0

I am very new to PHP & MySQL. Just designing websites for friends as a hobby, so any help is greatly appreciated. When I have a simple contact form on my page I keep getting error messages when submitting the information. Here is the PHP:

<?php
$con = mysql_connect("localhost","user","password");
if (!$con))  {
die('Could not connect: ' . mysql_error());
 }

mysql_select_db("database_name", $con);

$sql="INSERT INTO contact (first_name, last_name, email, phone, message)
VALUES
('$_POST[first_name]','$_POST[last_name]','$_POST[email]','$_POST[phone]','$_POST[message])";

if (!mysql_query($sql,$con)) {
die('Error: ' . mysql_error());
}
echo "1 record added";

mysql_close($con);
?>

I put in my username & password where necessary, but I keep "localhost" there. Is this correct? I have hosting through webhostingpad. I also insert my database name above. Here is my HTML:

<!--Start of order form-->

<form id="contactform" method="POST" action="http://www.talephotography.com/insert.php">
<p><label>First Name:<br />
<input type="text" name="first_name" class="textfield" value="" />
</label></p>

<p><label>Last Name:<br />
<input type="text" name="last_name" class="textfield" value="" />
</label></p>

<p><label>Email: <br />
<input type="text" name="email" class="textfield" value="" />
</label></p>

<p><label>Phone: <br />
<input type="text" name="phone" class="textfield" value="" />
</label></p>

<p><label>Message: <br />
<textarea name="message" class="textarea" cols="45" rows="5"></textarea>
</label></p>

<p><input type="submit" name="submit" class="button" value="Submit" /></p>
</form>
<!--End of order form-->

I can elaborate anywhere necessary.

Changed some of the code, it's only posting the email address to the database however.

mysql_select_db("databasename", $con);

$first = mysql_real_escape_string($_POST['first']);
$last = mysql_real_escape_string($_POST['last']);
$email = strip_tags(mysql_real_escape_string($_POST['email']));
$number = preg_replace('/[^0-9]/', '', $_POST['number']);
$number =  (int) $number;


$sql="INSERT INTO contact (first, last, email, phone);
VALUES
('$first','$last','$email','$number')";

There's my code, however when I check my database the only info listed is the email address.

Improve this question
6
  • Didnt you get any email with info when you got the hosting? Commented Apr 26, 2012 at 16:31
  • It often helps if you actually tell us the error, usually by copying and pasting it in. This makes it less of a chore to help you as we can telly ou the answer without reading blocks of code. Commented Apr 26, 2012 at 16:32
  • The error is Parse error: syntax error, unexpected ')' in /home2/___/public_html/insert.php on line 3 Commented Apr 26, 2012 at 16:42
  • 1
    Beware SQL Injection! Commented Apr 26, 2012 at 16:53
  • Also missing a ' in your query after '$_POST[message]) Commented Apr 26, 2012 at 17:17

5 Answers 5

Reset to default
3

localhost is correct if the database server is on the same machine as the web server. When you set up the database it should have told you somewhere what you need to connect to.

That aside, escape your -----------ing inputs!!!!

Seriously, take those variables and wash them thoroughly with mysql_real_escape_string and then concatenate them into the query. You'll thank me later.

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

Id also add to that "DONT USE ----ing ext/mysql"! use Mysqli or PDO :-)
@prodigitalson There is nothing wrong with MySQL (or any other system) as long as you know how to use it.
Also strip HTML special chars. I.e.: $message=nl2br(htmlspecialchars(stripslashes($message)));
@mjsa — Eeek! (1) Don't nl2br unless you really mean it (and it is cheap and dirty, using something that turns text into real HTML (with paragraphs!) is much better. (2) Do use htmlspecialchars but only before you insert some text into an HTML document (don't do it before inserting into the database). (3) Don't use stripslashes unless the server has magic quotes turned on (and even then you are better off disabling magic quotes, they are more trouble then they are worth).
There isnt anything wrong with MySQL... but the ext/mysql extension is antiquated and its ridiculous to use it unless you are supporting legacy software.. its even more ridiculous to try and learn it at this point.
|
0

You have an extra ) in your if statement:

if (!$con))  {

should be

if (!$con)  {
Improve this answer

Comments

0 
 if (!$con)) it is wrong one extra ')' present here, remove ')' and then execute

for example

       if (!$con){

        //do something

           }
Improve this answer

Comments

0

Its query that is wrong, you have a ; that is in the middle of your query.

$sql="INSERT INTO contact (first, last, email, phone);
   VALUES
('$first','$last','$email','$number')";

Notice it on the end of first line. Change this to:

$sql="INSERT INTO contact  VALUES
('$first','$last','$email','$number')";
Improve this answer

Comments

0

The problem is with your third line

$con = mysql_connect("localhost","user","password");
if (!$con))  {
die('Could not connect: ' . mysql_error());
}

there is an extra closing bracket ) in your third line. Remove it and then voilà!

hope this helps.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.