I am struggling with this piece of code. Why doesn't it work? It does receive the variables, but the sql command doesn't work.
if ($action=='create')
{
$Surname=$_REQUEST['Surname'];
$Name=$_REQUEST['Name'];
$Fathername=$_REQUEST['Fathername'];
$Dateofbirth=$_REQUEST['Dateofbirth'];
$Afm=$_REQUEST['Afm'];
$Landline=$_REQUEST['landline'];
$Mobile=$_REQUEST['Mobile'];
$Address=$_REQUEST['Adrs'];
$Addressnum=$_REQUEST['Adrsnm'];
$Location=$_REQUEST['Location'];
$ZIP=$_REQIEST['Zip'];
$Bankaccount=$_REQUEST['Bankaccount'];
$createuser=mysql_query("INSERT INTO `Customers` (`Surname`,`CName`,`Fathername`,`Birthdate`,`AFM`,`Landline`,`Mobile`,`Address`,`Adressnum`,`Location`,`ZIP`,`Bankaccount`) VALUES ('$Surname','$Name','$Fathername','$Dateofbirth','$Afm','$Landline','$Mobile','$Address','$Addressnum','$Location','$ZIP','$Bankaccount')");
}
mysql_query("INSERT INTO `Customers` (`Surname`,`CName`,`Fathername`,`Birthdate`,`AFM`,`Landline`,`Mobile`,`Address`,`Adressnum`,`Location`,`ZIP`,`Bankaccount`) VALUES ('$Surname','$Name','$Fathername','$Dateofbirth','$Afm','$Landline','$Mobile','$Address','$Addressnum','$Location',
'$ZIP','$Bankaccount')")or die(mysql_error());
Will give you the answer.
And make sure to escape your data:
$Surname=mysql_real_escape_string($_REQUEST['Surname']);
$Name=mysql_real_escape_string($_REQUEST['Name']);
$Fathername=mysql_real_escape_string($_REQUEST['Fathername']);
[...]
Better, use a prepared statement:
$q = $sql->prepare("INSERT INTO `Customers` SET `Surname` = ? [...]");
$q->execute( array( $_REQUEST['Surname'], [...] ) );
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.