Page 1 of 1

help! not sure how to resolve this error

Posted: Fri Feb 12, 2010 3:46 pm
by mattman098
Basically I'm doing an add function for a small project, and I'm trying to add values from text fields into a database using _POST...

and I think I'm soooooo close to having it work but I'm getting this one error when i try and run it

Code: Select all

Fatal error: Function name must be a string in /home/a2778613/public_html/add.php on line 3
I'm thinking i might have something to do with how that particular value is an integer in the database, and I'm trying to force it into a string or something? that's just a guess though...

anyway here's my code:

Code: Select all

<?php
 
$stid = $_POST('stid');
$fname = $_POST('fname');
$sname = $_POST('sname');
$crs = $_POST('crs');
$sch = $_POST('sch');
$yos = $_POST('yos');
 
$con = mysql_connect("[i]dbhost[/i]", "[i]username[/i]", "[i]password[/i]"); 
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }
 
mysql_select_db("[i]dbname[/i]", $con);
 
mysql_query("INSERT INTO students VALUES($stid, $fname, $sname, $crs, $sch, $yos)");
 
mysql_close($con);
 
?>
Thanks in advance for any help here, and if you think you need to see any more of my code to sort this just let me know and I'll post it

Re: help! not sure how to resolve this error

Posted: Fri Feb 12, 2010 4:32 pm
by manohoo
assuming all fields are text fields:

Code: Select all

mysql_query("INSERT INTO students VALUES('$stid', '$fname', '$sname', '$crs', '$sch', '$yos')");
just remove the single quotes for numeric fields

Re: help! not sure how to resolve this error

Posted: Fri Feb 12, 2010 5:37 pm
by flying_circus
  • You must use square braces "[]" to referece values of an array.
  • You should check all input data for existence
  • You should validate your input data.
  • You should escape all of your data before putting it into the database.
  • You should use correct SQL syntax.

Code: Select all

<?php
  $stid = (isset($_POST['stid'])) ? $_POST['stid'] : "";
  $fname = (isset($_POST['fname'])) ? $_POST['fname'] : "";
  $sname = (isset($_POST['sname'])) ? $_POST['sname'] : "";
  $crs = (isset($_POST['crs'])) ? $_POST['crs'] : "";
  $sch = (isset($_POST['sch'])) ? $_POST['sch'] : "";
  $yos = (isset($_POST['yos'])) ? $_POST['yos'] : "";
 
 $con = mysql_connect("dbhost", "username", "password");
  
  if (!$con)
    die('Could not connect: ' . mysql_error());
    
  mysql_select_db("dbname", $con);
  
  mysql_query(sprintf("INSERT INTO `students` (`stid`, `fname`, `sname`, `crs`, `sch`, `yos`) VALUES ('%s', '%s', '%s', '%s', '%s', '%s');",
                      mysql_real_escape_string($stid, $con),
                      mysql_real_escape_string($fname, $con),
                      mysql_real_escape_string($sname, $con),
                      mysql_real_escape_string($crs, $con),
                      mysql_real_escape_string($sch, $con),
                      mysql_real_escape_string($yos, $con)));
  
  mysql_close($con);
?>

Re: help! not sure how to resolve this error

Posted: Sat Feb 13, 2010 4:25 am
by mattman098
well cheers guys, i'll try this as soon as i get back to the computer connected to the server

by the way, sorry i posted this thread twice (if you noticed), have no idea how that happened...

Re: help! not sure how to resolve this error

Posted: Sat Feb 13, 2010 6:01 am
by mattman098
yeah it works thanks =D

it was the _POST arrays and square brackets that i miseed, altohugh the apostrophes in the SQL statement were bound to be an error as soon as i'd sorted the first bit

as for all the code validationa nd escaping etc, i'll be adding that in for the final bit, at the moment i'm just rying to get to grips with he basics

thanks again!