What's wrong with my SQL query?

Question

Hi guys, I need a quick look at my SQL query. It's already given me a headache. Comparing some advice I have gotten, I could not figure out the proper format for my SQL.

This is my code:

$query = "INSERT INTO `[my_db_name]`.`members` (`id` ,`first` ,`last` ,`add1` ,`add2` ,`phone_home` ,`phone_cell` ,`phone_dad` ,`phone_mom` ,`email1` ,`email2`)
    VALUES ('NULL' , '".$first."', '".$last."', '".$add1."', '".$add2."', '".$phone_home."', '".$phone_cell."', '".$phone_dad."', '".$phone_mom."', '".$email1."', '".$email2."')";

`mysql_query($query) or die ('Error updating database, Error:' . mysql_error());

Thanks in advance!

EDIT:

Currently I have this as the form:

<table border="0" cellpadding="0" cellspacing="0">

   <form  enctype="multipart/form-data" method="POST" action="add-member.php">

   <tr class="labels">

    <td class="f">Add a Member</td>
    <td class="l"></td>

   </tr>

   <tr>

    <td class="f"><label for="first">First Name:</label></td>
    <td class="l"><input id="first" type="text"/></td>

   </tr>


   <tr>

    <td class="f"><label for="last">Last Name:</label></td>
    <td class="l"><input id="last" type="text"/></td>

   </tr>

   <tr>

    <td class="f"><label for="add1">Address 1:</label></td>
    <td class="l"><input id="add1" type="text"/></td>

   </tr>

   <tr>

    <td class="f"><label for="add2">Address 2:</label></td>
    <td class="l"><input id="add2" type="text"/></td>

   </tr>

   <tr>

    <td class="f"><label for="phone_home">Home Phone:</label></td>
    <td class="l"><input id="phone_home" type="text"/></td>

   </tr>

   <tr>

    <td class="f"><label for="phone_cell">Cell Phone:</label></td>
    <td class="l"><input id="phone_cell" type="text"/></td>

   </tr>

   <tr>

    <td class="f"><label for="phone_dad">Dad Cell:</label></td>
    <td class="l"><input id="phone_dad" type="text"/></td>

   </tr>

   <tr>

    <td class="f"><label for="phone_mom">Mom Cell:</label></td>
    <td class="l"><input id="phone_mom" type="text"/></td>

   </tr>

   <tr>

    <td class="f"><label for="email1">Email 1:</label></td>
    <td class="l"><input id="email1" type="text"/></td>

   </tr>

   <tr>

    <td class="f"><label for="email2">Email 2:</label></td>
    <td class="l"><input id="email2" type="text"/></td>

   </tr>

  </table>

This is the insert query:

<?php

 $first = $_POST['first'];
 $last = $_POST['last'];
 $add1 = $_POST['add1'];
 $add2 = $_POST['add2'];
 $phone_home = $_POST['phone_home'];
 $phone_cell = $_POST['phone_cell'];
 $phone_dad = $_POST['phone_dad'];
 $phone_mom = $_POST['phone_mom'];
 $email1 = $_POST['email1'];
 $email2 = $_POST['email2'];

 include ("../lib/login.php");

 mysql_connect($hostname, $username, $password)
  or die("Unable to connect to MySQL");

 mysql_select_db ([dbname]);

 $query = "INSERT INTO `[dbname]`.`mem_dir` (`id` ,`first` ,`last` ,`add1` ,`add2` ,`phone_home` ,`phone_cell` ,`phone_dad` ,`phone_mom` ,`email1` ,`email2`)
   VALUES (NULL , '$first', '$last', '$add1', '$add2', '$phone_home', '$phone_cell', '$phone_dad', '$phone_mom', '$email1', '$email2')";

 mysql_query($query) or die ('Error updating database, Error:' . mysql_error());

 echo "Database successfully uploaded with:<br/><ul>
 <li>" . $first . "</li>
 ...
 </ul>";

?>

Seems to submit the entry, but not the values... I'm tired of looking at it and not seeing it. I appreciate all the help. Thanks!

EDIT (AGAIN):

As was pointed out by Salman A, the problem was in fact the form, and the fact that each input was identified with an "id", instead of a "name".

Thanks everyone, I really appreciate all the help! I guess my incorrect SQL formatting is another topic, eh?

Answer 1

NULL should not be quoted.

You can simplify the values list (since this seems to be PHP):

VALUES (NULL , '$first', '$last', '$add1', '$add2', '$phone_home', '$phone_cell', '$phone_dad', '$phone_mom', '$email1', '$email2')";

Answer 2

NULL values aren't escaped, that's the problem (in case the relative SQL value is really NULL, not a string "NULL")

$query = "INSERT INTO `[my_db_name]`.`members` (`id` ,`first` ,`last` ,`add1` ,`add2` ,`phone_home` ,`phone_cell` ,`phone_dad` ,`phone_mom` ,`email1` ,`email2`)
    VALUES (NULL , '".$first."', '".$last."', '".$add1."', '".$add2."', '".$phone_home."', '".$phone_cell."', '".$phone_dad."', '".$phone_mom."', '".$email1."', '".$email2."')";

Answer 3

Put a semicolon inside your string as well.

What's the error you're getting from the database (look in mysql logs)

Answer 4

Its the form that smells! Change all:

<input id="yadayada">

To:

<input name="yadayada">
<!--   ^^^^---- you must use the name attribute -->

Optional:

• The form tag is misplaced; I suggest that you put the <table> inside the <form>, not the other way round.
• I do not see a </form> and <input type="submit">.
• You do not need a multipart/form-data encoding unless you're uploading files.