Can't store data in Database(PHP, MySQL)

StackOverflow https://stackoverflow.com/questions/23133477

Question

yesterday it took me nearly 4 hours to fix this php code.. im a beginner in php, so i don't have the experience to find the bug in this code.

the .php give me no errors, i also wrote this two lines at the begin:

error_reporting(E_ALL | E_STRICT);´
ini_set('display_errors', TRUE);



and this is my php code: 

//Variablen zuweisen
$name = filter_input(INPUT_POST, 'name');
$email = filter_input(INPUT_POST, 'email');
$betreff = filter_input(INPUT_POST, 'betreff');
$message = filter_input(INPUT_POST, 'message');

/*if (($vorname == "") OR ($nachname == "") OR($email == "")) {
        echo "Fehler: Eintrag unvollständig.";
        die; 
}*/

    //Verbindung herstellen
    $datenbank = mysql_connect("*******", "****", "*****") or die ("Verbindung fehlgeschlagen: ".mysql_error());
    $verbunden = mysql_select_db("4109932db1") or die ("Datenbank nicht gefunden oder fehlerhaft");

    //Daten in DB speichern
    $sql_befehl = mysql_query("INSERT INTO Contact_Requests (Name,Mail,Betreff,Message) VALUES ($name, $email, $betreff, $message");

    if($sql_befehl)
    { echo "Ihr Eintrag wurde hinzugefügt."; }

    //Verbindung beenden
    mysql_close($datenbank);

this is my html code, i have a formular and this should send data to my php file (insert.php)

<form method="post" action="insert.php">
                <table>
                    <tr>
                        <td>Name:*</td><td><input type="text" value="Name" id="name" onfocus="nameDel();" onblur="nameSet();" name="name" ></td>
                    </tr>
                    <tr>
                        <td>E-Mail:*</td><td><input type="email" value="E-Mail" id="email" onfocus="emailDel();" onblur="emailSet();" name="email"></td>
                    </tr>
                    <tr>
                        <td>Betreff:*</td><td><input type="text" value="Grund der Nachricht" id="regard" onfocus="regardDel();" onblur="regardSet();" name="betreff"></td>
                    </tr>
                </table>
                <p>
                    Nachricht:*<br><textarea cols="50" rows="10" id="msg" onfocus="msgDel();" onblur="msgSet();" name="message">Deine Nachricht</textarea>
                </p>    
                <p>
                    <input type="submit" value="Senden" id="send" onclick="sendContact();">
                </p>
            </form>
Was it helpful?

Solution

This part is what is affected:

VALUES ($name, $email, $betreff, $message")

The variables need to be wrapped in quotes:

VALUES ('$name', '$email', '$betreff', '$message')

Your double quote at the end is not in the right spot because you forgot a closing bracket )

(Name,Mail,Betreff,Message) VALUES ($name, $email, $betreff, $message");
                                                                     ^

which should be

VALUES ('$name', '$email', '$betreff', '$message')");

The affected line should now look like:

$sql_befehl = mysql_query("INSERT INTO Contact_Requests (Name,Mail,Betreff,Message) VALUES ('$name', '$email', '$betreff', '$message')");

Sidenote: Your present code is open to SQL injection. Use mysqli_* functions. (which I recommend you use and with prepared statements, or PDO)

mysql_* functions are deprecated and will be removed from future PHP releases.

Since you are just beginning to get into coding:

Here are a few tutorials on prepared statements that you can study and try:

Here are a few tutorials on PDO:

OTHER TIPS

DON'T USE that code. It's quite old. Try with pdo, as mine, or other.

Why do you use the sendContact() action on javascript? that's not php. Are you using ajax, so? If not, you must know that on click refers to js not to php.

I don't know what you did, but here's an example of PHP code you can use to insert the data in the database.

<?php /*insert.php*/
try {
$database_connection = new PDO('mysql:host='. $dbhost .';dbname='. $dbname . ';charset=utf8', $dbuser, DB_PASS);
}   catch (PDOException $e) {
                echo $e->getMessage();
}

$database_connection->prepare("INSERT into db_name (add, ghj, qwe) VALUES (:value1, :value2, :value3"); //and so on

$database_connection->bind(":value1", $value, PDO::PARAM_vartype); //vartype is the variable type (integer-int...)

/do the rest of values/

$database_connection->execute();

?>

Problem is most likely in this line

$sql_befehl = mysql_query("INSERT INTO Contact_Requests (Name,Mail,Betreff,Message) VALUES ($name, $email, $betreff, $message");

It should be

$sql_befehl = mysql_query("INSERT INTO Contact_Requests (Name,Mail,Betreff,Message) VALUES ('$name', '$email', '$betreff', '$message')");
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top