HTML and PHP Form * Having Issues - Please HELP!!

[JRMS]

Greeting. I am trying to create a form to store user information in MySQL database. The forms are programed in HTML and PHP. I get the following error message, "Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '','92820','999-999-9999','000-888-9909')' at line 4"

Below is my code in PHP:

<?php
$con = mysql_connect("localhost","peter","abc123");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}

mysql_select_db("my_db", $con);

$sql="INSERT INTO Borrower_info (First_Name, Middle_Initial,Last_Name,Apt_Number,Street_Address,City,State,Zip,Home_Phone_Number,Cell_Phone_Number)

VALUES
('$_POST[First_Name]','$_POST[Middle_Initial]','$_POST[Last_Name]','$_POST[Apt_Number]','$_POST[Street_Address]','$_POST[City]','$_POST[State]')','$_POST[Zip]','$_POST[Home_Phone_Number]','$_POST[Cell_Phone_Number]')";

if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "1 record added";

mysql_close($con)
?>

Also, here is my html code:

<html>
<title> Dream Life Mortgage </title>
<body bgcolor="#FFFF00">
<H1>Dream Life Mortgage</H1>
<H3>New Customer Form</H3>
<form action="insert.php" method="post">
Loan #:<input type="text" name="Loan_Number" />
Firstname: <input type="text" name="First_Name" />
Middle Initial: <input type="text" name="Middle_Initial"/>
Lastname: <input type="text" name="Last_Name" />
Apt #: <input type="text" name="Apt_Number" />
Street Address: <input type="text" name="Street_Address"/>
City: <input type="text" name="City"/>
State: <input type="text" name="State"/>
Zip: <input type="text" name="Zip"/>
Home Phone #: <input type="text" name="Home_Phone_Number"/>
Cell Phone #: <input type="text" name="Cell_Phone_Number"/>
<br>
<br>
<input type="submit" />
</form>

</body>
</html>

Please help. I am a newbie and desiring to do more programming. I am teaching myself.

 

[jpadie]

you've got a round bracket to the right of $_POST[state] in your sql expression.

i also notice that you have not cleansed your data before using it in the query. this lays you open to sql injection attacks. read up on them and consider using mysql_real_escape_string() on your data.

 

[JRMS]

jpadie, thanks for your help. I did make the correction with the bracket. Still same error. Also, it seems to prevent sql injection attacks and use mysql_real_escape_string(), I will neet to create a login form as well so the user can authenicate first. Is this the case??

Please advise.

 

[jpadie]

so what does your query look like now?

 

[JRMS]

I have not insert data into the MySQL database yet?

 

[vacunita]

He means your insert statement. Any statement to a database be it insert, select, etc.. is known as a query (I know its not grammatically correct). What does it look like now?

Additionally you had an extra quote ' next to the round bracket or parenthesis, he pointed out earlier.

Lastly, its recommended to output your "query" and attempt to run it through a DB manager just to make sure the PHP is producing a correctly formed statement.

In other words echo your $sql variable, before attempting to use it.

echo $sql;



----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

 

[southbeach]

Aside from the parenthesis pointed out by jpadie, there is an extra single quote.

Try echoing $sql right after you set it and post here what it shows to see what it looks like ... I think this is what jpadie is asking.

 

[vacunita]

Isn't that what I said?

----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

 

[southbeach]

Oops!

I guess I am spending too much time under the sun