1

I'm having trouble inserting form data into my database. I can connect to the database as it does not throw up an error but no information is being inserted. Below is my code, any help would be appreciated.

<?php  
// string checking
function isValid($str) {
  if(!preg_match('/[^A-Za-z0-9.-]/', $str)) {
  return true;
  } else {
    return false;
  }
}


// Check for form submission
if(isset($_POST['submit'])){

// Get the POST data
$agree = $_POST['agree'];
$firstname = $_POST['firstname'];
$surname = $_POST['surname'];
$business = $_POST['business'];
$state = $_POST['state'];
$email = $_POST['email'];

// If the T&C box has been ticked
if($agree){

  // Validate the POST data
  $validationError = '';

    // Name Validation
    if($firstname == ''){
      $validationError .= "Please enter your first name.\n";
    } else {
      if(is_numeric($firstname)){
        $validationError .= "The first name you have supplied cannot contain numbers.\n";
      }
      if(strlen($firstname) > 50) {
        $validationError .= "The first name you have supplied must be less than 50 characters.\n";
      }
      if(strlen($firstname) < 3) {
        $validationError .= "The first name you have supplied is too short.\n";
      }
      if(isValid($firstname) == false ){
        $validationError .= "The first name cannot contain special characters.\n";
  }
    }

if($surname == ""){
      $validationError .= "Please enter your Surname.\n";
    } else {
      if(is_numeric($surname)){
        $validationError .= "The Surname you have supplied cannot contain numbers.\n";
      }
      if(strlen($surname) > 50) {
        $validationError .= "The Surname you have supplied must be less than 50 characters.\n";
      }
      if(strlen($surname) < 3) {
        $validationError .= "The Surname you have supplied is too short.\n";
      }
      if(isValid($surname) == false ){
        $validationError .= "The Surname cannot contain special characters.\n";
  }
    }


if($state == ''){
      $validationError .= "Please select your state.\n";
}

    // Email validation

    // Function to validate email addresses, taken from here: http://www.linuxjournal.com/article/9585
    function check_email_address($email) {

      // Set up regular expression strings to evaluate the value of email variable against
      $regex1 = '/^[_a-z0-9-][^()<>@,;:\\"[] ]*@([a-z0-9-]+.)+[a-z]{2,4}$/i';

      // Run the preg_match function on regex 1
      if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/",$email)) {
           return false;
      } else {
          return true;      
      } 
    }

    if($email != ''){
      if(!check_email_address($email)) {
        $validationError .= "The email address does not appear to be correct, please try again.\n";
      }
    } else {
      $validationError .= "Please enter your email address.\n";
    }

  //Start the mySQL connection

  if($validationError == ''){
    $link = mysql_connect('localhost', '--removed--', '--removed--');

    if (!$link) {
      $validationError .= "There was an error connecting to the database. Please contact us so that we can fix the problem.\n";
    } else {

      // Select the db
      mysql_select_db("keyinv_seminar", $link);

      // Check for an existing entry under that email address
      $checkQuery = 'SELECT * FROM seminar WHERE email="' . mysql_real_escape_string($email) . '"';
      $result = mysql_query($checkQuery, $link);

      if (mysql_num_rows($result) != 0) {
        $validationError .= "There is already an entry in the competition, using that email address.\n";
      } else {
        // There is no existing entry, update the db
        $insertQuery = "INSERT INTO seminar (firstname, surname, business, state, email) VALUES ('" . mysql_real_escape_string($firstname) . "', '" . mysql_real_escape_string($surname) . "', '" . mysql_real_escape_string($business) . "', " . mysql_real_escape_string($state) . ", '" . mysql_real_escape_string($email) . "')";

        $result = mysql_query($insertQuery, $link);

      }

      // Close the connection
      if($link){
        mysql_close($link);

        if($validationError == ''){
          header('Location: thankyou.php');
        }
      }
    }
  }
} else {
  $validationError = "You must accept the Terms and Conditions \nin order to enter this contest.";
}
}
?>
Improve this question
2
  • You should try catching mysql errors instead of only validation errors. See mysql_error() php function. Commented Nov 22, 2012 at 10:05
  • 1
    As is often said you shouldn't really use mysql_query any more, but I believe your entry of mysql_real_escape_string($state) (on the insert) needs ' marks around it. -- check F4r-20's post for a better summary. Commented Nov 22, 2012 at 10:05

1 Answer 1

Reset to default
5

Check out your INSERT query..

$insertQuery = "INSERT INTO seminar (firstname, surname, business, state, email) VALUES ('" 
    . mysql_real_escape_string($firstname) . "', '" 
    . mysql_real_escape_string($surname) . "', '" 
    . mysql_real_escape_string($business) . "', " 
    . mysql_real_escape_string($state) . ", '" 
    . mysql_real_escape_string($email) . "')";

You've missed out some single quotes around the $state value. Change it to this:

$insertQuery = "INSERT INTO seminar (firstname, surname, business, state, email) VALUES ('"  
    . mysql_real_escape_string($firstname) . "', '" 
    . mysql_real_escape_string($surname) . "', '" 
    . mysql_real_escape_string($business) . "', '" 
    . mysql_real_escape_string($state) . "', '" 
    . mysql_real_escape_string($email) . "')";
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Well we don't know that theres a good chance that it's echoed after this script.
You're a lifesaver man, thank you very much for your help. I should have known to make my code more readable.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.