SitePoint Sponsor

User Tag List

Results 1 to 7 of 7
  1. #1
    SitePoint Member
    Join Date
    Apr 2009
    Posts
    8
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Brand new to PHP. error in code but I just can't see it!!

    Hi guys, new to the forum and new to PHP - I have written a script to enable me to enter employee details into my MySQL database but it just won't work lol, here is the code if anyone can help please

    PHP Code:
    <?php

    $fullname 
    $_POST['fullname'];
    $date_of_birth $_POST['date_of_birth'];
    $address_1 $_POST['address_1'];
    $address_2 $_POST['address_2'];
    $address_3 $_POST['address_3'];
    $postcode $_POST['postcode'];
    $home_phone $_POST['home_phone'];
    $mobile_phone $_POST['mobile_phone'];
    $ni_number $_POST['ni_number'];
    $next_of_kin $_POST['next_of_kin'];
    $phone_number $_POST['phone_number'];
    $doctor $_POST['doctor'];
    $doctor_address_1 $_POST['doctor_address_1'];
    $doctor_address_2 $_POST['doctor_address_2'];
    $doctor_address_3 $_POST['doctor_address_3'];
    $doctor_postcode $_POST['doctor_postcode'];
    $doctor_phone_number $_POST['doctor_phone_number'];
    $known_medical_issues $_POST['known_medical_issues'];
    $date_started $_POST['date_started'];


    $dbc mysqli_connect('localhost','web205-wr_2013','wr_2013','web205-wr_2013')
    or die (
    'Error connecting to Database');


    $query "INSERT INTO staff (fullname, date_of_birth, address_1, address_2, address_3, postcode, home_phone, mobile_phone, ni_number, next_of_kin, phone_number, doctor, doctor_address_1, doctor_address_2, doctor_address_3, doctor_postcode, doctor_phone_number, known_medical_issues, date_started)" .

    "VALUES ('$fullname', '$date_of_birth', '$address_1', '$address_2', '$address_3', '$postcode', '$home_phone', '$mobile_phone', '$ni_number', '$next_of_kin', '$phone_number', '$doctor', '$doctor_address_1', '$doctor_address_2', '$doctor_address_3', '$doctor_postcode', '$doctor_phone_number', '$known_medical_issues', '$date_started')";

    $result mysqli_query($dbc$query)
    or die (
    'Error querying Database.');




    mysqli_close ($dbc);

  2. #2
    SitePoint Member
    Join Date
    Apr 2009
    Posts
    8
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I have changed the name of the database and password by the way lol

  3. #3
    SitePoint Member
    Join Date
    Apr 2009
    Posts
    8
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I get the "Error querying Database." Error

  4. #4
    SitePoint Wizard bronze trophy chris.upjohn's Avatar
    Join Date
    Apr 2010
    Location
    Melbourne, AU
    Posts
    2,198
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    When using MySQL queries you should always the built in error functions which in your case would be the mysqli_error() function, however another thing you should consider is escaping all your inputs as your current code is open to SQL injections. See the below code which i have modified to escape all the values in one go instead of going through each one manually.

    PHP Code:
    // Set all the database input value indexes
    $keys = array('fullname''date_of_birth''address_1''address_2''address_3''postcode''home_phone''mobile_phone''ni_number''next_of_kin''phone_number''doctor''doctor_address_1''doctor_address_2''doctor_address_3''doctor_postcode''doctor_phone_number''known_medical_issues''date_started');

    // Escape all the inputs
    $values = array();

    foreach (
    $keys as $key) {
        if (isset(
    $_POST[$key]) && !empty($_POST[$key])) {
            
    $values[] = mysqli_real_escape_string($dbc$_POST[$key]);
        } else {
            
    $values[] = 'NULL';
        }
    }

    // Setup and run the query
    $query "INSERT INTO staff (" join(','array_values($keys)) . ") VALUES ('" join("','"array_values($values)) . "')";

    if (!
    $result mysqli_query($dbc$query)) {
        die(
    'MySQL Error: ' mysqli_error($dbc));


  5. #5
    SitePoint Member
    Join Date
    Apr 2009
    Posts
    8
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thank you Chris very much - I am learning from a book so I copied the code from that lol. I will use your code thanks so much

    Paul

  6. #6
    From Italy with love silver trophybronze trophy
    guido2004's Avatar
    Join Date
    Sep 2004
    Posts
    9,509
    Mentioned
    163 Post(s)
    Tagged
    4 Thread(s)
    Another useful thing to do when debugging, is echo out the value of $query so you can check if it is as you expect it to be. And then you can also copy and paste it in phpMyAdmin, and see if it runs there.

  7. #7
    SitePoint Member
    Join Date
    Apr 2009
    Posts
    8
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks Guido


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •