0

Im trying to make a simple contact form with an SQLite db.

When I submit the form this message shows up:

Array ( [title] => Mr [fname] => John [lname] => Smith [email] => john@smith.com [phone] => 0123456789 [message] => test ) E-Mail Sent successfully, we will get back to you soon.Array ( [0] => HY000 [1] => 1 [2] => no such column: test )

It hasn't sent an email or inserted the data into the db file.

php:

<?php
$db = new PDO("sqlite:contact.db");

if((isset($_POST['title']) && !empty($_POST['title']))
&& (isset($_POST['fname']) && !empty($_POST['fname']))
&& (isset($_POST['lname']) && !empty($_POST['lname']))
&& (isset($_POST['email']) && !empty($_POST['email']))
&& (isset($_POST['phone']) && !empty($_POST['phone']))){
//if((isset($_POST['name']) && (!empty($_POST['name']))) && (isset($_POST['email']) && !empty($_POST['email'])) && (isset($_POST['subject']) && !empty($_POST['subject']))){
  print_r($_POST);
  $title = $_POST['title'];
   $fname = $_POST['fname'];
  $lname = $_POST['lname'];
  $email = $_POST['email'];
  $phone = $_POST['phone'];
  $message = $_POST['message'];
  $subject = "Alpine A110";

  $to = "example@example.co.uk";
  $headers = "From : " . $email;

  if( mail($to, $subject, $message, $headers)){
    echo "E-Mail Sent successfully, we will get back to you soon.";

    $db->exec("INSERT INTO contact (title, fname, lname, email, phone, details) VALUES ('$title', '$fname', '$lname', '$email', '$phone', $message);") or die(print_r($db->errorInfo(), true));
  }
}

?>
Jason
  • 381
  • 6
  • 21

1 Answers1

-1

Your current problem is, that you forgot the quotes around $message in the query

    $db->exec("INSERT INTO contact (title, fname, lname, email, phone, details) VALUES ('$title', '$fname', '$lname', '$email', '$phone', '$message');") or die(print_r($db->errorInfo(), true));

In addition, I would strongly advice you to use prepared statements!

Philipp
  • 15,377
  • 4
  • 35
  • 52