Im trying to write a php scrip that will take POSTed variables and save them to a database then send an email with those variables.
Ive put together the below using methods I have used separately before without issue. I've made a mistake somewhere here thoug as I get the following warning on the page: Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''ws')' at line 16
I dont understand this warning as there is no ''ws')' at or near line 16.
What am I not getting here?
I took out all of the code for saving to the database and the email worked fine but I still cant see whats wrongwith the database code.
$email = $_POST['email'] ;
$number = $_POST['number'] ;
$ext = $_POST['ext'] ;
$startDay = $_POST['startDay'] ;
$endDay = $_POST['endDay'] ;
$startTime = $_POST['startTime'] ;
$endTime = $_POST['endTime'] ;
$startDay2 = $_POST['startDay2'] ;
$endDay2 = $_POST['endDay2'] ;
$startTime2 = $_POST['startTime2'] ;
$endTime2 = $_POST['endTime2'] ;
$sine = $_POST['sine'] ;
$webmaster_email = "support@website.com";
$hostname = "Sines.db.42.mywebresource.com";
$username = "Sines";
$dbname = "Sines";
$password = "Password!";
$usertable = "contact";
$con = mysql_connect($hostname, $username, $password);
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db($dbname, $con);
$sql="INSERT INTO contact (
`email` ,
`number` ,
`ext` ,
`startDay` ,
`endDay` ,
`startTime` ,
`endTime` ,
`startDay2` ,
`endDay2` ,
`startTime2` ,
`endTime2` ,
`sine`
)
VALUES
('$_POST[email]','$_POST[number]','$_POST[ext]','$_POST[startDay]','$_POST[endDay]','$_POST[startTime]','$_POST[endTime]','$_POST[startDay2]','$_POST[endDay2]','$_POST[startTime2]','$_POST[endTime2]'),'$_POST[sine]')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "User", ' ' , mysql_insert_id() , ' ' ,"added";
$_SESSION["PRid"] = mysql_insert_id();
mysql_close($con);
/*Below is for sending the email.*/
function isInjected($str) {
$injections = array('(\n+)',
'(\r+)',
'(\t+)',
'(%0A+)',
'(%0D+)',
'(%08+)',
'(%09+)'
);
$inject = join('|', $injections);
$inject = "/$inject/i";
if(preg_match($inject,$str)) {
return true;
}
else {
return false;
}
}
if ( isInjected($email) ) {
}
else {
$contents = <<
Email: $email
Number: $number
Ext: $ext
StartDay: $startDay
EndDay: $endDay
StartTime: $startTime
EndTime: $endTime
StartDay2: $startDay2
EndDay2: $endDay2
StartTime2: $startTime2
EndTime2: $endTime2
Sine: $sine
EOM;
mail( "$webmaster_email", "Contact", $contents);
}
?>
My database:
解决方案
The only thing I can see that could cause this is the extra ) in the following line;
('$_POST[email]','$_POST[number]','$_POST[ext]','$_POST[startDay]','$_POST[endDay]','$_POST[startTime]','$_POST[endTime]','$_POST[startDay2]','$_POST[endDay2]','$_POST[startTime2]','$_POST[endTime2]'),'$_POST[sine]')";
Change it to this;
('$_POST[email]','$_POST[number]','$_POST[ext]','$_POST[startDay]','$_POST[endDay]','$_POST[startTime]','$_POST[endTime]','$_POST[startDay2]','$_POST[endDay2]','$_POST[startTime2]','$_POST[endTime2]','$_POST[sine]')";