0

My idea is to fill out entries in an HTML form, then save the info to the database (phpmyadmin). Then display the info on google map (exporting).

But it's not working because of a syntax and a logical issue.

My HTML form: 

<html>
<head></head>
<body>
    <form method="POST" action="../BackEnd/ShopSetup.php" name="Setup">
    <td>Name</td>
    <td>
        <input type="text" name="name"></td>
    </tr>
     <tr>
         <td>type</td>
         <td>
             <input type="varchar" name="type"></td>
     </tr>
    <tr>
        <td>Address</td>
        <td>
            <input type="text" name="address"></td>
    </tr>
    <tr>
        <td>Email</td>
        <td>
            <input type="email" name="email"></td>
    </tr>
    <tr>
        <td>Phone Number</td>
        <td>
            <input type="varchar" name="phone"></td>
    </tr>
    <tr>
        <td>longitude</td>
        <td>
            <input type="float" name="long"></td>
    </tr>
    <tr>
        <td>latitude</td>
        <td>
            <input type="float" name="lat"></td>
    </tr>
    <tr>
        <td>Opening Hour</td>
        <td>
            <input type="varchar" name="opening"></td>
    </tr>
    <tr>
        <td>Closing Hour</td>
        <td>
            <input type="varchar" name="closing"></td>
    </tr>
    <tr>
        <td>
            <input id="button" type="submit" name="submit" value="Setup"></td>

    </tr>
    <tr></tr>
    </form>
</body>
</html>

My PHP Page On the BackEnd:

  1. ShopSetup.php

         <?php


     include ("../Connections/Connection.php");



     if (isset($_POST["submit"]))
  {
      $name = $_POST["name"];   
      $type = $_POST["type"];
      $address = $_POST["address"];
      $email = $_POST["email"];
      $phone = $_POST["phone"];
      $long = $_POST["long"];
      $lat = $_POST["lat"];
      $opening = $_POST["opening"];
      $closing = $_POST["closing"];

  $sql = "INSERT INTO locations (name, type, address, email, phone, long, lat, opening, closing)
          VALUES('$name', '$type', '$address', '$email', '$phone', '$long', '$lat', '$opening', '$closing')";

  $query = mysql_query($sql);

  if (!$query)
  {
      die ("Error : " .  mysql_error());
  }
  if(empty($name) || empty($type) || empty($address) || empty($email) || empty($phone) || empty($long) || empty($lat) || empty($opening) || empty($closing))
      {
      echo "You did not fill out the required fields.";
      die();  // Note this
      }
  echo "<center></center>";
  }

  ?>
         <h1> Your order is complete!</h1>
                <p class="intro-text">You will see your shop on the map soon<br></p>
                <center> 

  <h3> <a href="../index.php"> go to home page  </a></h3>
  </center>

But when I submit the form I get:

Error : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'long, lat, opening, closing) VALUES('', '', '', '', '', '', '', '', '')' at line 1

What is the best HTML attribute to save opening/closing times: weeks, days. hours, minutes, seconds?

Improve this question
17
  • 1
    There are no legitimate reasons to use the mysql_* API any more @Misunderstood Commented May 1, 2015 at 16:47
  • Please, stop using mysql_* functions. They are no longer maintained and are officially deprecated. Learn about prepared statements instead, and use PDO. Commented May 1, 2015 at 16:48
  • I still did not understand what is the problem? My map is exporting the info from phpmyadmin database and displaying it on the map.. but instead of filling it out on manually a user should fill it out as a form that stores info on the database... so should I change the columns names of "long, lat, closing, opening" to something else? @Misunderstood Commented May 1, 2015 at 16:53
  • 1
    Not in the US here, but does computer security legislation you are subject to not require you to upgrade from an unsupported version of PHP? Commented May 1, 2015 at 17:51
  • 1
    Sure, that is legitimate, to a point. Many of the posters here do not have control of their servers @Misunderstood and we're already starting to see the effects an example where mysql_* functions are removed.. PDO has not had the vulnerabilities the MySQLi API has suffered from though and is what is typically recommended. To call the folks "SQL grammar nazis" for bringing awareness to the issue is a little bit misguided though. Commented May 1, 2015 at 18:00

1 Answer 1

Reset to default
0

You should use backticks (`) around your column names. Like so:

$sql = "INSERT INTO locations (`name`, `type`, `address`, `email`, `phone`, `long`, `lat`, `opening`, `closing`)
      VALUES('$name', '$type', '$address', '$email', '$phone', '$long', '$lat', '$opening', '$closing')";

Backticks are recommended for table and column names, but are mandatory when using reserved keywords such as long.

Check out this discussion for more information.

Regarding your second question, have a look at the HTML5 datetime input type. Just note that it is not supported by all browsers

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I did what you told me @nevos but I still have the same problem... Error : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''name', 'type', 'address', 'email', 'phone', 'lng', 'lat', 'opening', 'closing')' at line 1 and next to every variable of the above it says: "Do not access Superglobal $_Post Array Directly
@Naz970: try echoing the SQL you have and then running it directly in your database (e.g. at the console). To debug it, remove all the columns but one, and see if it is successful (or at least if the error changes, as you might have violated constraints). Then add columns in one by one until you find the problem. Maybe you have an unescaped apostrophe in one of your strings?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.