I've been working with this script and although I'm a PHP newbee I'm almost there. I only have one issue with the NEW.PHP. When I submit data I get an error. Can anyone please get me in the right direction?
Script:
<?php
/*
NEW.PHP
Allows user to create a new entry in the database
*/
// creates the new record form
// since this form is used multiple times in this file, I have made it a function that is easily reusable
function renderForm($order, $discrjob, $item, $status, $daytimereq, $contact, $error)
{
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>New Record</title>
</head>
<body>
<?php
// if there are any errors, display them
if ($error != '')
{
echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>';
}
?>
<form action="" method="post">
<div>
<strong>Order: *</strong> <input type="text" name="order" value="<?php echo $order; ?>" /><br/>
<strong>Discrete job: *</strong> <input type="text" name="discrjob" value="<?php echo $discrjob; ?>" /><br/>
<strong>Item: *</strong> <input type="text" name="item" value="<?php echo $item; ?>" /><br/>
<strong>Status: *</strong> <input type="text" name="status" value="<?php echo $status; ?>" /><br/>
<strong>Day&time request: *</strong> <input type="text" name="daytimereq" value="<?php echo $daytimereq; ?>" /><br/>
<strong>Contact: *</strong> <input type="text" name="contact" value="<?php echo $contact; ?>" /><br/>
<p>* required</p>
<input type="submit" name="submit" value="Submit">
</div>
</form>
</body>
</html>
<?php
}
// connect to the database
include('connect-db.php');
// check if the form has been submitted. If it has, start to process the form and save it to the database
if (isset($_POST['submit']))
{
// get form data, making sure it is valid
$order = mysql_real_escape_string(htmlspecialchars($_POST['order']));
$discrjob = mysql_real_escape_string(htmlspecialchars($_POST['discrjob']));
$item = mysql_real_escape_string(htmlspecialchars($_POST['item']));
$status = mysql_real_escape_string(htmlspecialchars($_POST['status']));
$daytimereq = mysql_real_escape_string(htmlspecialchars($_POST['daytimereq']));
$contact = mysql_real_escape_string(htmlspecialchars($_POST['contact']));
// check to make sure both fields are entered
if ($order == '' || $discrjob == '' || $item == '' || $status == '' || $daytimereq == '' || $contact == '')
{
// generate error message
$error = 'ERROR: Please fill in all required fields!';
// if either field is blank, display the form again
renderForm($order, $discrjob, $item, $status, $daytimereq, $contact, $error);
}
else
{
// save the data to the database
mysql_query("INSERT qcdata SET order='$order', discrjob='$discrjob', item='$item', status='$status', daytimereq='$daytimereq', contact='$contact'")
or die(mysql_error());
// once saved, redirect back to the view page
header("Location: view.php");
}
}
else
// if the form hasn't been submitted, display the form
{
renderForm('','','','','','','');
}
?>
ERROR:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order='order1', discrjob='discrjob1', item='item1', status='status1', daytimereq' at line 1