Posting date of birth to a database (New to PHP)

[xCiter]

Hi there,

 

I'm new to PHP so sorry if this is a really basic question.

 

How do i post date of birth collected from a form, into a database?

 

I have the fields in the form set up as 'day' 'month' 'year' all of which are drop-down boxes.

 

I tried doing it one way which i saw on a different website, but it didn't work. Here is what i tried:

'$_POST[day] . - . $_POST[month]' . - . $_POST[year]',

 

More info: In the database table this information is going to, the "date of birth" field is set to "DATE" type. Don't know if that makes any difference

[codefossa]

The $_POST array is data posted to the page.  You have to run a mysql_query to actually insert it into the database.

[xCiter]

I should have mentioned before that the above code is not all that i have.

 

This is all of it:

 

<?php
// Create php connection 
$connection = mysql_connect("*****","*****","****");

// If no connection is established, error message.
if (!$connection)
{
die("Error: Could not connect to host. Reason: " . mysql_error());
}

mysql_select_db("bliss510_social", $connection);

$sql = "INSERT INTO account (Username, FirstName, LastName, DateofBirth, Email, HearAbout, Recommended, FriendUser) VALUES ('$_POST[username]','$_POST[fname]','$_POST[lname]','$_POST[day]' . - . '$_POST[month]' . - . '$_POST[year]','$_POST[email]','$_POST[hear]',$_POST[recom]',$_POST[fusername]')";

if (!mysql_query($sql, $connection))
{
die('Error: ' .mysql_error());
}
echo "1 record added";
mysql_close($connection)
?>

[Pikachu2000]

First, you should be storing your dates in YYYY-MM-DD format in a field with DATE (or DATETIME) data type. Then to make the query string more readable, you might want to concatenate the individual parts of the date and store it in a variable. And I know you said you're new to PHP, but you will always need to validate/sanitize any user-supplied data before allowing it to be used in a DB query string. There's no better time to learn good habits than when you're new.

 

$dob = "{$_POST['year']}-{$_POST['month']}-{$_POST['day']}";
$query = INSERT INTO table (dob_field) VALUES ('$dob');
// etc.

[xCiter]

Thanks for the reply, i did what you recommended but get this error:

 

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '',')' at line 1

 

This is the updated version of my code:

 

$dob = "{$_POST['year']}-{$_POST['month']}-{$_POST['day']}";
$sql = "INSERT INTO account (Username, FirstName, LastName, DateofBirth, Email, HearAbout, Recommended, FriendUser) VALUES ('$_POST[username]','$_POST[fname]','$_POST[lname]','$dob','$_POST[email]','$_POST[hear]',$_POST[recom]',$_POST[fusername]')";

 

Could you explain a bit more about sanitizing data? I've seen it posted before but still don't understand what it does

[Pikachu2000]

You're missing a bunch of single quotes in the query string, for starters. Echo the query string along with the error, and you should be able to spot the problems.

 

if (!mysql_query($sql, $connection))
{
die("<br>Query: $sql<br>Produced Error: " .mysql_error());
}