Error with mysql INSERT INTO

Hey,

Im creating a form, and i am not sure why my code INSERT INTO is not working

<?php

if(isset($_POST[‘submit’]))
{
$dbc=mysqli_connect(‘localhost’,‘user_alien’,‘alien123’,‘futurepon’);
$business_name=mysqli_real_escape_string($dbc,trim($_POST[‘dealname’]));
$city= mysqli_real_escape_string ($dbc,trim($_POST[‘city’]));
$check=mysqli_real_escape_string($dbc, trim($_POST[‘check’]));
$other=mysqli_real_escape_string($dbc, trim($_POST[‘other’]));
$business_type=mysqli_real_escape_string($dbc,trim($_POST[‘type’]));
$website= mysqli_real_escape_string($dbc, trim($_POST[‘website’]));
$product=mysqli_real_escape_string($dbc,trim($_POST[‘product’]));
//validate form
$error= array();
if(empty($business_name)){$error=‘<p class=“alert”>Please enter the business name</p>’;}
if(empty($city)){$error=‘<p class=“alert”>Please select the city name</p>’;}
if(empty($business_type)){$error=‘<p class=“alert”>Please select the business type</p>’;}
if(count($error)==0){
//insert into database//
$query=“INSERT INTO new_pons VALUES(‘0’, ‘$business_name’,‘$city’,‘$other’,‘$business_type’,‘$website’, ‘$other’, ‘$other’)”;
$result=mysqli_query($dbc,$query)or die (‘there is a MYSQL error’);
if($result){echo’<p class=“alert”>Thank you! Your FuturePon has been created! <a href=“index.html”>Click here</a> to view latest FuturePons</p>';
mysqli_close($dbc);}

	}
	else{echo (implode('<br/>',$error));}

}

?>

Thanks Nathan!! Actually I fixed the problem, it was due to the order of the VALUES which was different in the database… didnt know about the “check” thing, will keep that in mind!!

thanks!

Ha, I just realized that you didn’t even have a “check” column in the code you posted. I was just taking that from the $_POST variable. Whoops…

Glad you got it fixed…

Well, for starters, the column name ‘check’ is reserved in MySQL (see the documentation at http://dev.mysql.com/doc/refman/5.1/en/reserved-words.html ).

Onto the code, though…

I was actually feeling a little generous, so I went ahead and re-wrote the entire script, well, mostly…

Try this code:

<?php
//
// Code modified by Nathan Malone
// Website: ProPHPDevelopmentBlog.com
//

if (isset($_POST['submit'])) { // If a form has been submitted
	
	// Connect to the database
	$dbc = mysqli_connect('localhost', 'username', 'password', 'db');
	
	// "Initialize" the formValues array
	$formValues = array();
	
	// "Initialize" the errorArray array
	$errorArray = array();
	
	// Instead of doing each one individually, let's loop through all the form variables submitted in the form, and apply the trim() function to them
	foreach ($_POST as $id => $value) {
		
		// Stuff the value of the $_POST array into the formValues array
		$formValues[$id] = trim($value);
		
	}
	
	// Error checking. Didn't feel like modifying this one, although this probably isn't the way I would have chosen to do error checking
	if (empty($formValues['dealname'])) {
		
		// Stuff a message into the errorArray array.
		//Notice that I took out the HTML tag. This will be added back in when the error is displayed
		$errorArray[] = 'Please enter the business name';
		
	}
	
	if (empty($formValues['city'])) { // Same as above...
		
		$errorArray[] = 'Please select the city name';
		
	}
	
	if (empty($formValues['type'])) { // Same as above...
		
		$errorArray[] = 'Please select the business type';
		
	}
	
	if (count($errorArray) == 0) { // If there are no errors
		
		// This is a cleaner way of creating queries, using sprintf() to do it.
		// You can look up the PHP manual for info on it, but it's very simple, just match up the %s with the escaped string / value it goes with
		$query = sprintf("INSERT INTO new_pons (id, business_name, city, check_field, other, business_type, website, product) VALUES ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s')",
		mysqli_real_escape_string($dbc, 0),
		mysqli_real_escape_string($dbc, $formValues['dealname']),
		mysqli_real_escape_string($dbc, $formValues['city']),
		mysqli_real_escape_string($dbc, $formValues['check']),
		mysqli_real_escape_string($dbc, $formValues['other']),
		mysqli_real_escape_string($dbc, $formValues['type']),
		mysqli_real_escape_string($dbc, $formValues['website']),
		mysqli_real_escape_string($dbc, $formValues['product']));
		
		print $query;
		
		// Run the query. If there are any errors, we display them (should probably be disabled for production - errors are best kept in a log that can be periodically reviewed)
		$result = mysqli_query($dbc, $query) or die (mysqli_error($dbc));
		
		if ($result) { // If the result was successful...
			
			print '<p class="alert">Thank you! Your FuturePon has been created! <a href="index.html">Click here</a> to view latest FuturePons</p>';
			
			mysqli_close($dbc);
			
		}
		
	} else { // If there was an error message...
		
		foreach ($errorArray as $error) { // Loop through all error message(s)
			
			// Here is where that HTML code is added in
			print '<p class="alert">' . $error . '</p>';
			
			// You'll want to display the form again under it, most likely...
			
		}
		
	}
	
} else { // If a form was not submitted...
	
	// Going to output the ugliest HTML form ever. If you want a pretty one, you'll have to pay me. :)
	print '<form method="post" action="">
	Form:
	<br>business_name: <input type="text" name="dealname" value="">
	<br>city: <input type="text" name="city" value="">
	<br>check: <input type="text" name="check" value="">
	<br>other: <input type="text" name="other" value="">
	<br>business_type: <input type="text" name="type" value="">
	<br>website: <input type="text" name="website" value="">
	<br>product: <input type="text" name="product" value="">
	<br>Submit: <input type="submit" name="submit" value="Submit!">
	
	</form>';
	
}
?>

Replace

die ('mysql error')

with

or die(mysql_error());

That way you can see what the error is.

Is there any error message? Try to force all the error reporting and see…

Can you show what you get the error message?

no error message, except when i use the or die (‘mysql error’)… so only mysql error appears in browser