Break it up some.. try something like this:
$sql2 = "INSERT INTO appointments
(username, time, doctor_name, cost, reason1_for_visit, reason2_for_visit,reason3_for_visit,reason4_for_vi sit, fname, lname)
values ('" . $username . "' ,'" . $date. "','" . $doc . "'," . $totalcost . ",'" . $reason1. "', '". $reason2 . "','" . $reason3 ."','" . $reason4 . "','" . $fname. "','" . $lname . "' )";
Basically use the PHP string concatenation... unless you are getting a more specific error output...
Also i notice that you are trusting user input. NEVER do that.
Original:
Code:
$totalcost = $_GET["totalcost"];
$reason1 = $_GET["reason1"];
$reason2 = $_GET["reason2"];
$reason3 = $_GET["reason3"];
$reason4 = $_GET["reason4"];
$reason5 = $_GET["reason5"];
$reason6 = $_GET["reason6"];
$reason7 = $_GET["reason7"];
$reason8 = $_GET["reason8"];
New:
Code:
$reason1 = empty($_GET["reason1"]) ? null : addslashes($_GET["reason1"]);
// or something simpler:
$reason1 = addslashes($_GET["reason1"]);
Basically, If a value is not entered is sets it to null and if a value is present is adds slashes. You should protect your self against SQL injections.
also, you could have saved yourself some time by changing:
Code:
$totalcost = $_GET["totalcost"];
$reason1 = $_GET["reason1"];
$reason2 = $_GET["reason2"];
$reason3 = $_GET["reason3"];
$reason4 = $_GET["reason4"];
$reason5 = $_GET["reason5"];
$reason6 = $_GET["reason6"];
$reason7 = $_GET["reason7"];
$reason8 = $_GET["reason8"];
$date = $_GET["date"];
$reasons = array($reason1,$reason2,$reason3,$reason4,$reason5 ,$reason6,$reason7,$reason8);
rsort($reasons);
$reason1 = $reasons[0];
$reason2 = $reasons[1];
$reason3 = $reasons[2];
$reason4 = $reasons[3];
to:
Code:
$reasons = Array (1 => addslashes($_GET["reason1"]),
2 => addslashes($_GET["reason2"]),
3 => addslashes($_GET["reason3"]),
4 => addslashes($_GET["reason4"]),
5 => addslashes($_GET["reason5"]),
6 => addslashes($_GET["reason6"]),
7 => addslashes($_GET["reason7"]),
8 => addslashes($_GET["reason8"])
);
In your SQL you can reference the array directly : $reasons[1] etc...
Try adding some debugging if your SQL still doesnt work:
Code:
$result2 = mysqli_query($connect, $sql2);
if (!$result2) {
echo "Insert did not work.";
echo mysql_error();
//echo "<script language = 'javascript'>document.location.href='registered_lo gin_page.php?username=$username'</script>";
// or terminate execution of script
die(mysql_error());
}
One more thing, I don't believe anyone should every use inline php. HTML and PHP should always be kept separate because it makes code more maintainable and easier to read. When in doubt php.net is a pretty good documentation and example wise. If all else fails use Google.