Hello Everyone,
This is likely the easiest problem to solve, however after hours of staring at this code I can't think anymore. The following query will not add my variables to my SQL database! However, an echo statement with the variables works fine.
$message = $_POST['message'];
$author = $_POST['author'];
$sql = "INSERT INTO Quotes (Quote, Author)
. VALUES ('$message', '$author')";
mysql_query($sql);
What am I missing?
Thank-you,
-Jonathan
Simple INSERT INTO Query won't work
Moderator: General Moderators
-
codemonkey
- Forum Newbie
- Posts: 6
- Joined: Thu Oct 29, 2009 6:06 pm
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
Re: Simple INSERT INTO Query won't work
You have an errand period inside your query.
to
Secondly, you should consider using
to determine why the query failed.
Thirdly, you should always pass your input thru mysql_real_escape_string() to avoid SQL injection.
I.e.,
Fourthly, please use tags when posting PHP code.
Code: Select all
$sql = "INSERT INTO Quotes (Quote, Author)
. VALUES ('$message', '$author')";Code: Select all
$sql = "INSERT INTO Quotes (Quote, Author) VALUES ('$message', '$author')";Code: Select all
mysql_query($sql) or die(mysql_error())Thirdly, you should always pass your input thru mysql_real_escape_string() to avoid SQL injection.
I.e.,
Code: Select all
$message = mysql_real_escape_string($_POST['message']);
$author = mysql_real_escape_string($_POST['author']);Code: Select all
-
codemonkey
- Forum Newbie
- Posts: 6
- Joined: Thu Oct 29, 2009 6:06 pm
Re: Simple INSERT INTO Query won't work
Hi John,
Thank-you for your help, I appreciate it. From now on I will be sure to put my code within the code tags when making posts.
What does it mean to "avoid SQL injection"?
Thank-you for your help, I appreciate it. From now on I will be sure to put my code within the code tags when making posts.
What does it mean to "avoid SQL injection"?