PHP Mysql query, No Error, Wont Insert Row_问答_开发者

PHP Mysql query, No Error, Wont Insert Row

开发者 https://www.devze.com 2022-12-19 16:31 出处：网络

The form submits correctly and it sends me an email. No error is reported and the SQL it creates works fine, I tested it at phpMyAdmin. mysql_error() raises nothing, it just doesn\'t add a row. Can an

相关专题：php

The form submits correctly and it sends me an email. No error is reported and the SQL it creates works fine, I tested it at phpMyAdmin. mysql_error() raises nothing, it just doesn't add a row. Can anyone see what's going on?

<?PHP 

$to = "me@gmail.com";
$subject = "New Lead"; 
$date = date ("l, F jS, Y"); 
$time = date ("h:i A");
$mysql = mysql_connect("db.perfora.net:3306","db","password");

if(!$mysql)
{
    die("Could Not Connect: ".mysql_error());
}

mysql_select_db("db",$mysql);



if ($_SERVER['REQUEST_METHOD'] == "POST") { 
    $name = $_POST['firstname']." ".$_POST['lastname'];
    $email = $_POST['email'];
    $phone = "(".$_POST['areacode'].") ".$_POST['firstthree']."-".$_POST['lastfour'];
    $area = $_POST['area'];
    $lookdate = $_POST['lmm']."/".$_POST['ldd']."/".$_POST['lyyyy'];
    $lookdatedb = date("{$_POST['lmm']}.{$_POST['ldd']}.{$_POST['lyyyy']}");
    $movedate = $_POST['mmm']."/".$_POST['mdd']."/".$_POST['myyyy'];
    $movedatedb = date("{$_POST['mmm']}.{$_POST['mdd']}.{$_POST['myyyy']}");
    $loft = $_POST['loft'] ? "loft" : "";
    $highrise = $_POST['highrise'] ? "highrise" : "";
    $traditional = $_POST['traditional'] ? "traditional" : "";
    $price = $_POST['price'];
    $comments = $_POST['comments'];

$sql = "INSERT INTO Leads 
            (Name, Email, Phone, Area, LookDate, MoveDate, Loft, HighRise, Traditional, Price, Comments) 
            VALUES 
            ('$name', '$email', '$phone', '$area', '$lookdatedb', '$movedatedb', '{$_POST['loft']}', '{$_POST['highrise']}', '{$_POST['traditional']}', '$price', '$comments')";

if (mysql_query($sql,$con))
{
  echo "Row added.";
}
else
{
  echo "Error adding row: " . mysql_error();
  echo("\n\n".$sql);
}


$msg = "
    New Lead Submitted On $date at $time.\n\n

    Name: $name\n
    Email: $email\n
    Phone: $phone\n
    Area: $area\n
    Look Date: $lookdate\n
    Move Date: $movedate\n
    Type: $loft $highrise $traditional开发者_JAVA百科 \n
    Price: $price\n
    Comments: $comments\n


";  

}
mysql_close($mysql);
mail($to, $subject, $msg, "From:$email"); 
if ($forward == 1) { 
    header ("Location:$location"); 
} 
else { 
    echo "Thank you for submitting our form. We will get back to you as soon as possible."; 
} 

?>

Response:

Thank you for submitting our form. We will get back to you as soon as possible.

Generated SQL:

INSERT INTO Leads (Name, Email, Phone, Area, LookDate, MoveDate, Loft, HighRise, Traditional, Price, Comments) VALUES ('work work', 'work@work.com', '(214) 131-4131', 'dallas', '02.18.2010', '02.25.2010', '', '1', '1', '$333333333333333333', '33fdsdfsdfsd')

Database Structure:

http://imgur.com/iQHRk.jpg

Let's see, your DB connection handle is obviously referenced by $mysql, but you've done this:

if (mysql_query($sql,$con))

Your DB handler is wrong.

mysql_query($sql,$con);

should return something why don't you take a look at that

i.e.

$result = mysql_query('SELECT * WHERE 1=1');
if (!$result) {
    die('Invalid query: ' . mysql_error());
}

It's a best practice to check for errors when you can.

Also to be noted, you are not escaping any of the user input so your code is vulnerable to SQL injections. please use mysql_real_escape_string.

take the post variable in another variable and then pass to the insert query i think it will be work like this

$sql = "INSERT INTO Leads (Name, Email, Phone, Area, LookDate, MoveDate, Loft, HighRise, Traditional, Price, Comments) VALUES ('$name', '$email', '$phone', '$area', '$lookdatedb', '$movedatedb', '$loft', '$highrise', '$traditional', '$price', '$comments')";

mysql_query($sql);