Having trouble inserting values into a database

Question

I am trying to insert these values to my database but i am having some issues with it. i am not sure why. below are the values that need to be inserted and the current code i have written for this is below.

<?php
include ('db.php');

$cfname=$_POST['c_firstname']
$clname=$_POST['c_lastname'];
$address=$_POST['c_address'];
$postcode=$_POST['c_postcode'];
$mobno=$_POST['c_mobno'];
$emailad=$_POST['c_email'];
$expsttime=$_POST['e_sttime'];
$expendtime=$_POST['e_endtime'];
$expname=$_POST['experience'];
$car1=$_POST['car'];
$driver1=$_POST['driver'];
$host1=$_POST['host'];




$addnewbookingSQL="INSERT into experienceBooking 
(firstName, lastName, address, postcode, mobNo, emailAd, expStTime, expEndTime, experienceName, car, driver, host)
values ('".$cfname."','".$clname."','".$address."','".$postcode."','".$mobno."','".$emailad."','".$expsttime."','".$expendtime."','".$expname."','".$car1."','".$driver1."','".$host1."')";
$exeaddnewbookingSQL=mysql_query($addnewbookingSQL);



?>

i am not sure if my SQL query it right as it is displaying a blank screen when this code is performed.

Blank screen usually means syntax errors. Add error reporting to the top of your file(s) right after your opening PHP tag for example ` — Funk Forty Niner, Apr 23 '15 at 18:52
Run or fail, there's nothing in here that would generate output to the screen. — BigScar, Apr 23 '15 at 18:55
Please, [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). They are no longer maintained and are [officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). Learn about [prepared statements](http://en.wikipedia.org/wiki/Prepared_statement) instead, and use [PDO](http://jayblanchard.net/demystifying_php_pdo.html). You're also in danger of allowing [SQL Injection.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) — Jay Blanchard, Apr 23 '15 at 18:56
You still didn't take me up on [my first comment](http://stackoverflow.com/questions/28110356/need-to-create-a-forget-password-functionality-in-php-mysql#comment44594581_28110356) under your other question yet http://stackoverflow.com/q/28110356/ - They just never listen, *eh Sam?* - @JayBlanchard then they ask themselves *"where'd my DB go?"*. Will they ever learn; doubt it. — Funk Forty Niner, Apr 23 '15 at 18:57

Michael Irigoyen · Answer 1 · 2015-04-23T19:17:53.547

In the code you provided, you have a syntax error; you're missing a ; after $cfname=$_POST['c_firstname'].

However, you are using deprecated functions and should discontinue their use. I recommend using PDO, however since you seem to be most familiar with the mysql_ functions, I have provided you with a solution using the newer mysqli_* functions and prepared statements below.

// Connect to database
$connection = new mysqli('server', 'user', 'password', 'db');

// Check connection for error
if(mysqli_connect_errno()) {
    printf("Connect failed: %s\n", mysqli_connect_error());
    exit();
}

// Prepare the insert
$stmt = $connection->prepare("INSERT INTO experienceBooking (firstName, lastName, address, postcode, mobNo, emailAd, expStTime, expEndTime, experienceName, car, driver, host) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");

// Bind values
$stmt->bind_param('ssssssssssss', $_POST['c_firstname'], $_POST['c_lastname'], $_POST['c_address'], $_POST['c_postcode'], $_POST['c_mobno'], $_POST['c_email'], $_POST['e_sttime'], $_POST['e_endtime'], $_POST['experience'], $_POST['car'], $_POST['driver'], $_POST['host']);

// Execute prepared statement
$stmt->execute();

// Close statement and connection
$stmt->close();
$connection->close();

Best to "prepare" for the worse ;-) – Funk Forty Niner Apr 23 '15 at 19:09 — Funk Forty Niner, Apr 23 '15 at 19:09

score 0 · Answer 2 · edited Jun 20 '20 at 09:12

0

You're missing a semi-colon on the 4th line:

$cfname=$_POST['c_firstname'];

Tip:

I always add the following at the top of my php scripts while coding:

error_reporting(E_ALL);
ini_set('display_errors', '1');

The above will help you to debug your code, specifically, get the lines that have errors.
Comment when in production mode.

edited Jun 20 '20 at 09:12

Community

1
1

answered Apr 23 '15 at 18:59

Pedro Lobito

94,083
31
258
268

better tip is to put those directives in php.ini, so they'll ALWAYS be active. they should never be off on a devel/debug system. putting them at the top of the script won't help if there's a fatal parse error that prevents the script from running. no script, no directives, no error output. – Marc B Apr 23 '15 at 19:03
@MarcB Good point. However, how many times have we seen where OP's don't have access to that system file; *what then?* – Funk Forty Niner Apr 23 '15 at 19:04
crawl back into bed and pull the covers up over your face...? – Marc B Apr 23 '15 at 19:05
Yeah, that'd be better. Best to protect against incoming storms @MarcB – Funk Forty Niner Apr 23 '15 at 19:06
@MarcB "should never be off on a devel/debug system" I cannot agree with you. Imagine that, for some reason, there's a problem with the script in the future, users will have access to precious information about the system, specifically, paths. – Pedro Lobito Apr 23 '15 at 19:09
You have to be smart about it @PedroLobito and trap errors while returning something nice to the user. We leave error checking in and on all the time and always encourage our devs to fix errors as they go while adding them to the error handler. – Jay Blanchard Apr 23 '15 at 21:00
@JayBlanchard Agreed, error checking always `on`, not `ini_set('display_errors', '1');` – Pedro Lobito Apr 23 '15 at 21:17

score 0 · Answer 3 · answered Apr 23 '15 at 19:45

Well you are not terminating with the semicolon in the 4th line..

Additionally you should modify the code like this.

$addnewbookingSQL="INSERT into experienceBooking values ('".mysql_real_escape_string($cfname)."','".mysql_real_escape_string($clname)."','".mysql_real_escape_string($address)."','".mysql_real_escape_string($postcode.)"','".mysql_real_escape_string($mobno)."','".mysql_real_escape_string($ mailad)."','".mysql_real_escape_string($expsttime)."','".mysql_real_escape_string($expendtime)."','".mysql_real_escape_string($expname)."','".mysql_real_escape_string($car1)."','".mysql_real_escape_string($driver1)."','".mysql_real_escape_string($host1)."')";
if($exeaddnewbookingSQL=mysql_query($addnewbookingSQL));

else
    echo mysql_error();

Where in above code mysql_real_escape_string is for protecting from the sql injection and mysql_error is for the case if you had any error in the query.

Having trouble inserting values into a database

3 Answers3

Tip: