-3

I have the following PHP code/file on my website but for some ungodly reason it will not insert the records typed in by the user into the mySQL database table as it is required to. Can anyone tell me why this is?

So far as I can tell the code is completely correct I don't know why this is happening...

Please help...Code is below...

<html>
<head>
</head> 
<body>
<form action="register_development_file_1.php" method="post">
    Email:  <input type="text" name="email"><br />
    Date:   <input type="text" name="date"><br />
    Time:   <input type="text" name="time"><br />
        <input type="submit" name="submit">
</form>

    <?php
    if  (isset($_POST['submit']))
    {
        $con = mysql_connect("localhost","username","password");
        if (!$con)
        {
            die("Could not connect to the database: " . mysql_error());
        }

        mysql_select_db("wwwbrecs_BREC",$con);

   $sql = "INSERT INTO 'signups' ('signup_email_address', 'signup_date', 'signup_time') VALUES ('$_POST[email]','$_POST[date]','$_POST[time]')";

        mysql_query($sql,$con);

        mysql_close($con);
    }
    ?>
</body>
</html>
Fabio
  • 23,183
  • 12
  • 55
  • 64
xzrb1187d
  • 7
  • 1
  • 2
  • 3
    Check `mysql_error()` after the query statement to check for errors. Furthermore, `mysql_x` functions are deprecated. Have a look at PDO and mysqli as a replacement. – Sirko May 18 '13 at 17:42
  • I'm sorry my php skills are poor. What exactly is a commit? – xzrb1187d May 18 '13 at 17:43

4 Answers4

2

There is a syntax error in your query, you sholdn't surround table name and column with quotes ' , at least you can use backtick `

INSERT INTO 'signups' ('signup_email_address', 'signup_date','signup_time')

Should be

INSERT INTO signups (signup_email_address, signup_date, signup _time) VALUES

Or

INSERT INTO `signups` (`signup_email_address`, `signup_date`, `signup _time`) VALUES

Only values (actually not integers for integers columns) should be surrounded with quotes '.

Then I would like to remember you that mysql_ functions are deprecated so i would advise you to switch to mysqli or PDO and indeed you are at risk of sql injection, have a look here How can I prevent SQL injection in PHP?. You should use prepared statment to avoid any risk

Community
  • 1
  • 1
Fabio
  • 23,183
  • 12
  • 55
  • 64
0

Here, is a better-version of script you created, because yours was 100% open to SQL injections, and really not even a conventional way of codding, this is safer but if you need safe, then I suggest you learn about PDO from here

<?php
     if(isset($_POST['submit'])){
       mysql_connect("localhost","username","password") or die(mysql_error());
       mysql_select_db("wwwbrecs_BREC", $con) or die(mysql_query());

      $email = mysql_real_escape_string($_POST['email']);
      $date = mysql_real_escape_string($_POST['date'])
      $time = mysql_real_escape_string($_POST['time'])

       $sql = "INSERT INTO 
            signups ('signup_email_address', 'signup_date','signup_time') 
            VALUES  ('".$email."','".$date."','".$time."')";

        mysql_query($sql, $con) or die(mysql_error());

        mysql_close($con);
    }
0

signups table should not be surrounded by single quotes ' but apostrophes `

Therefore 

    $sql = "INSERT INTO 'signups' ('signup_email_address', 'signup_date',                          'signup_time') VALUES ('$_POST[email]','$_POST[date]','$_POST[time]')";

Should be

    $sql = "INSERT INTO `signups` ('signup_email_address', 'signup_date',                          'signup_time') VALUES ('$_POST[email]','$_POST[date]','$_POST[time]')";
Nikola
  • 2,093
  • 3
  • 22
  • 43
0
<?php
$sql = "
    INSERT INTO signups 
    (signup_email_address, signup_date, signup_time) 
    VALUES 
    ('" . mysql_real_escape_string($_POST['email']) . "','" . mysql_real_escape_string($_POST['date']) . "', '" . mysql_real_escape_string($_POST['time']) . "')";

this should do the trick, also check your security

Nathan van der Werf
  • 332
  • 2
  • 10