0

I have put together a test form for dynamic fields, I am having trouble with depositing the values into my database, I'm pretty sure the error is in syntax. Especially because as is the webpage doesn't even work, until I remove my PHP code. 

<html>
<head>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script> 
<script>
$(document).ready(function(e){
    /// Variables
    var html ='<p /><div>Make: <input type="TEXT" name="childmake[]" id="make" />Model: <input type="TEXT" name="model[]" id="childmodel" />Serials: <input type="TEXT" name="[]serials" id="childserials"/><a href="#" id="remove">X</a></div>';
    var maxRows = 20;
    var x = 1;

    /// Rows

    $("#add").click(function(e){
        if (x <= maxRows){

        $("#container").append(html);

        x++;
        }
    });
    /// Remove Rows
    $("#container").on('click','#remove', function(e){



        $(this).parent('div').remove();
        x--;

    });


});

</script>
</head>

<form method="POST">
<div id="container">
Make: <input type="TEXT" name="make[]" id="make" />
Model: <input type="TEXT" name="model[]" id="model" />
Serials: <input type="TEXT" name="serials[]" id="serials"/>
<a href="#" id="add">Add More</a>

</div>
<p />
<input type="submit" name="submit" />
</form>


<?php
//placeholder
$output = NULL;
if(isset($_POST['submit'])) {
    $make = $_POST['make'];
    $model = $_POST['model'];
    $serials = $_POST['serials'];
    $databasename="jos_trip_detail"
    $mysql = mysql_connect('server','user','pass');
    $db = mysql_select_db($databasename);


    for($i=0; $i<count($make); $i++){


        if($make[$i]!="" && $model[$i]!="" && $serials[$i]!="")
        {

            mysql_query("INSERT into jos_trip_detail VALUES('$make[$i]','model[$i]','serials[$i]')");
        }


    }
    $msyql->close();

}



?>

<?php echo $output; ?>
</body>
</html>
cteski
  • 487
  • 3
  • 12
  • 17
Pari Baker
  • 696
  • 4
  • 19
  • Don't use the `mysql_*` functions. They have been deprecated since v5.5 (Jun 2013) and removed since v7.0 (Dec 2015). Instead use the [**mysqli_***](https://secure.php.net/manual/en/book.mysqli.php) or [**PDO**](https://secure.php.net/manual/en/book.pdo.php) functions with [**prepared statements**](https://secure.php.net/manual/en/pdo.prepare.php) and [**bound parameters**](https://secure.php.net/manual/en/pdostatement.bindparam.php). – Alex Howansky May 02 '17 at 18:47
  • Your code is vulnerable to [**SQL injection**](https://en.wikipedia.org/wiki/SQL_injection) attacks. You should use [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php) prepared statements with bound parameters as described in [**this post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). – Alex Howansky May 02 '17 at 18:48
  • `$msyql->` that in its own right is wrong. – Funk Forty Niner May 02 '17 at 18:48
  • `$databasename="jos_trip_detail"` is missing closure. – Funk Forty Niner May 02 '17 at 18:49
  • 1
    You should really declare the columns in your insert query. Even if it's not needed, it's recommended for your own sanity's sake and will reduce potential future bugs in case you add columns to your tables. Plus it makes it way more readable. – M. Eriksson May 02 '17 at 18:50
  • you're also only `count($make)`'ing one and not the others. – Funk Forty Niner May 02 '17 at 18:51
  • 1
    You're also missing the `$` in front of your variables in: `'model[$i]','serials[$i]'` – M. Eriksson May 02 '17 at 18:52
  • 1
    Make sure you have error reporting and display errors turned on ([Here's how](http://stackoverflow.com/questions/1053424/how-do-i-get-php-errors-to-display)). Then start fixing the errors one by one. There are waaaaay too many for us to be able to help. – M. Eriksson May 02 '17 at 18:56
  • Hi, Thank you all for your help, I will move ahead with the recommended changes and come back when I am ready. – Pari Baker May 02 '17 at 22:50

1 Answers1

-1

You do have a syntax error. You should terminate the following line with a semicolon:

$databasename="jos_trip_detail"

becomes

$databasename="jos_trip_detail";

In addition to what was mentioned in the comments:

mysql_query("INSERT into jos_trip_detail VALUES('$make[$i]','model[$i]','serials[$i]')");

becomes

mysql_query("INSERT into jos_trip_detail VALUES('$make[$i]','$model[$i]','$serials[$i]')");
D. R.
  • 324
  • 1
  • 10