1

Does anyone see anything that is wrong with this. It isn't posting to database at all. There is a basic form asking for name and address on the page. But after submitting the form it just goes to a blank page.

Here is my code. There is stuff above this that reaches out to an API to validate the address data and declares the variables. The dedup part of the code is working in case that matters. 

if(empty($errorMessage)) 
    {
        // Dedupe the entry into the form 
        $dupesql = "SELECT * FROM formData WHERE (name = '$full_name' AND address = '$primary_number' AND city = '$city_name' AND state = '$state_abbreviation' AND zip = '$zipcode_full' )";
        $duperaw = $mysqli->query($dupesql);
        if($duperaw->num_rows > 0) {
            $dupe .= "$full_name already exists on $primary_number \n";
        } 
        else {

        $sql = "INSERT INTO formData(name, address, city, state, zip, date) VALUES (?, ?, ?, ?, ?, ?)";
        $stmt = $mysqli->prepare($sql);
        $stmt->bind_param("ssssss", $full_name, $primary_number, $city_name, $state_abbreviation, $zipcode_full, $date);
        $stmt->execute(); 

        header("location: index.php?success=1");
        exit();
        }
    }

I have also tried using a query instead of a prepared statement but this just gives the success message and doesnt post to the DB

$sql = "INSERT INTO fromData (name, address, city, state, zip, date) VALUES (".
                $full_name . ", " .
                $primary_number . ", " .
                $city_name . ", " .
                $state_abbreviation . ", " .
                $zipcode_full . ", " .
                $date . ")";
$mysqli->query($sql);

Any help would be great!

Improve this question
11
  • 4
    You're only getting a "success" message with the raw query because you're not dying on errors. Without the quotes around the values, you're almost certain to have broken SQL syntax. Commented Dec 12, 2013 at 21:35
  • 1
    You seem to be using two table names: data and formData (and fromData...), is that correct or just a typo? By the way, you should add proper error handling to your database calls. Commented Dec 12, 2013 at 21:40
  • 1
    If you don't redirect and echo $mysqli->error, does it return an error? Commented Dec 12, 2013 at 21:46
  • 1
    @cHao so much to learn LOL Commented Dec 12, 2013 at 21:47
  • 6
    @QQQ NO! Use prepared queries. Commented Dec 12, 2013 at 21:49

1 Answer 1

Reset to default
1

Try this SQL 

 $sql = "INSERT INTO fromData (name, address, city, state, zip, date) VALUES ('$full_name', '$primary_number', '$city_name', '$state_abbreviation', '$zipcode_full', '$date')";
 $mysqli->query($sql);

cHao was hinting towards it

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Dropping prepared statements and opening your site to SQL injection attacks is not a proper fix. What's next? Go back to the deprecated mysql extension and enable register globals?
@ÁlvaroG.Vicario if prepared statement is better i would love to use it but i am not sure how to make it work, any guidance would be appreciated.
@Travis - You are already using them in your code, aren't you?
@ÁlvaroG.Vicario I was trying to but i couldn't get it to work. Then i accepted the other answer because it does work but i don't want to be susceptible to SQL Injection. Do you see anything above with my Prepared Statement that looks off to you?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.