1

I want insert multiple variable as VALUES in my database table. here is my code

include 'database_connect.php';

$namef=  $_post["fnam"];
$lnamel= $_post["lnam"];
$addres= $_post["addres"];
$mail= $_post["email"];
$countr= $_post["countr"];
$db= $_post["do"];
$m= $_post["m"];
$pasword= $_post["pas"];

$insertSql= "INSERT INTO abcd(Id, First_name, Last_name, Address, Email, Country, Date_of_birth, Mobile_number, Password, Status) 
VALUES(NULL,'$namef', '$namel', '$addres', '$mail', '$countr', '$db', '$m', '$pasword', '0')";

if(mysql_query($insertSql))
    header("location: login_success.php");
else
    header("location: wrong_inf.php");

here only in Id and status field are inserted and all other fields are going empty even though i am giving some input in those inputs.

I don't know how to solve this.

Note:here Id is integer type and status is tinyint type and all other field is varchar type.

shajib0o
  • 581
  • 2
  • 5
  • 8

5 Answers5

2

For using post variable you need use

$_POST['fieldname']

and not as

$_post["fieldname"]

Because the $_POST array is case sensitive in php

Also always check whether query is executed correctly or not using mysql_error() and the proceed 

$query = mysql_query($insertSql) or die(mysql_error());

if($query)
  {
   // updated
  }
else
   {
    // not updated
   }

And at last i advice you not use mysql_* functions and start use mysqli_* function or PDO

krishna
  • 4,069
  • 2
  • 29
  • 56
1

PHP Variables are case-sensitives

try

$namef=$_POST["fnam"];
$lnamel=$_POST["lnam"];

ETC....

user1844933
  • 3,296
  • 2
  • 25
  • 42
1

write $_REQUEST OR $_POST instead of $_post

also use exit after calling header(".."); and escape before sql execution to prevent injections

your modified code is

include 'database_connect.php';

$namef=  $_REQUEST["fnam"];
$lnamel= $_REQUEST["lnam"];
$addres= $_REQUEST["addres"];
$mail= $_REQUEST["email"];
$countr= $_REQUEST["countr"];
$db= $_REQUEST["do"];
$m= $_REQUEST["m"];
$pasword= $_REQUEST["pas"];

$namef = mysql_real_escape_string($namef);
$lnamel = mysql_real_escape_string($lnamel);
$addres = mysql_real_escape_string($addres);
$mail= mysql_real_escape_string($mail);
$countr = mysql_real_escape_string($countr);
$db = mysql_real_escape_string($db);
$m = mysql_real_escape_string($m);
$pasword = mysql_real_escape_string($pasword);

$insertSql= "INSERT INTO abcd(Id, First_name, Last_name, Address, Email, Country, Date_of_birth, Mobile_number, Password, Status) 
VALUES(NULL,'$namef', '$namel', '$addres', '$mail', '$countr', '$db', '$m', '$pasword', '0')";

if(mysql_query($insertSql))
{
    header("location: login_success.php");
    exit;
}
else
{
    header("location: wrong_inf.php");
    exit;
}

NOTE: mysql_* is deprecated now user mysqli_* OR PDO

Satish Sharma
  • 9,547
  • 6
  • 29
  • 51
0

You could start by writing out your SQL string after you build it to see if the values are being added properly:

echo $insertSql;

If there are blank items in there, check your $_POST data are being passed through properly:

var_dump($_POST);

(And as krishna pointed out, you're using lowercase $_post when you should be using uppercase $_POST.)

Also, though you didn't ask about it, you shouldn't write data directly from the $_POST array to your database without sanitizing it first. Best bet is to use PDO, but if you're going to use the mysql_* functions, then use mysql_real_escape_string on each item you are writing to the database, like this:

$sql = 'INSERT INTO `table` (`column`) VALUES ("' . mysql_real_escape_string($_POST['item']) . '")';
Dave Child
  • 7,573
  • 2
  • 25
  • 37
0

one of the error is undefine variable is $namel in sql

replaece it with $lnamel

wild
  • 340
  • 1
  • 3
  • 14