0

I am trying to put entered data into a selected table inside a database. For example(user enters their phone number and they select which state they are from in the drop down. that phone number is entered into that selected table(state).

here is some code i have

<?php
    $state = $_POST['state'];
    $con = mysql_connect("localhost","root","");
    if (!$con)
    {
        die('Could not connect: ' . mysql_error());
    }
        mysql_select_db("state", $con);
        $sql=("INSERT INTO 'state'(phonenumber)")

    VALUES
    ('$_POST[phonenumber]');
if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
    mysql_close($con)
?>

I have the drop down menu on a separate php page.

Thanks in advance for any help.

Mu0
  • 9
  • 2
  • 2
    First, you are using a deprecated db interface. Switch to MySQLi now. Do not pass go. Do not waste any more time on this problem until you have switched. No seriously. Stop. Then look up the sql syntax for an insert. – john elemans Apr 08 '16 at 17:02
  • 1
    Also look up PHP syntax and error reporting, this `$sql=("INSERT INTO 'state'(phonenumber)") VALUES ('$_POST[phonenumber]');` should be throwing all kinds of errors.. This also is open to SQL injections, tables/columns use backticks for encapsulation, and SQL strings need to be quoted. – chris85 Apr 08 '16 at 17:08
  • As @johnelemans said, please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard Apr 08 '16 at 17:09
  • I have looked up the syntax for insert but all of them are for entering the data into the database, not specifically into a chosen table in the database. – Mu0 Apr 08 '16 at 17:11
  • 2
    way too many unknowns here and you failed to show us what errors you were getting too. closed this based on the obvious. – Funk Forty Niner Apr 08 '16 at 17:12
  • @Mu0 `insert into \`tablename\` (columns, seperated, by, commas) VALUES ('values', 'in quote if strings');`. This doesn't being to touch the SQL injection issue though. http://php.net/manual/en/security.database.sql-injection.php – chris85 Apr 08 '16 at 17:13

0 Answers0