Brand new to PHP. error in code but I just can't see it!

PHP
1

Hi guys, new to the forum and new to PHP - I have written a script to enable me to enter employee details into my MySQL database but it just won’t work lol, here is the code if anyone can help please :slight_smile:

<?php

$fullname = $_POST['fullname'];
$date_of_birth = $_POST['date_of_birth'];
$address_1 = $_POST['address_1'];
$address_2 = $_POST['address_2'];
$address_3 = $_POST['address_3'];
$postcode = $_POST['postcode'];
$home_phone = $_POST['home_phone'];
$mobile_phone = $_POST['mobile_phone'];
$ni_number = $_POST['ni_number'];
$next_of_kin = $_POST['next_of_kin'];
$phone_number = $_POST['phone_number'];
$doctor = $_POST['doctor'];
$doctor_address_1 = $_POST['doctor_address_1'];
$doctor_address_2 = $_POST['doctor_address_2'];
$doctor_address_3 = $_POST['doctor_address_3'];
$doctor_postcode = $_POST['doctor_postcode'];
$doctor_phone_number = $_POST['doctor_phone_number'];
$known_medical_issues = $_POST['known_medical_issues'];
$date_started = $_POST['date_started'];


$dbc = mysqli_connect('localhost','web205-wr_2013','wr_2013','web205-wr_2013')
or die ('Error connecting to Database');


$query = "INSERT INTO staff (fullname, date_of_birth, address_1, address_2, address_3, postcode, home_phone, mobile_phone, ni_number, next_of_kin, phone_number, doctor, doctor_address_1, doctor_address_2, doctor_address_3, doctor_postcode, doctor_phone_number, known_medical_issues, date_started)" .

"VALUES ('$fullname', '$date_of_birth', '$address_1', '$address_2', '$address_3', '$postcode', '$home_phone', '$mobile_phone', '$ni_number', '$next_of_kin', '$phone_number', '$doctor', '$doctor_address_1', '$doctor_address_2', '$doctor_address_3', '$doctor_postcode', '$doctor_phone_number', '$known_medical_issues', '$date_started')";

$result = mysqli_query($dbc, $query)
or die ('Error querying Database.');




mysqli_close ($dbc);
2

I have changed the name of the database and password by the way lol

3

I get the “Error querying Database.” Error

4

When using MySQL queries you should always the built in error functions which in your case would be the mysqli_error() function, however another thing you should consider is escaping all your inputs as your current code is open to SQL injections. See the below code which i have modified to escape all the values in one go instead of going through each one manually.

// Set all the database input value indexes
$keys = array('fullname', 'date_of_birth', 'address_1', 'address_2', 'address_3', 'postcode', 'home_phone', 'mobile_phone', 'ni_number', 'next_of_kin', 'phone_number', 'doctor', 'doctor_address_1', 'doctor_address_2', 'doctor_address_3', 'doctor_postcode', 'doctor_phone_number', 'known_medical_issues', 'date_started');

// Escape all the inputs
$values = array();

foreach ($keys as $key) {
    if (isset($_POST[$key]) && !empty($_POST[$key])) {
        $values[] = mysqli_real_escape_string($dbc, $_POST[$key]);
    } else {
        $values[] = 'NULL';
    }
}

// Setup and run the query
$query = "INSERT INTO staff (" . join(',', array_values($keys)) . ") VALUES ('" . join("','", array_values($values)) . "')";

if (!$result = mysqli_query($dbc, $query)) {
    die('MySQL Error: ' . mysqli_error($dbc));
}
5

Thank you Chris very much - I am learning from a book so I copied the code from that lol. I will use your code thanks so much :slight_smile:

Paul

6

Another useful thing to do when debugging, is echo out the value of $query so you can check if it is as you expect it to be. And then you can also copy and paste it in phpMyAdmin, and see if it runs there.

7

Thanks Guido :slight_smile: