Page 2 of 2

Posted: Mon Aug 15, 2005 5:22 pm
by feyd
bla5e wrote:

Code: Select all

mysql_query("INSERT INTO `members` (id, shortname, fullname, age, car, location, state, body, engine, brag, future) VALUES ('', '".$_POST['shortname']."','".$_POST['fullname']."','".$_POST['age']."','".$_POST['car']."','".$_POST['location']."','".$_POST['state']."', '$body', '$engine', '$brag', '$future') or die(mysql_error()");
uh yeah.....

Code: Select all

mysql_query("INSERT INTO `members` (id, shortname, fullname, age, car, location, state, body, engine, brag, future) VALUES ('', '".$_POST['shortname']."','".$_POST['fullname']."','".$_POST['age']."','".$_POST['car']."','".$_POST['location']."','".$_POST['state']."', '$body', '$engine', '$brag', '$future')") or die(mysql_error());
You still haven't posted what one of these failing query strings is... but since you refuse to.. I'll just blurt out what comes naturally: you aren't escaping the $_POST variables you are using, so any garbage in there could potentially screw with the query. You have a really big potential for SQL injection with these lines.

Posted: Mon Aug 15, 2005 6:03 pm
by bla5e
they arent failing.. they both are error free now because i forgot a "

but how do i get both of them to run at 1 time

Posted: Mon Aug 15, 2005 6:10 pm
by feyd
INSERT Syntax wrote:

Code: Select all

INSERT [LOW_PRIORITY | DELAYED | HIGH_PRIORITY] [IGNORE]
    [INTO] tbl_name [(col_name,...)]
    VALUES ({expr | DEFAULT},...),(...),...
    [ ON DUPLICATE KEY UPDATE col_name=expr, ... ]

Or:

INSERT [LOW_PRIORITY | DELAYED | HIGH_PRIORITY] [IGNORE]
    [INTO] tbl_name
    SET col_name={expr | DEFAULT}, ...
    [ ON DUPLICATE KEY UPDATE col_name=expr, ... ]

Or:

INSERT [LOW_PRIORITY | HIGH_PRIORITY] [IGNORE]
    [INTO] tbl_name [(col_name,...)]
    SELECT ...
    [ ON DUPLICATE KEY UPDATE col_name=expr, ... ]
There's no mutliple-table insert.