Welcome to PhPBuilder. I am sure this forum is capable of putting your skills in the fast track..

Time for you to get a code-editor that does syntax highlighting. The post makes it clear where one of the problems lays:

('$POST[name]','$POST[bailamount]','$POST[otn]','$POST[date]','$POST[docket]','$POST[info]','$_POST[security]',');

It ends with a ,'

Personally I prefer:

$sql="
INSERT INTO bailfiles (name, bailamount, otn, date, docket, info, security)
VALUES
('".$_POST[name]."','".$_POST[bailamount]."','".$_POST[otn]."','".$_POST[date]."','".$_POST[docket]."','".$_POST[info]."','".$_POST[security]."');

Note that if you go with leatherback's preferred format, you'll want to surround the array indexes with quotes since they are strings; otherwise, you'll be generating E_NOTICE level errors for every instance of $_POST[foo]. More info/examples on that subject can be found in the manual: Why is $foo[bar] wrong?

Also note that user-supplied data should never be placed directly into a SQL query string, else your code will be vulnerable to SQL injection attacks and/or just plain SQL errors. Instead, you must first sanitize the data with a function such as [man]mysql_real_escape_string/man (for string data) or use prepared statements.

Ive made the edit but Im still getting the same error. I havnt been on in a few days due to other projects Ive been working on, so now its time for me to start cramming some code in.

As for the the SQL injection vulnerability, I plan on having the entire directory containing these scripts password protected (Im still trying to figure out htpassword), and the only users will be the other bail bondsmen I work with. Should I still be concerned about sanitizing the string? Tbh, none of the data we have is sensitive, its all public information on the Pennsylvania UJS Portal. I am only concerned about an injection that would remove the data.

H3mp wrote:

Ive made the edit but Im still getting the same error.

Can you show us what your code looks like now? Also, are you positive it's the exact same error message (e.g. the line number or text hasn't changed at all)?

H3mp wrote:

As for the the SQL injection vulnerability, I plan on having the entire directory containing these scripts password protected (Im still trying to figure out htpassword), and the only users will be the other bail bondsmen I work with. Should I still be concerned about sanitizing the string?

Yes.

H3mp wrote:

Tbh, none of the data we have is sensitive, its all public information on the Pennsylvania UJS Portal.

Irrelevant. It's not just SQL injection that you need to guard against, it's "just plain SQL errors" too. What happens if someone's name is O'Connor and you decide that you don't need to worry about sanitizing the data? Then your query looks something like:

VALUES ('O'Connor', ...

which is obviously broken.

Remove the ' quote in end of sql, it will resolves your problem...

You start the statement with a double quote, which you forget to close; In the SQL is a superfluous ,'

Heres what my code looks like now

<?php
$con = mysql_connect("localhost","bail_admin"," ");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("bail_bail", $con);

$sql="INSERT INTO bailfiles (name, bailamount, otn, date, docket, info, security)
VALUES
('$_POST[name]','$_POST[bailamount]','$_POST[otn]','$_POST[date]','$_POST[docket]','$_POST[info]','$_POST[security]');

if (!mysql_query($sql, $con))
  {
  die('Error: ' . mysql_error())
  }
echo 'record added'

else
mysql_close($con)
?>
</form></td></tr></tbody></table></center>

Ive tinkered with it and now it has a new error message.

Parse error: syntax error, unexpected $end in /home/bail/public_html/bailfiles/submitdata.php on line 54

Line 54 is the last line of the document. I wish I understood these error messages more.

Well.. the codes are easy if you read them:

Parse error:
syntax error,

unexpected $end
in /home/bail/public_html/bailfiles/submitdata.php
on line 54

In other words; There was an error parsing your document. The parser found a syntax error. The error is: The end of the document was reached before the code ended. This happening in such-andsuch script, on such-and-such line.

Look for open brackets, missing semicolons etc.

You could also just look at the syntax highlighting and know that something's gone awry since everything after the SQL query is red (e.g. a string). You then might check to see that the SQL query string was properly closed (which it is not - missing double quote at the end).

I feel like an idiot.

Can anyone recommend a good syntax highlighter? I found one through google, but it isnt as good as posting the code here.

I've made the changes and have adjusted errors again. This one is a bit more obvious to me.

Parse error: syntax error, unexpected '}' in /home/bail/public_html/bailfiles/submitdata.php on line 48

The code for that section would be

if (!mysql_query($sql, $con))
  {
  die('Error: ' . mysql_error())
  }
echo 'record added'

else
mysql_close($con)
?>

I've tried moving the bracket around into different positions, but nothings helping. I can tell its a simple fix though.

notepad++ is a simple free editor.

if
{
}
else
{
}

H3mp;10985942 wrote:

Can anyone recommend a good syntax highlighter?

Notepad2 or Notepad++ are two "light" editors (I personally have replaced the default notepad.exe in Windows with Notepad2). The topic of "What's your favorite editor and why?" has been covered ad nauseum in the Echo Lounge forum; feel free to search for 'editor' (or 'ide' or something similar) to dig up some of those discussions.

H3mp;10985942 wrote:

The code for that section would be

if (!mysql_query($sql, $con))
  {
  die('Error: ' . mysql_error())
  }
echo 'record added'

else
mysql_close($con)
?>

Couple of problems with that code. leatherback already pointed out one; you can't have any statements in between the if() block and an 'else' clause.

Second, you have three missing semicolons.

I went through about 4 more errors, but its finally working. Yous guys are awesome, thank you very much for your help.

Im going to go check out the recommended threat on syntax highlighters.

Thanks again!