'm not sending all the data through my form for a full record.(i'm sending only 4 fields instead of the 7 fields?)

sorry for this but i'm still having this error:

Array ( [name] => sanname [email] => sanmail [subject] => sansubject [text] => santext [Submit] => SEND )
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''fatwa' ('name', 'email', 'subject', 'text') VALUES ('sanname', 'sanmail', 'sans' at line 1

dagon

again post your full code so i can see what changes you have made.

sansan

This is addquestion.php:

<?php
include ('header.php');

print_r($_POST);
?>
<br>
<?php

$name = @mysql_real_escape_string($_POST['name']); 
$email = @mysql_real_escape_string($_POST['email']); 
$subject = @mysql_real_escape_string($_POST['subject']); 
$text = @mysql_real_escape_string($_POST['text']); 

$insert_query ="INSERT INTO 'fatwa' ('name', 'email', 'subject', 'text') VALUES ('$name', '$email', '$subject', '$text')"; 

mysql_query($insert_query) or die (mysql_error());

include ('footer.php');
?>

and this is callme.php:

<form action="addquestion.php" method="post" name="ask me"> 
Name: <input name="name" type="text" style="width: 200px" tabindex="1"> 
Email: <input name="email" type="text" style="width: 200px"  tabindex="2"> 
Subject: <input name="subject" type="text" style="width: 200px"  tabindex="3"> 
Text: <textarea name="text" style="width: 250px; height: 150px" tabindex="4"></textarea> 
<input name="Submit" type="submit" value="SEND" style="font: 100% Tahoma; width: 100px" tabindex="5"> 
</form>

dagon

$insert_query ="INSERT INTO fatwa (name, email, subject, text) VALUES ('$name', '$email', '$subject', '$text')";