PHP & MySQL

I can't figure out what's fucked up with my insert SQL query in PHP:

HTML Form:

<form method="POST" action="hw8b.php">
    Name:<br />
    <input type="text" name="name" /><br /><br />
    City:<br />
    <input type="text" name="city" /><br /><br />
    Email:<br />
    <input type="text" name="email" /><br /><br />
    <input type="submit" value="Insert">
    </form>

PHP page:

<?php

$DBConnect = mysql_connect("localhost", "mylastname", "");

if (! $DBConnect)
{
  echo "<P>Database not available";
}

$password = "myusername";
$userID = "mypassword";

$name = $_POST["name"];
$city = $_POST["city"];
$email = $_POST["email"];

mysql_select_db("myDBName");

$SQLstring = "INSERT INTO FANS VALUES(" . $name . ",'" . $city . "','" . $email . "');";

$QueryResult = mysql_query($SQLstring);

Anyone? Need halp.

"INSERT INTO FANS VALUES(" . $name . ",'" . $city . "','" . $email . "');";
$name = "hax";
$city = "'); drop tables; //"

>>3
$name = "BOBBY'); drop tables; //"

xkcd lulz
inb4 polecat
inb4 fo``f''

>>4
Back to xkcd.

>>5
Fuck off, ``faggot''.

>>3

I'm not a dumbshit.



Anyone actually care to give USEFUL advice?

>>7
No, fucking TRY it. That's the problem with your code. You should be grateful to get even that, with a  problem description of "fucked up".

>>8
>drop tables;

I know SQL.

What I don't know is fucking with it from PHP.

>>9
Not that, you moron. Do >>3 in notepad. Substitute the variables manually. Look at what you did wrong in the string, and learn about unescape or whatever it's called.

>>9
http://php.net/manual/en/function.mysql-real-escape-string.php

Man, I'm a web guy and you fucking suck OP. First off, never use double quotes you gay little faggot. If you have to put variables in a string use http://php.net/manual/en/function.sprintf.php Next you don't fucking know SQL because you don't even declare which fucking fields you're going to store the data in with your query and on top of that you didn't escape...WAIT!! WAIIT...
$password = "myusername";
$userID = "mypassword";???? REALLY!! REALLY? I've been fucking trolled. FUCK YOU OP!

>>12

myusername
mypassword

FILLER FIELDS

I'm not giving some random faggots online ANY Inkling of who I am, regardless if you have all the info needed to fuck with me.


also I will use double quotes all the fuck I want...unless you're talking about the actual INSERT cmd...my faggot teacher did all that shit and it makes no fucking sense at all.

>>12
Man, I'm a web guy
And it shows.  Maybe you should learn something about programming instead.

>>12
$password = "myusername";
$userID = "mypassword";
I didn't notice that. WHBT.

>>14
That's the beauty of web programming--I don't have too!
Fuck off, [faggot]`spoiler'[/faggot]

http://www.php.net/manual/en/pdostatement.execute.php This.

>>14

Actually I'm first and foremost a programmer. I know VB(garbage)/Java/C++/C#(glorified VB&C++).

I hate this web shit...but it's required for my degree so I'm getting it done.

Had other shit to do earlier so I couldn't work it out after my posts, going to try to now.

This thread is convoluted with bullshit replies, apparently.

My feelings are hurt.