[Ryouko]

I have a mysql database named joostinvites and in it I have a table named users. This table has the fields email addresses, firstname, last name and an integer set to 0 or 1 to " check off" if they have been invited.
I am trying to do this all from scratch and I made up a simple way to do it using PHP and mysql querys.

Here is my code that doesn't work:

PHP Code:

<?php
$link = mysql_connect ("mysql.joostswap.net", "ryouko", "MYPASS");
$sql_query = "insert into users (email, firstname, lastname, invited) values ($_POST[email], $_POST[firstname], $_POST[lastname], 0)";
mysql_query($sql_query);
mysql_close($link);
echo "User added correctly. Please wait patiently for your response!";
?>

it doesn't seem to get a parse error, it just doesn't add the information to the table. But it does when I run :
insert into users (email, firstname, lastname, invited) values ("my@email.com", "Joey", "poops", 0);
as an SQL query, someone please help me out here

[nova912]

PHP Code:

$sql_query = "insert into users (email, firstname, lastname, invited) values ($_POST[email], $_POST[firstname], $_POST[lastname], 0)"; 

should be

PHP Code:

$sql_query = "insert into users (email, firstname, lastname, invited) values (".$_POST['email'].", ".$_POST['firstname'].", ".$_POST['lastname'].", 0)"; 

Thats just to get it working.... you really need to screen you user input before putting it directly into a query string.

[Nico]

You have to put single quotes around strings.

PHP Code:

$sql_query = "
    insert into users
       (email, firstname, lastname, invited)
    values
       (
          '". mysql_real_escape_string($_POST['email']) ."',
          '". mysql_real_escape_string($_POST['firstname']) ."',
          '". mysql_real_escape_string($_POST['lastname']) ."',
          0
       )"; 

You can also add OR die( mysql_error() ); behind mysql_query() to get the exact error.

PHP Code:

mysql_query($sql_query) OR die( mysql_error() ); 

EDIT:

And I'm moving this topic to database...