1

Below is my php code, which should take the data from my form and put it into two tables in my database. However I keep getting an SQL syntax error by the values, I was originally putting the values in ' ' however I got the error so then I changed the values to backticks . But that still didnt seem to make much difference. Im receiving the error, however street, city, county, postcode, tel and date of birth are all inputting into the users table. But nothing else, and nothing is going into the members table.

Any help would be greatly appreciated. Many thanks 

$con = mysql_connect("localhost", "alex", "");
if(!$con)
{
    die('Could not  connect: ' .mysql_error());
}
mysql_select_db("gym", $con);
 //** code above connects to database


$sql ="INSERT INTO users (First_Name, Last_Name, Street, City, County, Postcode, Telephone, Email, Date_Of_Birth, Gender)
VALUES
(`$_POST[FirstName]`,
 `$_POST[LastName]` ,
 `$_POST[Street]`,
 `$_POST[City]`,
 `$_POST[County]`,
 `$_POST[Postcode]`,
 `$_POST[Tel]`,
 `$_POST[Email]`,
 `$_POST[Date_Of_Birth]`,
 `$_POST[Gender]`)";

 $result1=mysql_query($sql,$con);

$sql1 = "INSERT INTO members( Membership_Number, Membership_Type, Membership_Referal, Trainer_Required, Medical_Informaton, Contract, Card_Holder_Name, Bank, Card_Number, Sort_Code, valid, Exp, Security_Number
VALUES
(`$_POST[MembershipNumber]`,
 `$_POST[MembershipType]`,
 `$_POST[MembershipReferral]`,
 `$_POST[TrainerRequired]`,
 `$_POST[MedicalInformation]`,
 `$_POST[Contract]`,
 `$_POST[BankBranch]`,
 `$_POST[CardHolderName]`,
 `$_POST[CardNUMBER]`,
 `$_POST[Expiry]`,
 `$_POST[SecurityCode]`)";

 $result2=mysql_query($sql1,$con);

//***** code below is error message if it doesnt work
if($result1 && $result2){
printf("window.alert(\"New Record Added!\");");
}

else
{
echo "Error:". mysql_error()."";
}

mysql_close($con)
?>​
Improve this question
4
  • 2
    First of all, escape your $_POST values before inserting them in your database to prevent MySQL injection. Commented Apr 1, 2014 at 12:12
  • please, post error you faced. Commented Apr 1, 2014 at 12:13
  • 1
    You have 13 columns and only 11 Values, you should align these two! And if one ist wrong, the other one isn't, the next attempts will also fail, because another insert for the first one wont be possible! Commented Apr 1, 2014 at 12:16
  • $_POST[SecurityCode],I think it is not correct use $_POST['SecurityCode'] and dont use back ticks for post variables. If its not working,please echo those queries and post here Commented Apr 1, 2014 at 12:16

4 Answers 4

Reset to default
1 
Remove backtics and add `single quote` to values parameter
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

User SQL query like.
$sql = "INSERT INTO users (First_Name, Last_Name) VALUES('".$_POST[FirstName]."','".$_POST[LastName]."')";

Improve this answer

Comments

0

You must pass parameter between {$_POST['variable']} like this:

$sql1 = "INSERT INTO members( Membership_Number, Membership_Type, Membership_Referal, Trainer_Required, Medical_Informaton, Contract, Card_Holder_Name, Bank, Card_Number, Sort_Code, valid, Exp, Security_Number
VALUES
(`{$_POST['MembershipNumber']}`,
 `{$_POST['MembershipType']}`,
 `{$_POST['MembershipReferral']}`,
 `{$_POST['TrainerRequired']}`,
 `{$_POST['MedicalInformation']}`,
 `{$_POST['Contract']}`,
 `{$_POST['BankBranch']}`,
 `{$_POST['CardHolderName']}`,
 `{$_POST['CardNUMBER']}`,
 `{$_POST['Expiry']}`,
 `{$_POST['SecurityCode']}`)";
Improve this answer

Comments

0

please use ' not use `

just like

   '$_POST[value]', ........, ........
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.