Unable to post this form php to mysql

Question

I'm trying to post form data to mysql. But I'm super confused and tired of all the characters. I think I'm missing some character or added too many characters! Please help me to pass this php form into mysql.

The browser reacts on this row error:

"'" . $_POST['credit_card_expiration'] ."',".);

Here is the code:

<?php
session_start(); // Start session first thing in script
// Script Error Reporting
error_reporting(E_ALL);
ini_set('display_errors', '1');
// Connect to the MySQL database  
include "storescripts/connect_to_mysql.php";
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
        <title>Untitled Document</title>
    </head>

    <body>
        <?php
        //let's create the query
        $insert_query = "INSERT INTO order (".
        "name,".
        "email_address,".
        "membership_type".
        "terms_and_conditions,".
        "name_on_card,".
        "credit_card_number,".
        "credit_card_expiration_data,".
        ") values 
    (".
        "'" . $_POST['name'] . "', ".
        "'" . $_POST['email_address'] . "',".
        "'" . $_POST['membership_type'] . "',".
        "'" . $_POST['terms_and_conditions'] . "',".
        "'" . $_POST['name_on_card'] . "',".
        "'" . $_POST['credit_card_number'] . "',".
        "'" . $_POST['credit_card_expiration'] ."',".);

        //let's run the query
        mysql_query($insert_query);
        ?>
    </body>
</html>

My Form:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Untitled Document</title>
</head>

<body>
<form method="post" action="form_process.php">
Name on card: 
<input type="text" name="name_on_card"><br />
Credit card number:
<input type="text" name="credit_card_number"><br />
Credit card Expiration date: 
<input type="text" name="credit_card_expiration_date"><br />

<input type="hidden" name="name"
 value="<?php echo $_POST['name']; ?>">

<input type="hidden" name="email_address"
 value="<?php echo $_POST['email_address']; ?>">

<input type="hidden" name="membership_type"
 value="<?php echo $_POST['membership_type']; ?>">

<input type="hidden" name="terms_and_conditions"
  value="<?php echo $_POST['terms_and_conditions']; ?>">

<input type="submit" value="Submit">
</form>
</body>
</html>

Try mysql_query($insert_query) or trigger_error(mysql_error()); and see what shows up. — Wayne Whitty, Oct 16 '13 at 10:08

score 2 · Answer 1 · edited May 23 '17 at 10:25

2

Don't use mysql_ functions (Why shouldn't I use mysql_* functions in PHP?)
in $_POST['credit_card_expiration'] ."',".); the last ",". should'nt be there
We need to see the form to give you a proper answer
FILTER the inputs (or read about SQL injection here: How can I prevent SQL injection in PHP? ). Please.

edited May 23 '17 at 10:25

Community

1
1

answered Oct 16 '13 at 10:09

opalenzuela

3,139
21
41

Also: storing cc details? In plain text? – Alasjo Oct 16 '13 at 10:11
Well, that should be the number 5... :P – opalenzuela Oct 16 '13 at 10:11
It's just a rapid prototype :) OK just added the form. – Onizuka Oct 16 '13 at 10:17
@Onizuka the point number 2 should solve the issue. You are using the period "." to chain a string with nothing else (just before the parenthesis). Remove it and the last comma, and it should work. – opalenzuela Oct 16 '13 at 10:19

kinske · Answer 2 · 2013-10-16T10:28:02.590

I totally agree with @opalenzuela. To 1. I have to edit: see http://php.net/manual/de/book.pdo.php

and to 2. you also missed a "," after membership_type and your last ")" isnt part of the string as it should be.

So correct code would be:

<?php 
session_start(); // Start session first thing in script
// Script Error Reporting
error_reporting(E_ALL);
ini_set('display_errors', '1');
// Connect to the MySQL database  
include "storescripts/connect_to_mysql.php"; 
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org /TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Untitled Document</title>
</head>

<body>
<?php

//let's create the query
$insert_query = "INSERT INTO order (".
"name,".
"email_address,".
"membership_type,".
"terms_and_conditions,".
"name_on_card,".
"credit_card_number,".
"credit_card_expiration_data,".
") values 
(".
"'" . $_POST['name'] . "', ".
"'" . $_POST['email_address'] . "',".
"'" . $_POST['membership_type'] . "',".
"'" . $_POST['terms_and_conditions'] . "',".
"'" . $_POST['name_on_card'] . "',".
"'" . $_POST['credit_card_number'] . "',".
"'" . $_POST['credit_card_expiration'] ."')";

