I have a simple insert page that seems to go through with out any

Question

0

Asked: June 18, 20262026-06-18T12:47:58+00:00 2026-06-18T12:47:58+00:00

I have a simple insert page that seems to go through with out any

0

I have a simple insert page that seems to go through with out any errors but does not show up in db. I have read upwards of 30 diff posts on this and can not figure out what is wrong. I know the dbcon.php works as the display page pulls all the results no problem.

<?php
ob_start();
include('dbcon.php');

if (isset($_POST['submit'])){

$Ph1=preg_replace('/[^0-9]/', '', $_POST["ph1"]);
$Ph2=preg_replace('/[^0-9]/', '', $_POST["ph2"]);
$Name=mysql_real_escape_string($_POST['name']);
$Email=mysql_real_escape_string($_POST['email']);
$Group=$_POST['group'];

mysql_query("insert into reps (ph1,ph2,name,email,group)
        values("$Ph1","$Ph2","$Name","$Email","$Group")");
        header('location:index.php');
}
ob_flush();
?>

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-18T12:47:59+00:00

GROUP is a RESERVED KEYWORD. It must be enclosed with backtick,

insert into reps (ph1,ph2,name,email,`group`)

MySQL Reserved Keywords List

another problem is the used of `double quotes around values.

mysql_query("INSERT INTO reps (ph1,ph2,name,email,`group`) VALUES ('$Ph1','$Ph2','$Name','$Email','$Group')");

As a sidenote, the query is vulnerable with SQL Injection if the value(s) of the variables came from the outside. Please take a look at the article below to learn how to prevent from it. By using PreparedStatements you can get rid of using single quotes around values.

How to prevent SQL injection in PHP?

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have a simple insert page that seems to go through with out any

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply