-1

yesterday it took me nearly 4 hours to fix this php code.. im a beginner in php, so i don't have the experience to find the bug in this code.

the .php give me no errors, i also wrote this two lines at the begin:

error_reporting(E_ALL | E_STRICT);´
ini_set('display_errors', TRUE);



and this is my php code: 

//Variablen zuweisen
$name = filter_input(INPUT_POST, 'name');
$email = filter_input(INPUT_POST, 'email');
$betreff = filter_input(INPUT_POST, 'betreff');
$message = filter_input(INPUT_POST, 'message');

/*if (($vorname == "") OR ($nachname == "") OR($email == "")) {
        echo "Fehler: Eintrag unvollständig.";
        die; 
}*/

    //Verbindung herstellen
    $datenbank = mysql_connect("*******", "****", "*****") or die ("Verbindung fehlgeschlagen: ".mysql_error());
    $verbunden = mysql_select_db("4109932db1") or die ("Datenbank nicht gefunden oder fehlerhaft");

    //Daten in DB speichern
    $sql_befehl = mysql_query("INSERT INTO Contact_Requests (Name,Mail,Betreff,Message) VALUES ($name, $email, $betreff, $message");

    if($sql_befehl)
    { echo "Ihr Eintrag wurde hinzugefügt."; }

    //Verbindung beenden
    mysql_close($datenbank);

this is my html code, i have a formular and this should send data to my php file (insert.php)

<form method="post" action="insert.php">
                <table>
                    <tr>
                        <td>Name:*</td><td><input type="text" value="Name" id="name" onfocus="nameDel();" onblur="nameSet();" name="name" ></td>
                    </tr>
                    <tr>
                        <td>E-Mail:*</td><td><input type="email" value="E-Mail" id="email" onfocus="emailDel();" onblur="emailSet();" name="email"></td>
                    </tr>
                    <tr>
                        <td>Betreff:*</td><td><input type="text" value="Grund der Nachricht" id="regard" onfocus="regardDel();" onblur="regardSet();" name="betreff"></td>
                    </tr>
                </table>
                <p>
                    Nachricht:*<br><textarea cols="50" rows="10" id="msg" onfocus="msgDel();" onblur="msgSet();" name="message">Deine Nachricht</textarea>
                </p>    
                <p>
                    <input type="submit" value="Senden" id="send" onclick="sendContact();">
                </p>
            </form>
Nico
  • 699
  • 1
  • 7
  • 16

3 Answers3

3

This part is what is affected:

VALUES ($name, $email, $betreff, $message")

The variables need to be wrapped in quotes:

VALUES ('$name', '$email', '$betreff', '$message')

Your double quote at the end is not in the right spot because you forgot a closing bracket )

(Name,Mail,Betreff,Message) VALUES ($name, $email, $betreff, $message");
                                                                     ^

which should be

VALUES ('$name', '$email', '$betreff', '$message')");

The affected line should now look like:

$sql_befehl = mysql_query("INSERT INTO Contact_Requests (Name,Mail,Betreff,Message) VALUES ('$name', '$email', '$betreff', '$message')");

Sidenote: Your present code is open to SQL injection. Use mysqli_* functions. (which I recommend you use and with prepared statements, or PDO)

mysql_* functions are deprecated and will be removed from future PHP releases.

Since you are just beginning to get into coding:

Here are a few tutorials on prepared statements that you can study and try:

Here are a few tutorials on PDO:

Community
  • 1
  • 1
Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
  • the tutorials that you posted, are about mysqli_* or? mysqli_* syntax and mysql_* syntax are different or? – Nico Apr 17 '14 at 13:27
  • Yes for `mysqli_*` and the others are PDO just under that. `mysqli` is a newer version of MySQL. If you're going to use it, you can't mix `mysqli_*` with `mysql_*` and some of the DB connection parameters are used slightly differently. @Nico – Funk Forty Niner Apr 17 '14 at 13:32
  • ok thank you! and can you say me what PDO is, in a simply way? :) – Nico Apr 17 '14 at 13:41
  • You're welcome @Nico In short *"PDO - PHP Data Objects - is a database access layer providing a uniform method of access to multiple databases."* Taken from this page http://code.tutsplus.com/tutorials/why-you-should-be-using-phps-pdo-for-database-access--net-12059 Plus, this page http://stackoverflow.com/q/2190737/ will explain it better. See it on PHP.net as well http://www.php.net/manual/en/intro.pdo.php – Funk Forty Niner Apr 17 '14 at 13:45
  • thank you :) i will read this in further time what you use? PDO or mysqli_* to access on a database? – Nico Apr 17 '14 at 14:08
  • You're welcome @Nico I use a mix of both APIs, since some of the servers I work with do not have PDO available due to older versions of PHP, so I'm forced to use `mysqli_*` functions on some of them. I rather work with PDO exclusively, but that is often not the case; one must work with what one has been given to work with ;-) Cheers and enjoy the adventure! – Funk Forty Niner Apr 17 '14 at 14:10
0

DON'T USE that code. It's quite old. Try with pdo, as mine, or other.

Why do you use the sendContact() action on javascript? that's not php. Are you using ajax, so? If not, you must know that on click refers to js not to php.

I don't know what you did, but here's an example of PHP code you can use to insert the data in the database.

<?php /*insert.php*/
try {
$database_connection = new PDO('mysql:host='. $dbhost .';dbname='. $dbname . ';charset=utf8', $dbuser, DB_PASS);
}   catch (PDOException $e) {
                echo $e->getMessage();
}

$database_connection->prepare("INSERT into db_name (add, ghj, qwe) VALUES (:value1, :value2, :value3"); //and so on

$database_connection->bind(":value1", $value, PDO::PARAM_vartype); //vartype is the variable type (integer-int...)

/do the rest of values/

$database_connection->execute();

?>
qaztype
  • 73
  • 13
  • the sendContact() is a js function what we used before we included the .php file, does it go in conflict with the .php code? – Nico Apr 17 '14 at 13:03
  • No, but when you submit the form it directly calls that file, action="whateverthenameis.php". If it is for that, you don't need it. But if it performs other action, you obviously have to leave it, :) – qaztype Apr 17 '14 at 13:04
  • what i wrote is fine within your data. :) – qaztype Apr 17 '14 at 15:39
0

Problem is most likely in this line

$sql_befehl = mysql_query("INSERT INTO Contact_Requests (Name,Mail,Betreff,Message) VALUES ($name, $email, $betreff, $message");

It should be

$sql_befehl = mysql_query("INSERT INTO Contact_Requests (Name,Mail,Betreff,Message) VALUES ('$name', '$email', '$betreff', '$message')");
dkasipovic
  • 5,930
  • 1
  • 19
  • 25