//let's run the query
mysql_query($insert_query);

?>
</body>
</html>

Next advice is to put your $_POST values in variables, it's more clearly to read. Also you dont have to append strings if you make a line break, just move on writing. After this your code would look like this:

<?php 
session_start(); // Start session first thing in script
// Script Error Reporting
error_reporting(E_ALL);
ini_set('display_errors', '1');
// Connect to the MySQL database  
include "storescripts/connect_to_mysql.php"; 
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org /TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Untitled Document</title>
</head>

<body>
<?php

$name                   = $_POST['name'];
$email_address          = $_POST['email_address'];
$membership_type        = $_POST['membership_type'];
$terms_and_conditions   = $_POST['terms_and_conditions'];
$name_on_card           = $_POST['name_on_card'];
$credit_card_number     = $_POST['credit_card_number'];
$credit_card_expiration = $_POST['credit_card_expiration'];

//let's create the query
$insert_query = "INSERT INTO order (
    name
    email_address,
    membership_type,
    terms_and_conditions,
    name_on_card,
    credit_card_number,
    credit_card_expiration_data
) values (
    '$name',
    '$email_address',
    '$membership_type',
    '$terms_and_conditions',
    '$name_on_card',
    '$credit_card_number',
    '$credit_card_expiration')";

//let's run the query
mysql_query($insert_query);

?>
</body>
</html>

Sal00m · Answer 3 · 2013-10-16T10:20:55.807

0

Change

"'" . $_POST['credit_card_expiration'] ."',".);

With this

"'" . $_POST['credit_card_expiration'] ."')";

And don't use mysql_* functions, the extension is deprecated

Edited:

And put a comma after membership_type!! i forgot it

edited Oct 16 '13 at 10:20

answered Oct 16 '13 at 10:09

Sal00m

2,938
3
22
33

score 0 · Answer 4 · answered Oct 16 '13 at 10:09

0

Your query has a value seperator (comma) after the last value, it also does not have an ending bracket. Change :

"'" . $_POST['credit_card_expiration'] ."',".);

to

"'" . $_POST['credit_card_expiration'] ."')");

answered Oct 16 '13 at 10:09

Lee

10,496
4
37
45

Donovan Charpin · Answer 5 · 2013-10-16T10:16:48.520

Why you have ."',". at the end?

"'" . $_POST['credit_card_expiration'] ."',".);
                                            ^ create an error
"'" . $_POST['credit_card_expiration']);

Moreover, you use the concatenation when it is not useful. Use the . only when you concatenate variable and string for axample

$insert_query = "INSERT INTO order (
name,
email_address,
membership_type,
terms_and_conditions,
name_on_card,
credit_card_number,
credit_card_expiration_data) 
values ('"
.$_POST['name']."','"
.$_POST['email_address'] . "','"
.$_POST['membership_type'] . "','"
.$_POST['terms_and_conditions'] . "','"
.$_POST['name_on_card'] . "','"
.$_POST['credit_card_number'] . "','"
.$_POST['credit_card_expiration']);

Ajith S · Answer 6 · 2013-10-16T10:24:25.800

The code should be

"'" . $_POST['credit_card_expiration'] ."')";

instead of

"'" . $_POST['credit_card_expiration'] ."',".);

Try this,

 $insert_query = "INSERT INTO order (
                        name,
                        email_address,
                        membership_type,
                        terms_and_conditions,
                        name_on_card,
                        credit_card_number,
                        credit_card_expiration_data) 
                        values (".
                        "'" . $_POST['name'] . "', ".
                        "'" . $_POST['email_address'] . "',".
                        "'" . $_POST['membership_type'] . "',".
                        "'" . $_POST['terms_and_conditions'] . "',".
                        "'" . $_POST['name_on_card'] . "',".
                        "'" . $_POST['credit_card_number'] . "',".
                        "'" . $_POST['credit_card_expiration'] ."')";

score 0 · Answer 7 · answered Oct 16 '13 at 10:32

i have modified your query a little try this,

                 $insert_query = "INSERT INTO order (
    'name',
    'email_address',
    'membership_type',
    'terms_and_conditions'
    'name_on_card'
    'credit_card_number',
    'credit_card_expiration_data')values ('".$_POST["name"]."','".$_POST["email_address"]."','".$_POST["membership_type"]."','".$_POST["terms_and_conditions"]."','".$_POST["name_on_card"]."','".$_POST["credit_card_number"]."','".$_POST["credit_card_expiration"]."')";

Unable to post this form php to mysql

7 Answers7