I'm currentely working on some project for my school in which I have to create a profile page where people can put their information throught the input form. The data is send to database and after that displayed in some nice table.
But on my way I have encountered some problems - this is an error that I'm echoing:
INSERT INTO
info(name,surname,gender,birth,street,postal,city,country,citizenship,phone,Michael,xxx,male,20-04-93,Skolegade,4690,Copenhagen,Denmark,Polish,22222222,[email protected]WHERE email =[email protected]) Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE email =[email protected])' at line 1
This is my file index.html with the form
<body>
<h1>Update record <?php echo $user->email; ?></h1>
<form action="insertdata.php" method="post">
<label>Your name: </label><input type="text" name="name" /><br />
<label>Your surname: </label><input type="text" name="surname" /><br />
<label>Gender: </label><input type="text" name="gender" /><br />
<label>Date of birth: </label><input type="text" name="birth" /><br />
<label>Street name: </label><input type="text" name="street" /><br />
<label>Postal: </label><input type="text" name="postal" /><br />
<label>City: </label><input type="text" name="city" /><br />
<label>Country: </label><input type="text" name="country" /><br />
<label>Citizenship: </label><input type="text" name="citizenship" /><br />
<label>Phone number: </label><input type="text" name="phone" /><br />
<label>E-mail address: </label><input type="text" name="mail" /><br />
<input type="submit" value="submit" />
</form>
<?php
if($sql){//if the update worked
echo "<b>Update successful!</b>";
}
?>
And this is the code of file insertdata.php in which it finds an error:
<?php
// To protect any php page on your site, include main.php
// and create a new User object. It's that simple!
require_once '../includes/main.php';
$user = new User();
if(!$user->loggedIn()){
redirect('index.php');
}
require_once('functions.php');
connect_db();
$name = mysqli_real_escape_string($con, $_POST['name']);
$surname = mysqli_real_escape_string($con, $_POST['surname']);
$gender = mysqli_real_escape_string($con, $_POST['gender']);
$birth = mysqli_real_escape_string($con, $_POST['birth']);
$street = mysqli_real_escape_string($con, $_POST['street']);
$postal = mysqli_real_escape_string($con, $_POST['postal']);
$city = mysqli_real_escape_string($con, $_POST['city']);
$country = mysqli_real_escape_string($con, $_POST['country']);
$citizen = mysqli_real_escape_string($con, $_POST['citizen']);
$phone = mysqli_real_escape_string($con, $_POST['phone']);
$mail = mysqli_real_escape_string($con, $_POST['mail']);
$email = $user->email;
$sql = "INSERT INTO `info` (`name`, `surname`, `gender`, `birth`, `street`, `postal`, `city`, `country`, `citizenship`, `phone`, `mail`) VALUES (`$name`, `$surname`, `$gender`, `$birth`, `$street`, `$postal`, `$city`, `$country`, `$citizen`, `$phone`, `$mail` WHERE email = `$email`)";
echo $sql;
//$result = mysql_query($con,$sql);
if (!mysqli_query($con,$sql)) {
die('Error: ' . mysqli_error($con));
}
echo "1 ercord added";
mysqli_close($con);
?>
?>
<a href="../tryprofile">Check</a>
I tried to remove the " from the code at the end of the line but then code is messed up and it is displaying other errors
WHERE email = `$email`); "
e.g. that it can not read echo from the next line:
Parse error: syntax error, unexpected 'echo' (T_ECHO) in /data/home/vizionwe/public_html/try/insertdata.php on line 35
My deadline is until Tuesday, so I have to figure it out quick. I'm looking forward to see your answers and ideas.
