if($_GET['action'] == "add"){
if($_SERVER['REQUEST_METHOD'] == "POST"){
if(empty($_POST['bugtitle']) || empty($_POST['bugdetails'])){
echo 'One of the fields was empty! Go back and try again.<br/>';
}
else
{
$query = "INSERT INTO bra
(
bugtitle,
bugdetails,
status,
ip,
)
VALUES
(
'". mysql_real_escape_string($_POST['bugtitle']) ."',
'". mysql_real_escape_string($_POST['bugdetails']) ."',
'0',
'". $_SERVER['REMOTE_ADDR'] ."'
)";
$mysqlquery = mysql_query($query);
if($mysqlquery){
echo 'Bug reported.<br/>';
}
else
{
echo 'Mysql query failed! Please contact the webmaster!<br/>'.mysql_error().'<br/>'.$query;
}
}
}
else
{
?>
<form action="bra.php?action=add" method="post">
Bug title: <input type="text" name="bugtitle"/><br/>
Details:<br/>
<textarea cols="50" rows="5" name="bugdetails"></textarea><br/>
By pressing 'submit' you understand that you will not spam and your ip adress will be logged.<br/>
<input type="submit" value="submit"/>
</form>
<?php
}
}
And this is what it returned:
Mysql query failed! Please contact the webmaster! You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ') VALUES ( 'There is a bug', 'And its call' at line 7 INSERT INTO bra ( bugtitle, bugdetails, status, ip, ) VALUES ( 'There is a bug', 'And its called maja', '0', '127.0.0.1' )
What is wrong with this query?!?
