Error:
INSERT INTO demorequests
(firstname,lastname,email,phone,company,jobtitle,numberofstaff)
VALUES
(Hank,Janssens,contact@hankjanssens.com,5193174848,Imaginadev,,1)
You have an error in your SQL syntax; check the manual that corresponds to your MySQL
server version for the right syntax to use
near '@hankjanssens.com,5193174848,Imaginadev,,1)' at line 2
Database table structure
CREATE TABLE IF NOT EXISTS `demorequests` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`firstname` varchar(30) NOT NULL,
`lastname` varchar(30) NOT NULL,
`email` varchar(60) NOT NULL,
`phone` varchar(12) NOT NULL,
`company` varchar(60) NOT NULL,
`jobtitle` varchar(30) NOT NULL,
`numberofstaff` varchar(12) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;
PHP //assign $_POST to variables
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$company = $_POST['company'];
$jobtitle = $_POST['jobtitle'];
$numberofstaff = $_POST['numberofstaff'];
$sql = "INSERT INTO demorequests
(firstname,lastname,email,phone,company,jobtitle,numberofstaff)
VALUES ($firstname,$lastname,$email,$phone,$company,$jobtitle,$numberofstaff)";
Jonathan - When dealing with strings, VALUES need to be quoted.
('$firstname','$lastname','$email','$phone','$company','$jobtitle','$numberofstaff')
Nota: If it's an int, then quotes are not required. However, all of your columns are VARCHAR except for the id column being an AI.
Do sanitize your inputs also with mysqli_real_escape_string() since your present code is open to SQL injection.
You may always want to use stripslashes() in conjunction with mysqli_real_escape_string(), should a name contain an apostrophe.
For example: (assuming you're using mysqli_ as your connecting API).
$firstname = stripslashes($_POST['firstname']);
$firstname = mysqli_real_escape_string($con, $_POST['firstname']);
and do the same for the rest.
Or better yet:
Use mysqli with prepared statements, or PDO with prepared statements, they're much safer.
Add quotes around your string variables.
$sql = "INSERT INTO demorequests (firstname,lastname,email,phone,company,jobtitle,numberofstaff)
VALUES ('$firstname','$lastname','$email','$phone','$company','$jobtitle','$numberofstaff')";
NOTE:
You need to have ' around the strings in the values clause.
You need to put them in single quotes, else it won't work. This is what causing your error.
$sql = "INSERT INTO demorequests (firstname,
lastname,
email,
phone,
company,
jobtitle,
numberofstaff)
VALUES ('$firstname',
'$lastname',
'$email',
'$phone',
'$company',
'$jobtitle',
'$numberofstaff')"
On a side note, you re vunerable for SQL attacks. Use mysqli_real_escape_string to escape all your variables.