<?php
mysql_connect("localhost", "root", "") or die(mysql_error()); 
mysql_select_db("agenda") or die(mysql_error()); 

$q = mysql_query("INSERT INTO kontakte (emri, mbiemri,e-mail,nr,adresa,shenime) VALUES( 
'{$_POST['emri']}'
'{$_POST['mbiemri']}',
'{$_POST['e-mail']}',
'{$_POST['nr']}',
'{$_POST['adresa']}',
'{$_POST['shenime']}')

           ");


if (!$q) {
    $message  = 'Invalid query: ' . mysql_error() . "\n";
    $message .= 'Whole query: ' . $query;
    die($message);
}
?>

<html>
<head></head>
<body>
<div class="box">
<form action="kontakt.php" method="POST">
<p>Emri<input type="text" name="emri">
<p>Mbiemri <input type="text" name="mbiemri">
<p>E-mail<input type="text" name="e-mail">
<p>Nr tel<input type="text" name="nr">
<p>Adresa<input type="text" name="adresa">
<p>Shenime<textarea name="shenime" rows="6" cols="25"></textarea><br />
<input type="submit" value="Krijo">
<input type="reset" value="Clear">
</form>
</div>
</body>
</html>

Can anyone tell me what is wrong with the caode? i get undefined index for every input i want to make, this is the error i get on the browser:
Invalid query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-mail,nr,adresa,shenime) VALUES( '' '', '', '', '', '')' at line 1 Whole query:

The problem seems to be the hyphen in "e-mail".

No it's not that, i removed it, still the same thing

I fixed that error using isset function but now i get this error
Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING
the line where the error shows is :
if(isset($_POST['emri'])){ $emri=$_POST['emri'];}

can you show a few lines before this line

if(isset($_POST['emri'])){
    $emri=$_POST['emri'];
}
<?php
mysql_connect("localhost", "root", "") or die(mysql_error()); 
mysql_select_db("agenda") or die(mysql_error()); 

$q = mysql_query("INSERT INTO kontakte (emri, mbiemri,e-mail,nr,adresa,shenime) VALUES(

if(isset($_POST['emri'])){ $emri=$_POST['emri']}
 if(isset($_POST['mbiemri'])){ $emri=$_POST['mbiemri']}
 if(isset($_POST['email'])){ $emri=$_POST['email']}
 if(isset($_POST['nr'])){ $emri=$_POST['nr']}
 if(isset($_POST['adresa'])){ $emri=$_POST['adresa']}
 if(isset($_POST['shenime'])){ $emri=$_POST['shenime']}
 )  

           ");


if (!$q) {
    $message  = 'Invalid query: ' . mysql_error() . "\n";
    $message .= 'Whole query: ' . $query;
    die($message);
}
?>

<html>
<head></head>
<body>
<div class="box">
<form action="kontakt.php" method="POST">
<p>Emri<input type="text" name="emri">
<p>Mbiemri <input type="text" name="mbiemri">
<p>E-mail<input type="text" name="email">
<p>Nr tel<input type="text" name="nr">
<p>Adresa<input type="text" name="adresa">
<p>Shenime<textarea name="shenime" rows="6" cols="25"></textarea><br />
<input type="submit" value="Krijo">
<input type="reset" value="Clear">
</form>
</div>
</body>
</html>

This is the whole code

From my understanding this is not going to work :

if(isset($_POST['emri'])){ $emri=$_POST['emri']}
 if(isset($_POST['mbiemri'])){ $emri=$_POST['mbiemri']}
 if(isset($_POST['email'])){ $emri=$_POST['email']}
 if(isset($_POST['nr'])){ $emri=$_POST['nr']}
 if(isset($_POST['adresa'])){ $emri=$_POST['adresa']}
 if(isset($_POST['shenime'])){ $emri=$_POST['shenime']}
 ) 

Your SQL is stating that "these fields" & "these values" you cannot use the if(isset... in this manner.

Try a dynamic SQL statement using:

$_POST as $field => $value

This takes the POST data and puts it into arrays, you would then step through them within you SQL stmt. So field and values are:

INSERT INTO kontakte ('$field[]') values ('$value[]');

*Note tested - this is an idea which you need to adapt

That way it will only use the POST fields that are isset.

*Side note - you should validate and clean any POST data

I have lines changed 5 to 15 in above code, you can not write if in string formation.
remove all your 5 - 15 lines and only add following line.

$q = mysql_query("INSERT INTO kontakte (emri, mbiemri,e-mail,nr,adresa,shenime) VALUES('{$_POST['emri']}','{$_POST['mbiemri']}','{$_POST['email']}','{$_POST['nr']}','{$_POST['adresa']}','{$_POST['shenime']}')");

I have lines changed 5 to 15 in above code, you can not write if in string formation.
remove all your 5 - 15 lines and only add following line.

$q = mysql_query("INSERT INTO kontakte (emri, mbiemri,e-mail,nr,adresa,shenime) VALUES('{$_POST['emri']}','{$_POST['mbiemri']}','{$_POST['email']}','{$_POST['nr']}','{$_POST['adresa']}','{$_POST['shenime']}')");

This is the same as what was in the original POST ^^

Member Avatar for diafol

Also, celan your post variables or you could be open to SQL injection. In fact drop mysql_* functions like a bad habit. Use mysqli or PDO and employ parameterized queries.

I just looked at your latest post thought thats whats you are working on.

But your original query is fine, you just enquote your e-mail (as you are using hyphen in col name) column with ` (back quote, first key in keyboard, above tab)

$q = mysql_query("INSERT INTO kontakte (`emri`, `mbiemri`,`e-mail`,`nr`, `adresa`, `shenime`) VALUES('{$_POST['emri']}','{$_POST['mbiemri']}','{$_POST['email']}','{$_POST['nr']}','{$_POST['adresa']}','{$_POST['shenime']}')");
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.