I have a simple form that's supposed to enter submissions in a MySQL database but whenever the form is submitted I get a server 500 error. I'm new to the PHP/MySQL so i'm not seeing the problem. Any ideas?
HTML Form Excerpt:
<form method="post" action="submit.php">
<label for="fname">First Name *:</label>
<input type="text" id="fname" name="fname" /><br />
<label for="lname">Last Name *:</label>
<input type="text" id="lname" name="lname" /><br />
<label for="email">Email *:</label>
<input type="email" id="email" name="email" /><br />
<label for="phone">Phone Number:</label>
<input type="tel" id="phone" name="phone" /><br />
<input type="checkbox" id="ageverify" />
<label for="ageverify">I am at least 18 years of age *</label><br />
<input type="checkbox" id="terms" />
<label for="terms">I agree to the Terms & Conditions *</label><br />
<input type="submit" value="Submit" />
</form>
Entirety of submit.php
<?
mysql_connect("localhost","USERNAME","PASSWORD");
mysql_select_db("DB_NAME");
$sql = "INSERT into entries (fname,lname,email,phone,ageverify,terms) ";
$sql .= "VALUES (";
$sql .= $_POST['fname'] . ',' . $_POST['lname'] . ',' . $_POST['email'] . ',';
$sql .= $_POST['phone'];
if (isset($_POST['ageverify']) // if checked will exist, otherwise it won't
$sql .= 'yes' . ',';
else
$sql .= 'no' . ',';
if (isset($_POST['terms'])
$sql .= 'yes' . ',';
else
$sql .= 'no' . ',';
$sql .= ')';
$result = mysql_query($sql);
if($result){
echo("Thanks");
} else{
echo("Something went wrong");
}
?>
UPDATE: WORKING CODE (As rudimentary as it may be)
<?php
mysql_connect("localhost","USERNAME","PASSWORD");
mysql_select_db("DB_NAME");
$sql = "INSERT into entries (fname,lname,email,phone,ageverify,terms) ";
$sql .= "VALUES (";
$sql .= '"' . $_POST['fname'] . '"' . ',' . '"' . $_POST['lname'] . '"' . ',' . '"' . $_POST['email'] . '"' . ',';
$sql .= '"' . $_POST['phone'] . '"';
if (isset($_POST['ageverify'])) // if checked will exist, otherwise it won't
$sql .= ',' . '"yes"' ;
else
$sql .= ',' . '"no"';
if (isset($_POST['terms']))
$sql .= ',' . '"yes"';
else
$sql .= ',' . '"no"';
$sql .= ')';
echo $sql;
$result = mysql_query($sql);
if($result){
echo("Thanks");
} else{
echo("Something went wrong");
}
?>
First of all: Read up on SQL injection! You are definitely vulnerable!
Second, you should enable error reporting while developing - this would have told what was wrong.
The status 500 appears because something serverside went wrong. You can check your error logs, when this occurs.
Though, if you enable error reporting, you get the errors on screen. This would have told you that you have syntax errors.
You are missing ending parentheses on line 11 and 16:
if (isset($_POST['ageverify'])
should be
if (isset($_POST['ageverify']))
And the same goes for line 16.
Thirdly, always start PHP tags with <?php and NOT just <?. Try avoiding short tags.
The error log would be extremly helpfull in this case, but suspect the "," after the last "yes/no" to be the problem:
if (isset($_POST['terms'])
$sql .= 'yes';
else
$sql .= 'no';
The Syntax for Values is (Value1,Value2,...,ValueN).
Edit: And you are missing a closing bracket on lines 11 and 16. You should get an editor that validates the code you write. Saves you a lot of trouble.
A 500 error means the server is down, or otherwise not accessible. http://en.wikipedia.org/wiki/List_of_HTTP_status_codes#5xx_Server_Error
I'm assuming the connect and db parameters in your posted code were intentionally placed on here as generic entries and not what you're really using, right? Since you said you're new, the parameters of USERNAME, PASSWORD and DB_NAME aren't what you really use literally... you need to put in a real user, password and db name.