Php form to sql

PHP
1

hi, I have a form that enters 2 pieces of data into a database, this works perfectly, however when i modify the form to enter 5 pieces of data i then get an error meesage

“ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ') values”

the original code is;

$db = mysql_connect($hostname, $db_user, $db_password);
mysql_select_db($database,$db);
?>
<html>
<head>
<title>data entry form </title>
</head>
<body>

<?php
if (isset($_REQUEST['Submit'])) {
# THIS CODE TELL MYSQL TO INSERT THE DATA FROM THE FORM INTO YOUR MYSQL TABLE
$sql = "INSERT INTO $db_table(user_first_name,user_surname) values 
(
'".mysql_real_escape_string(stripslashes($_REQUEST['user_first_name']))."',
'".mysql_real_escape_string(stripslashes($_REQUEST['user_surname']))."'
)";
if($result = mysql_query($sql ,$db)) {
echo '<h1>Thank you</h1>Your information has been entered into our database<br><br>';
} else {
echo "ERROR: ".mysql_error();
}
} else {
?>
<h1>Insert Data Into MySQL db using form in php</h1>
<hr>
<form method="post" action="">
  <p>CUSTOMER DETAILS  </p>
    first name:
    <input type="text" name="user_first_name">
    <br>
    surname:
    <input type="text" name="user_surname">
	    <br>
	    <br>
  </p>
  <div align="center"><br>
    
    <br>
    <input type="submit" name="Submit" value="Submit">
  </div>
</form>
<?php
}
?>
</body>
</html>
------------------------------------------------------------------------
ive modified it below to enter 5 pieces of data, ive highlighted what ive added in red.

$db = mysql_connect($hostname, $db_user, $db_password);
mysql_select_db($database,$db);
?>
<html>
<head>
<title>data entry form </title>
</head>
<body>

<?php
if (isset($_REQUEST['Submit'])) {
# THIS CODE TELL MYSQL TO INSERT THE DATA FROM THE FORM INTO YOUR MYSQL TABLE
$sql = "INSERT INTO $db_table(user_first_name,user_surname,[COLOR="Red"]user_date_day,user_date_month,user_date_year,[/COLOR]) values 
(
'".mysql_real_escape_string(stripslashes($_REQUEST['user_first_name']))."',
'".mysql_real_escape_string(stripslashes($_REQUEST['user_surname']))."',
[COLOR="Red"]'".mysql_real_escape_string(stripslashes($_REQUEST['user_date_day']))."',
'".mysql_real_escape_string(stripslashes($_REQUEST['user_date_month']))."',
'".mysql_real_escape_string(stripslashes($_REQUEST['user_date_year']))."'[/COLOR]
)";
if($result = mysql_query($sql ,$db)) {
echo '<h1>Thank you</h1>Your information has been entered into our database<br><br>';
} else {
echo "ERROR: ".mysql_error();
}
} else {
?>
<h1>Insert Data Into MySQL db using form in php</h1>
<hr>
<form method="post" action="">
  <p>CUSTOMER DETAILS  </p>
    [COLOR="Red"]date of move:
    <input type="text" name="user_date_day"><input type="text" name="user_date_month"><input type="text" name="user_date_year">
    <br>[/COLOR]
    first name:
    <input type="text" name="user_first_name">
    <br>
    surname:
    <input type="text" name="user_surname">
	    <br>
	    <br>
  </p>
  <div align="center"><br>
    
    <br>
    <input type="submit" name="Submit" value="Submit">
  </div>
</form>
<?php
}
?>
</body>
</html>

all help would be appreciated, ty

2

Just a thought, but this line:

"INSERT INTO $db_table(user_first_name,user_surname,user_date_day,user_date_month,user_date_year,)

has an extra comma after user_date_year Try removing that first.

3

omg it was as simple as that, thank you very very much, i’d been looking at the code over and over again and couldnt see what i’d done wrong. ty

4

Echo the query, does anything look out of place or missing?

5

yeah, the dangling comma :slight_smile:

6

Fresh eyes help. I’ve been in your place sooo many times.