Page 1 of 1

Form Help

Posted: Tue Oct 06, 2009 10:41 am
by daebat
Here is the form:

Code: Select all

<?
 
include("../include/session.php");
 
?>
 
 
<?php
 
 
if ($submit) {
 
 
$sql = "UPDATE productimages SET
title='".$_POST['title']."', 
upjpg='".$_POST['upjpg']."',
uptiff='".$_POST['uptiff']."',
uppng='".$_POST['uppng']."', 
chungshi='".$_POST['chungshi']."',   
stretchwalker='".$_POST['stretch_walker']."',
akaishi='".$_POST['akaishi']."', 
bellamargiano='".$_POST['bellamargiano']."',
mbt='".$_POST['mbt']."', 
upthumb='".$_POST['upthumb']."'
where id ='".mysql_real_escape_string($_POST['id'])."'";
 
        $result = mysql_query($sql) or die(mysql_error());
 
 
print("Product Added");
 
 
 
 
 
} else {
 
 
$result = mysql_query("SELECT * FROM productimages WHERE id = '$id'");
     while ($row=mysql_fetch_array($result)) {
        $id = $row[id];
        $uptiff = $row[uptiff];
        $upjpg = $row[upjpg];
        $uppng = $row[uppng];
        $chungshi = $row[chungshi];
        $stretchwalker = $row[stretchwalker];
        $akaishi = $row[akaishi];
        $bellamargiano = $row[bellamargiano];
        $mbt = $row[mbt];
        $upthumb = $row[upthumb];
 
     }
 
print ("
 
 
 
<form method=post action=productimages2.php>
Product Title:<br>
<input type=text name=title size=60><br><br>
 
 
Choose Categories that this story is relevant to:<br>
 
<input type=checkbox name=chungshi value=1> Chung Shi<br>
<input type=checkbox name=stretchwalker value=1> Stretchwalker<br>
<input type=checkbox name=akaishi value=1> Akaishi<br>
<input type=checkbox name=bellamargiano value=1> Bellamargiano<br>
<input type=checkbox name=mbt value=1> MBT<br><br>
 
 
<table width=500 cellpadding=0 cellspacing=0>
 
 
 
<tr><td colspan=2 class=top><strong>Images</strong></td></tr>
 
<tr><td>Upload JPG</td><td><br><input type=file name=upjpg></td></tr>
<tr><td colspan=2 class=top> </td></tr>
<tr><td>Upload TIFF</td><td><br><input type=file name=uptiff> </td></tr>
<tr><td colspan=2 class=top> </td></tr>
<tr><td>Upload PNG</td><td><br><input type=file name=uppng> </td></tr>
<tr><td colspan=2 class=top> </td></tr>
<tr><td>Upload Thumbnail</td><td><br><input type=file name=upthumb> </td></tr>
</table>
 
 
<br>
<input type=submit name=submit value=submit><br>
<br>
</form>
 
");
     
     
    
 
}
 
?>
Here is the sql connection:

Code: Select all

<?php
$con = mysql_connect("localhost", "user", "pass");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }
mysql_select_db("database", $con);
$sql = "insert into productimages ('".mysql_real_escape_string($_POST['title'])."', '".mysql_real_escape_string($_POST['chungshi'])."', '".mysql_real_escape_string($_POST['stretchwalker'])."', '".mysql_real_escape_string($_POST['akaishi'])."', '".mysql_real_escape_string($_POST['bellamargiano'])."', '".mysql_real_escape_string($_POST['mbt'])."', '".mysql_real_escape_string($_POST['upjpg'])."', '".mysql_real_escape_string($_POST['uptiff'])."', '".mysql_real_escape_string($_POST['uppng'])."', '".mysql_real_escape_string($_POST['upthumb'])."')";
mysql_query($sql) or die(mysql_error()." <br /> $sql");
 
 
echo "The following information was entered into the database<br><br><br>";
echo "<b>Title:</b>&nbsp;$_POST[title]<br>";
 
echo "Thanks for taking the time to submit your information.";
 
mysql_close($con);
 
?>
And here is the error I'm getting:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''asdfasdf', '', '', '', '1', '', '', '', '', '')' at line 1
insert into productimages ('asdfasdf', '', '', '', '1', '', '', '', '', '')
Thanks for any help you can provide. :arrow:

Re: Form Help

Posted: Tue Oct 06, 2009 1:18 pm
by chopsmith
Have you done any debugging at all? For instance, go back and echo each variable after it's assigned a value. Also, did you put 'asdfasdf' as the title? Or did you just do that for this posting? Also, are you saying that the second file you've shown is the 'session.php' file you include in the first one? It seems like a weird way of doing things if that's what you're doing. If that's not what you're doing, then what are you querying in the first file? You write SQL, and do a query but where in that file are you opening a connection to the db?