I'm learning PHP and SQL, and for this page I am trying to practice preventing SQL Injection. Right now I'm just trying it on two variables. ac1 and ac2. I get an mysql() die error when I submit. What could be wrong?
<?php
$host="localhost"; // Host name
$username="******"; // Mysql username
$password="******"; // Mysql password
$db_name="******_practice"; // Database name
$tbl_name="administration"; // Table name
// Connect to server and select databse.
$dbc = mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
$ac1=$_POST['ac1'];
$ac2=$_POST['ac2'];
$fan=$_POST['fan'];
$na=$_POST['na'];
$dh=$_POST['dh'];
$tolerance1=$_POST['tolerance1'];
$temptime1=$_POST['temptime1'];
$tolerance2=$_POST['tolernce2'];
$temptime2=$_POST['temptime2'];
$tolerance3=$_POST['tolerance3'];
$temptime3=$_POST['temptime3'];
$tolerance4=$_POST['tolerance4'];
$temptime4=$_POST['temptime4'];
$tolerance5=$_POST['tolerance5'];
$temptime5=$_POST['temptime5'];
$humidtolerance1=$_POST['humidtolerance1'];
$humidtime1=$_POST['humidtime1'];
$humidtolerance2=$_POST['humidtolerance2'];
$humidtime2=$_POST['humidtime2'];
$humidtolerance3=$_POST['humidtolerance3'];
$humidtime3=$_POST['humidtime3'];
$humidtolerance4=$_POST['humidtolerance4'];
$humidtime4=$_POST['humidtime4'];
$humidtolerance5=$_POST['humidtolerance5'];
$humidtime5=$_POST['humidtime5'];
// To prevent MySQL injection (a form of internet hacking)
$ac1 = stripslashes($ac1);
$ac2 = stripslashes($ac2);
$ac1 = mysql_real_escape_string($ac1);
$ac2 = mysql_real_escape_string($ac2);
$custnum = 0;
$sql="UPDATE {$tbl_name} SET ac1 = '{$ac1}', ac2 = '{$ac2}', fan = '{$fan}', na = '{$na}', da = '{$dh}', tolerance1 = '{$tolerance1}', temptime1 = '{$temptime1}',tolerance2 = '{$tolerance2}', temptime2 = '{$temptime2}',tolerance3 = '{$tolerance3}', temptime3 = '{$temptime3}',tolerance4 = '{$tolerance4}', temptime4 = '{$temptime4}',tolerance5 = '{$tolerance5}', temptime5 = '{$temptime5}', humidtolerance1 = '{$humidtolerance1}', humidtime1 = '{$humidtime1}',humidtolerance2 = '{$humidtolerance2}', humidtime2 = '{$humidtime2}',humidtolerance3 = '{$humidtolerance3}', humidtime3 = '{$humidtime3}',humidtolerance4 = '{$humidtolerance4}', humidtime4 = '{$humidtime4}',humidtolerance5 = '{$humidtolerance5}', humidtime5 = '{$humidtime5}' WHERE custnum = '{$custnum}'";
$result = mysql_query($sql)
or die('Error querying database.');
//Send them back to the page they were at/
header("location:index.php");
?>
