PHP-скрипт, не вставляющий данные формы в базу данных

Question

У меня возникли проблемы с вставкой данных формы в мою базу данных. Я могу подключиться к базе данных, поскольку она не вызывает ошибку, но информация не вводится. Ниже мой код, любая помощь будет оценена по достоинству.

<?php 
// string checking 
function isValid($str) { 
    if(!preg_match('/[^A-Za-z0-9.-]/', $str)) { 
    return true; 
    } else { 
    return false; 
    } 
} 


// Check for form submission 
if(isset($_POST['submit'])){ 

// Get the POST data 
$agree = $_POST['agree']; 
$firstname = $_POST['firstname']; 
$surname = $_POST['surname']; 
$business = $_POST['business']; 
$state = $_POST['state']; 
$email = $_POST['email']; 

// If the T&C box has been ticked 
if($agree){ 

    // Validate the POST data 
    $validationError = ''; 

    // Name Validation 
    if($firstname == ''){ 
     $validationError .= "Please enter your first name.\n"; 
    } else { 
     if(is_numeric($firstname)){ 
     $validationError .= "The first name you have supplied cannot contain numbers.\n"; 
     } 
     if(strlen($firstname) > 50) { 
     $validationError .= "The first name you have supplied must be less than 50 characters.\n"; 
     } 
     if(strlen($firstname) < 3) { 
     $validationError .= "The first name you have supplied is too short.\n"; 
     } 
     if(isValid($firstname) == false){ 
     $validationError .= "The first name cannot contain special characters.\n"; 
    } 
    } 

if($surname == ""){ 
     $validationError .= "Please enter your Surname.\n"; 
    } else { 
     if(is_numeric($surname)){ 
     $validationError .= "The Surname you have supplied cannot contain numbers.\n"; 
     } 
     if(strlen($surname) > 50) { 
     $validationError .= "The Surname you have supplied must be less than 50 characters.\n"; 
     } 
     if(strlen($surname) < 3) { 
     $validationError .= "The Surname you have supplied is too short.\n"; 
     } 
     if(isValid($surname) == false){ 
     $validationError .= "The Surname cannot contain special characters.\n"; 
    } 
    } 


if($state == ''){ 
     $validationError .= "Please select your state.\n"; 
} 

    // Email validation 

    // Function to validate email addresses, taken from here: http://www.linuxjournal.com/article/9585 
    function check_email_address($email) { 

     // Set up regular expression strings to evaluate the value of email variable against 
     $regex1 = '/^[_a-z0-9-][^()<>@,;:\\"[] ]*@([a-z0-9-]+.)+[a-z]{2,4}$/i'; 

     // Run the preg_match function on regex 1 
     if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/",$email)) { 
      return false; 
     } else { 
      return true;  
     } 
    } 

    if($email != ''){ 
     if(!check_email_address($email)) { 
     $validationError .= "The email address does not appear to be correct, please try again.\n"; 
     } 
    } else { 
     $validationError .= "Please enter your email address.\n"; 
    } 

    //Start the mySQL connection 

    if($validationError == ''){ 
    $link = mysql_connect('localhost', '--removed--', '--removed--'); 

    if (!$link) { 
     $validationError .= "There was an error connecting to the database. Please contact us so that we can fix the problem.\n"; 
    } else { 

     // Select the db 
     mysql_select_db("keyinv_seminar", $link); 

     // Check for an existing entry under that email address 
     $checkQuery = 'SELECT * FROM seminar WHERE email="' . mysql_real_escape_string($email) . '"'; 
     $result = mysql_query($checkQuery, $link); 

     if (mysql_num_rows($result) != 0) { 
     $validationError .= "There is already an entry in the competition, using that email address.\n"; 
     } else { 
     // There is no existing entry, update the db 
     $insertQuery = "INSERT INTO seminar (firstname, surname, business, state, email) VALUES ('" . mysql_real_escape_string($firstname) . "', '" . mysql_real_escape_string($surname) . "', '" . mysql_real_escape_string($business) . "', " . mysql_real_escape_string($state) . ", '" . mysql_real_escape_string($email) . "')"; 

     $result = mysql_query($insertQuery, $link); 

     } 

     // Close the connection 
     if($link){ 
     mysql_close($link); 

     if($validationError == ''){ 
      header('Location: thankyou.php'); 
     } 
     } 
    } 
    } 
} else { 
    $validationError = "You must accept the Terms and Conditions \nin order to enter this contest."; 
} 
} 
?> 

Answer 1

Проверьте свой INSERT запрос ..

$insertQuery = "INSERT INTO seminar (firstname, surname, business, state, email) VALUES ('" 
    . mysql_real_escape_string($firstname) . "', '" 
    . mysql_real_escape_string($surname) . "', '" 
    . mysql_real_escape_string($business) . "', " 
    . mysql_real_escape_string($state) . ", '" 
    . mysql_real_escape_string($email) . "')"; 

Вы пропустили некоторые одиночные кавычки вокруг значения $state. Измените его так:

$insertQuery = "INSERT INTO seminar (firstname, surname, business, state, email) VALUES ('" 
    . mysql_real_escape_string($firstname) . "', '" 
    . mysql_real_escape_string($surname) . "', '" 
    . mysql_real_escape_string($business) . "', '" 
    . mysql_real_escape_string($state) . "', '" 
    . mysql_real_escape_string($email) . "')";