PHP/MySQL: Saving values to database

Question

Greetings good people,

I am a rookie at coding using php/mysql and as I was working through a basic task I hit a snag when it came to saving the values of text-fields and checkboxes states to a mysql DB.

Here is what I was able to do but I still couldn't save a record in the DB.

WHAT AM I DOING WRONG OR WHAT AM I MISSING?

Am using Macromedia Dreamweaver 8, Apache/2.2.12 (Win32) DAV/2 mod_ssl/2.2.12 OpenSSL/0.9.8k mod_autoindex_color PHP/5.3.0 mod_perl/2.0.4 Perl/v5.10.0 MySQL client version: 5.1.37 PHP extension: mysqli

$con = mysqli_connect("localhost", "root", "");
if (!$con) {
exit('Connect Error (' . mysqli_connect_errno() . ') '
       . mysqli_connect_error());
}


if ($_POST['textfield'] == "") {
        $FieldsEmpty=  true;
    } 
     else {

       if ($FieldsEmpty) echo "Please enter all the fields<br/>";
    }


if($_POST['Submit2'] == "Submit")
{


$VarName = $_POST['textfield'];
$VarOrg = $_POST['textfield2'];
$VarAddress = $_POST['textfield3'];
$VarPhone=$_POST ['textfield4'];
$VarEmail=$_POST['textfield5']; 
$VarAccomodation=$_POST['checkbox'];
$VarEntertainment=$_POST['checkbox2'];
$VarTourOP=$_POST['checkbox3'];
$VarDomesticTourism=$_POST['checkbox4'];
$VarTourism=$_POST['checkbox5'];
$VarTravelmgt=$_POST['checkbox6'];
$VarSupport=$_POST['checkbox7'];
$VarMedia=$_POST['checkbox8'];
$VarDoc1=$_POST[$_FILES["file"]["name"]];
$VarDoc2=$_POST[$_FILES["file2"]["name"]];
$VarDoc3=$_POST[$_FILES["file3"]["name"]];
$Vardoc4=$_POST[$_FILES["file4"]["name"]];



 $sql = "Insert into nominatons_tbl(name,org,address,phone,email,best_accomodation,best_entertainment,best_touroperator,best_domestictourism,best_tourism,best_travelmgt,best_support,best_media,doc1,doc2,doc3,doc4) VALUES (".PrepSQL($VarName) . ", " .PrepSQL($VarOrg) . ", " .PrepSQL($VarAddress) . ", " .PrepSQL($VarPhone) . ", " .PrepSQL($VarEmail) . ", " .PrepSQL($VarAccomodation) . ", " .PrepSQL($VarEntertainment) . ", " .PrepSQL($VarTourOP) . ", " .PrepSQL($VarDomesticTourism) . ", " .PrepSQL($VarTourism) . ", " .PrepSQL($VarTravelmgt) . ", " .PrepSQL($VarSupport) . ", " .PrepSQL($VarMedia) . ", " .PrepSQL($VarDoc1) . ", " .PrepSQL($VarDoc2) . ", " .PrepSQL($VarDoc3) . ", " .PrepSQL($Vardoc4) . ")";

mysql_query($sql);
echo "Nomination submited <br />";

}
function PrepSQL($value)
{
// Stripslashes
if(get_magic_quotes_gpc())
{
    $value = stripslashes($value);
}
// Quote
$value = "'" . mysql_real_escape_string($value) . "'";
return($value);

}

Answer 1

keep the single quotes like this

VALUES ('".PrepSQL($VarName) . "', '" .PrepSQL($VarOrg) . "');

Answer 2

• Please check if you are getting all values in $_POST variable.
• Anytime you get error in insert query , just run query from database , you will get whats problem.

Always keep practice to make query like this.

$sql = "Insert into nominatons_tbl(`name`,`org`,`address`,`phone`,`email`,`best_accomodation`,`best_entertainment`,`best_touroperator`,`best_domestictourism`,`best_tourism`,`best_travelmgt`,`best_support`,`best_media`,`doc1`,`doc2`,`doc3`,`doc4`) VALUES 
 (".PrepSQL($VarName) . ", " .PrepSQL($VarOrg) . ", " .PrepSQL($VarAddress) . ", " .PrepSQL($VarPhone) . ", " .PrepSQL($VarEmail) . ", " .PrepSQL($VarAccomodation) . ", " .PrepSQL($VarEntertainment) . ", " .PrepSQL($VarTourOP) . ", " .PrepSQL($VarDomesticTourism) . ", " .PrepSQL($VarTourism) . ", " .PrepSQL($VarTravelmgt) . ", " .PrepSQL($VarSupport) . ", " .PrepSQL($VarMedia) . ", " .PrepSQL($VarDoc1) . ", " .PrepSQL($VarDoc2) . ", " .PrepSQL($VarDoc3) . ", " .PrepSQL($Vardoc4) . ")";