Please tell me what I'm doing wrong. The sql query is in bold.
<?php
////////////////////////////////////////////////////////////////////////////////
//
// SECRET PAGE
//
// Invokes require_authentication() to ensure that the user is authenticated
//
////////////////////////////////////////////////////////////////////////////////
require("common.php");
require_authentication();
session_start(); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns='http://www.w3.org/1999/xhtml' xmlns:b='http://www.google.com/2005/gml/b' xmlns:data='http://www.google.com/2005/gml/data' xmlns:expr='http://www.google.com/2005/gml/expr' xml:lang="en">
<head>
<title>Preview Update</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta name="description" content="Superior Mini Trucks" />
<meta name="keywords" content="Wichita, Superior, mini, trucks, 'Mini Trucks'" />
<link href="" rel="shortcut icon" />
<link href="../site.css" media="screen" rel="stylesheet" type="text/css" />
<link href="../smoothbox.css" media="screen" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="../moo.js"> </script>
<script type="text/javascript" src="../inventory/index.js"> </script>
<script type="text/javascript" src="../inventory/smoothbox.js"> </script>
</head>
<body>
<div id="whole_page">
<div id="header">
</div>
<div style="opacity: 0.7; filter: alpha(opacity: 70);" id="nav">
</div>
<div style="clear: both;"></div>
<div style="opacity: 0.95;" class="content">
<div style="background-color: #fffff0;" id="log">
<?php
$data = $_SESSION['data'];
$year = $_POST['year'];
$make = $_POST['make'];
$model = $_POST['model'];
$miles = $_POST['miles'];
$comment = $_POST['comment'];
$option1 = $_POST['option1'];
$option2 = $_POST['option2'];
$option3 = $_POST['option3'];
$option4 = $_POST['option4'];
$option5 = $_POST['option5'];
$option6 = $_POST['option6'];
$option7 = $_POST['option7'];
$option8 = $_POST['option8'];
$update = array(0 => $data[0], $data[1], $data[2], $data[3], $data[4], $data[5], $data[6], $data[7], $year, $make, $model, $miles, $comment, $option1, $option2, $option3, $option4, $option5, $option6, $option7, $option8);
echo '<table class="pictured photo_data">';
echo ' ';
echo ' <tr> ';
echo ' <td width="320"> ';
echo ' <a href="/inventory/trucks/'.$data[0].'" title="" class="smoothbox" rel="inventory/trucks"><img src="../inventory/trucks/'.$data[4].'" alt="1" /></a></td> ';
echo ' <td width="320">'.$year.' '.$make.' '.$model.'<br/><br/>'.$miles.'<br/>'.$comment.'<br/><br/> ';
echo ' <a href="../inventory/trucks/'.$data[1].'" title="" class="smoothbox" rel="inventory/trucks"><img style="float:left" src="../inventory/trucks/'.$data[5].'" alt="2" /></a> ';
echo ' <a href="../inventory/trucks/'.$data[2].'" title="" class="smoothbox" rel="inventory/trucks"><img style="float:left" src="../inventory/trucks/'.$data[6].'" alt="3" /></a> ';
echo ' <a href="../inventory/trucks/'.$data[3].'" title="" class="smoothbox" rel="inventory/trucks"><img style="float:left" src="../inventory/trucks/'.$data[7].'" alt="4" /></a> ';
echo ' </td> ';
echo ' <td>'.$option1.'<br/>'.$option2.'<br/>'.$option3.'<br/><br/>';
if($option4 != "")
echo $option4.'<br/>';
if($option5 != null)
echo $option5.'<br/>';
if($option6 != null)
echo $option6.'<br/>';
if($option7 != null)
echo $option7.'<br/>';
if($option8 != null)
echo $option8;
echo '</td> ';
echo ' </tr> ';
echo '</table>';
echo '<br/><br/><br/>';
echo '<blockquote><blockquote><blockquote>';
echo '<form method="post" action="/inventory/">';
echo '<input type="submit" name="validated_confirmed_update" value="• • • Update Inventory • • •"> (not yet operational)</form>';
echo '</blockquote></blockquote></blockquote>';
$db_connection = @mysql_connect("-----------.--------.net", "--------", "---------");
if (!$db_connection) {
echo( "<P>Unable to connect to the database server at this time.</P>" );
exit();
}
$db = @mysql_select_db("-----------", $db_connection);
if(!$db) {
echo( "<P>Unable to locate the database at this time.</P>" );
exit();
}
[B] if ("SUBMIT" == $validated_confirmed_update) {
$sql = "INSERT INTO trucks (relpath-box1, relpath-box2, relpath-box3, relpath-primary, relpath-gallery1, relpath-gallery2, relpath-gallery3, year, make, model, miles, comment, option1, option2, option3, option4, option5, option6, option7, option8) VALUES (".$data[0].", ".$data[1].", ".$data[2].", ".$data[3].", ".$data[4].", ".$data[5].", ".$data[6].", ".$data[7].", ".$year.", ".$make.", ".$model.", ".$miles.", ".$comment.", ".$option1.", ".$option2.", ".$option3.", ".$option4.", ".$option5.", ".$option6.", ".$option7.", ".$option8.")"; [/B]
mysql_query($sql);
}
?>