Error with simple PHP form with MySQL

Question

Sirs,

I'm getting an error from my PHP script, probably the query, but I can't figure out what's going on. I can connect the database, but I still get the error from de "echo ERROR" line.

Does anyone know what's wrong with my code? I appreciate any help! I spent a few hours to solve this issue, but couldn't get nothing.

HTML form

<form action="insert-info.php" method="post">
<input class="form1" type="text" value="TEXT ONE" name="textone" onfocus="if (this.value=='NTEXT ONE') this.value='';"/>
<input class="form1" type="text" value="TEXT TWO" name="texttwo" onfocus="if (this.value=='TEXT TWO') this.value='';"/>
<input class="form2" type="text" value="TEXT THREE" name="textthree" onfocus="if (this.value=='TEXT THREE') this.value='';"/>
</form>

Database connect and insert

<?php

$host="localhost"; // Host name 
$username="***"; // Mysql username 
$password="***"; // Mysql password 
$db_name="***"; // Database name 
$tbl_name="insertinfo"; // Table name 

// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// Get values from form 
$textone=$_POST['textone'];
$texttwo=$_POST['texttwo'];
$textthree=$_POST['textthree'];

// Insert data into mysql 
$sql="INSERT INTO $tbl_name('textone', 'texttwo', 'textthree') VALUES ('$textone', '$texttwo', '$textthree')";
$result=mysql_query($sql);

// if successfully insert data into database, displays message "Successful". 
if($result){
echo "Successful";
echo "<br />";
echo "<a href='insert.php'>Back to main page</a>";
}

else {
echo "ERROR";
}
?> 

<?php 
// close connection 
mysql_close();
?>

Database structure

#   Type                    Collation   Null            Pattern     Extra
1   id int(4)                           None            (none)      AUTO_INCREMENT
2   textone varchar(50)     utf8_bin    None            (none)  
3   texttwo varchar(50)     utf8_bin    None            (none)
4   textthree varchar(50)   utf8_bin    None            (none)

you're query is open to sql injections. Please learn to use prepared statements or mysqli instead of mysql. — NoobEditor
– NoobEditor, Commented Nov 21, 2013 at 11:30

russellc · Accepted Answer · 2013-11-21 11:34:28Z

3

Looks like the issue is just the column names of your INSERT query. You don't need single quotes around those.

$sql="INSERT INTO $tbl_name(textone, texttwo, textthree) VALUES ('$textone', '$texttwo', '$textthree')";

That should work.

EDIT: echo_Me and Mayank's warnings and recommendations are necessary to consider for production code!

answered Nov 21, 2013 at 11:34

russellc

4943 silver badges7 bronze badges

Sign up to request clarification or add additional context in comments.

3 Comments

Anna Over a year ago

Thankyou! I solved the issue. I'll work with Mayank's tips now, even if that system will not be online (it's just for internal use).

russellc Over a year ago

@Anna Great! It's always fun to experiment, but do remember to be wary of security when it comes to production systems (you don't want to lose any important data!). PDO and MySQLi help a lot to avoid common mistakes and also offer many conveniences over the old MySQL driver.

Anna Over a year ago

I appreciate your advice, Russellc! I'll try to implement using the code that Vipin Soni posted here.

echo_Me · Accepted Answer · 2013-11-21 11:26:12Z

0

actually you are not selecting database and the connection variables. because you are using strings. you need to remove the quotes like that

  mysql_connect($host, $username, $password)or die("cannot connect"); 
  mysql_select_db($db_name)or die("cannot select DB");

there is some things you need to fix in your code .

escape your POST variables.
change to PDO or MYSQLI.
follow the error by echoing system error.

answered Nov 21, 2013 at 11:26

echo_Me

37.2k5 gold badges62 silver badges81 bronze badges

Comments

ACs · Accepted Answer · 2013-11-21 11:36:00Z

0

Use mysql_error() to print the error message. It will tell you more about why the query failed. Note that this function is deprecated. I recommend to use mysqli or PDO database classes.

answered Nov 21, 2013 at 11:36

ACs

1,4853 gold badges26 silver badges45 bronze badges

Comments

Vipin Kumar Soni · Accepted Answer · 2013-11-21 11:46:26Z

0

$sql=sprintf(
"INSERT INTO 
        $tbl_name(textone, texttwo, textthree) 
        VALUES ('%s','%s','%s')", 
mysql_real_escape_string($textone), 
mysql_real_escape_string($texttwo), 
mysql_real_escape_string($textthree)
);

answered Nov 21, 2013 at 11:46

Vipin Kumar Soni

83410 silver badges18 bronze badges

1 Comment

Anna Over a year ago

Thanks! I'll try tu use this.

Sonya Krishna · Accepted Answer · 2013-11-21 12:06:56Z

0

Try Like this

There is no need to give column names within ' ' in INSERT query.

 $sql="INSERT INTO $tbl_name(textone,texttwo,textthree) VALUES ('$textone', '$texttwo', '$textthree')";
    $result=mysql_query($sql);

edited Nov 21, 2013 at 12:06

answered Nov 21, 2013 at 11:46

Sonya Krishna

2691 silver badge11 bronze badges

Collectives™ on Stack Overflow

Error with simple PHP form with MySQL

5 Answers 5

3 Comments

Comments

Comments

1 Comment

Comments

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

5 Answers 5

3 Comments

Comments

Comments

1 Comment

Comments

Your Answer

Sign up or log in

Post as a guest

Related