Error when trying to Inserting into data into the database. Simple form

1
votes

I'm new to PHP I have put together a simple form to input data into a database but the data doesn't seem to be inserting into the database. I've been trying to get it working all day. shows the error Error to Inserting into database at the end of the code.

html

<div id="wrapper">

        <section id="top_area">

            <article class="box-right">

                    <form action="script/data.php" method="post">

                        <p> 
                            <label>Company Name:</label>
                            <input name="company_name" required="required" placeholder="Joes Cleaners" type="text">
                        </p>

                        <p> 
                            <label>Ref:</label>
                            <input name="ref_num" required="required" placeholder="D123" type="text">
                        </p>

                        <p> 
                            <label>Website:</label>
                            <input name="website" required="required" placeholder="joescleaner.co.uk" type="text">
                        </p>

                        <p> 
                            <label>Email:</label>
                            <input name="email" required="required" placeholder="[email protected]" type="email"> 
                        </p>

                        <p> 
                            <label>Telephone:</label>
                            <input name="tel" required="required" placeholder="0712345678" type="number"> 
                        </p>

                        <p> 
                            <label>Message:</label>
                            <input name="message" required="required" placeholder="hello" type="text"> 
                        </p>



                        <p> 
                            <input value="Submit" type="submit"> 
                        </p>      

                    </form>

            </article>

        </section>

    </div>

PHP 

<?php
$db_hostname = 'localhost';
$db_database = 'form';
$db_username = 'user';
$db_password = 'password';

// Connect to server.
$db_server = mysql_connect($db_hostname, $db_username, $db_password)
    or die("Unable to connect to MySQL: " . mysql_error());

// Select the database.
mysql_select_db($db_database)
    or die("Unable to select database: " . mysql_error());

// Select the database.
mysql_select_db("form")
    or die("Unable to select database: " . mysql_error());

// Get values from form
$company_name       = $_POST['company_name'];
$ref_num      = $_POST['ref_num'];  
$website        = $_POST['website'];    
$email       = $_POST['email'];
$tel    = $_POST['tel']; 
$message    = $_POST['message'];



// Insert data into mysql
$sql="INSERT INTO users (company_name, ref_num, website, email, tel, message)
VALUES ('$company_name', '$ref_num', '$website', '$email', $tel, $message, NOW())";
$result = mysql_query($sql); 

// if successfully insert data into database, displays message "Successful".
if($result){
header('Location: ../thankyou.php');
}
else {
echo "Error to Inserting into database";
}

// close mysql
mysql_close();
?>
3
phphtmlmysqldatabase
It's not a good idea to insert raw user data into database. Your sql query might to be injected or broken with simple quote at any field. Read about prepared statements. Of course mysql_* functions are deprecated. Use PDO or at least mysqli_* instead. - Panoptik

3 Answers

0
votes

You should start using PDO for DB access, mysql_query is deprecated.

PDO let's you make prepared statements. These are secured against SQL Injections (your code isn't).

$stmt = $dbh->prepare("INSERT INTO users (company_name, ref_num, website, email, tel, message) VALUES (:company_name, :ref_num, :website, :email, :tel, :message, NOW())");
$stmt->bindParam(':company_name', $company_name);
$stmt->bindParam(':ref_num', $ref_num);
// And bind the remaining parameters
[...]
$stmt->execute();

If this fails, you can get detailed informations by running

print_r($stmt->errorInfo());

That should help you with finding errors in your SQL.

$dbh is a new PDO instance (see PDO::__construct)

0
votes

As in your query you are trying to insert more than column values. Your query is :

$sql="INSERT INTO users (company_name, ref_num, website, email, tel, message) VALUES ('$company_name', '$ref_num', '$website', '$email', $tel, $message, NOW())"

Either remove NOW() data or add another column for NOW() data

Also you can try below query.

$sql="INSERT INTO users (company_name, ref_num, website, email, tel, message) VALUES ('$company_name', '$ref_num', '$website', '$email', $tel, $message)"
0
votes

When fixed column errors like Programming Student says, you should modify your mysql_query command: it needs the db connection you opened before.

Try this:

$result = mysql_query($db_server, $sql);

Why don't try Object Oriented syntax ?

if ($db_server->query($sql) === TRUE) {

header('Location: ../thankyou.php'); } else {

echo "Error: " . $conn->error;

}

}