Form won't send to the MySQL database?

Question

<?php require_once('../../config/auth.php');
include "../../config/connection.php";

$rank = $_SESSION['SESS_USER_RANK'];

if ($rank == 0){

header("location: ../../errors/606.php");
exit();

}

$custom = $_POST['name'];
$ulx = $_POST['ulx'];
$price = $_POST['price'];
$desc = $_POST['desc'];


$addrank = "INSERT INTO ranks (rank_name, rank_ulx_name, rank_price, pr_desc)
VALUES ('$custom', '$ulx', '$price', '$desc',)";
mysql_query($addrank);

header("location: ../../editranks.php");
exit();
?>

    <h4>Add Custom Rank</h4>

            <table class="table table-hover table-hover">
          <thead>
            <tr>
              <th>Rank Name</th>
              <th>Ulx Name</th>
                     <th>Price</th>
              <th>Description</th>
            </tr>
          </thead>
          <tbody>

   <form method="post" action="functions/admin/addrank.php"><tr>

   <td style="width: 14%;"><input class="form-control" type="text" name="name" value=""></td>
   <td style="width: 14%;"><input class="form-control" type="text" name="ulx" value=""></td>
   <td style="width: 14%;"><input class="form-control" type="text" name="price" value=""></td>
   <td style="width: 15%;"><input class="form-control" type="text" name="desc" value=""></td>
                  <td style="width: 11%;"><input class="btn btn-primary" type="submit" value="Add Rank!"></a></td>

                </tr></form>  



                        </tbody>
        </table>

Right so, the code is above and when I try and add a rank, it doesn't do anything. Flat out, just refreshes the page pretty mcuh and nothing shows. I can go into PhpMyAdmin and add things manually to each catagory that is already in the database. But other than that, it doesn't work. I don't get any errors and the form does show up, but nothing happens when I send. Any help would be great, I am not an expert in MySQl/PHP so this is what I have. Thanks!

You are vulnerable to [SQL injection attacks](http://bobby-tables.com), and are simply assuming your code is perfect. You need to have `$result = mysql_query($addrank) or die(mysql_error());` as a bare minimum error handling system. — Marc B, Mar 20 '14 at 20:33
Please don't insert raw input data into your database without validating it. At the very least, please use the mysql_real_escape_string() function escape out single quotes. Also, mysql_* functions have been deprecated as of PHP 5.5. Look into using mysqli or PDO. Examples can be seen on the official PHP manual. [link](http://php.net) — 9997, Mar 20 '14 at 20:34
Didn't think I was assuming my code is perfect xD As I said, I am not an expert, I've only just started really. Thank you though for the comments, I will edit acoordingly. — FireGriffin, Mar 20 '14 at 20:37
If [`the answer`](http://stackoverflow.com/a/22544464/) that has been provided for you below has solved your problem, and to close the question and be marked as answered, click the White checkmark till it turns Green. @FireGriffin If it did not solve it, let me know. — Funk Forty Niner, Mar 20 '14 at 21:13

score 3 · Answer 1 · edited May 23 '17 at 12:05

Remove the last comma in '$desc',

('$custom', '$ulx', '$price', '$desc')

Also, do read this article regarding SQL injection.

Using mysqli_* functions: (which I recommend you use and with prepared statements, or PDO)

$custom = mysqli_real_escape_string($con,$_POST['name']); // etc.

$con being a DB connection variable once you do (hopefully) move over to using.

as an example.

mysql_* functions are deprecated and will be removed from future PHP releases.

Here are a few tutorials on prepared statements that you can study and try:

Here are a few tutorials on PDO:

(A look ahead) Should you ever decide to get into using password storage later on (many do), I recommend that you use one of the following (although there are others):

crypt()
PHP 5.5 password_hash() function

Form won't send to the MySQL database?

1 Answers1