0

My PHP program wont insert my records entered in the browser into my SQL database. See code below. This code is an update to one I asked about earlier. Someone suggested this for security among other reasons.

I DO NOT get any errors at all program runs fine in the browser however whenever I check the database no entries have been put in it after running the code. Am I missing something? 

<html>
<head>
</head> 
<body>
<form action="register_development_file_1b.php" method="post">
    Email:  <input type="text" name="email"><br />
    Date:   <input type="text" name="date"><br />
    Time:   <input type="text" name="time"><br />
        <input type="submit" name="submit">
</form>

<?php
     if(isset($_POST['submit']))
     {
       $con = mysql_connect("localhost","username","password") or die(mysql_mysql);
       mysql_select_db("databasename", $con) or die(mysql_query("databasename", $con));

      $email = mysql_real_escape_string($_POST['email']);
      $date = mysql_real_escape_string($_POST['date']);
      $time = mysql_real_escape_string($_POST['time']);

       $sql = "INSERT INTO 
            signups ('signup_email_address', 'signup_date','signup_time') 
            VALUES  ('".$email."','".$date."','".$time."')";

        mysql_query($sql, $con) or die(mysql_error());

        mysql_close($con);
    }
?>
</body>
</html>
Mohit Bhansali
  • 1,725
  • 4
  • 20
  • 43
xzrb1187d
  • 7
  • 1
  • 2

3 Answers3

2

There is a typo in your SQL query. Then names of the fields, ('signup_email_address', 'signup_date','signup_time') must not be written between ''. This is used exclusively for strings, among the values, not for names of fields, tables, schema or whatever. If you want to put those between quotation marks, use ` instead.

Havenard
  • 27,022
  • 5
  • 36
  • 62
1

Correct From:

 $sql = "INSERT INTO 
            signups ('signup_email_address', 'signup_date','signup_time') 
            VALUES  ('".$email."','".$date."','".$time."')";

To:

 $sql = "INSERT INTO 
            signups (signup_email_address, signup_date,signup_time) 
            VALUES  ('".$email."','".$date."','".$time."')";

And try. I think it should work.

Pupil
  • 23,834
  • 6
  • 44
  • 66
  • Hello Everyone on Stackoverflow I would LOVE to GREATLY thank all of you for helping me for more than 6 hours ive been working on this and ive finally solved the problem. I want to share with all of you what was wrong in the hope it might help some one else in the future.... as it turns out I DID NOT at myself (i.e. my username) as a USER in the database system on the host server... BIG DUH... anyway all your suggestions have worked especially the bits about security and mySQL injection Again Thank you all – xzrb1187d May 18 '13 at 22:54
0

query should be as shown below

$sql = "INSERT INTO 
            signups (signup_email_address, signup_date,signup_time) 
            VALUES  ('$email','$date','$time')";
Manish Jangir
  • 505
  • 3
  • 9
  • thank you all for you assistance I will try these suggestions and report if any or all of them work... – xzrb1187d May 18 '13 at 21:45
  • Hello Everyone on Stackoverflow I would LOVE to GREATLY thank all of you for helping me for more than 6 hours ive been working on this and ive finally solved the problem. I want to share with all of you what was wrong in the hope it might help some one else in the future.... as it turns out I DID NOT at myself (i.e. my username) as a USER in the database system on the host server... BIG DUH... anyway all your suggestions have worked especially the bits about security and mySQL injection Again Thank you all – xzrb1187d May 19 '13 at 13:16