Page 2 of 2
Posted: Mon Aug 15, 2005 5:22 pm
by feyd
bla5e wrote:Code: Select all
mysql_query("INSERT INTO `members` (id, shortname, fullname, age, car, location, state, body, engine, brag, future) VALUES ('', '".$_POST['shortname']."','".$_POST['fullname']."','".$_POST['age']."','".$_POST['car']."','".$_POST['location']."','".$_POST['state']."', '$body', '$engine', '$brag', '$future') or die(mysql_error()");
uh yeah.....
Code: Select all
mysql_query("INSERT INTO `members` (id, shortname, fullname, age, car, location, state, body, engine, brag, future) VALUES ('', '".$_POST['shortname']."','".$_POST['fullname']."','".$_POST['age']."','".$_POST['car']."','".$_POST['location']."','".$_POST['state']."', '$body', '$engine', '$brag', '$future')") or die(mysql_error());
You still haven't posted what one of these failing query strings is... but since you refuse to.. I'll just blurt out what comes naturally: you aren't escaping the $_POST variables you are using, so any garbage in there could potentially screw with the query. You have a really big potential for SQL injection with these lines.
Posted: Mon Aug 15, 2005 6:03 pm
by bla5e
they arent failing.. they both are error free now because i forgot a "
but how do i get both of them to run at 1 time
Posted: Mon Aug 15, 2005 6:10 pm
by feyd
INSERT Syntax wrote:Code: Select all
INSERT [LOW_PRIORITY | DELAYED | HIGH_PRIORITY] [IGNORE]
[INTO] tbl_name [(col_name,...)]
VALUES ({expr | DEFAULT},...),(...),...
[ ON DUPLICATE KEY UPDATE col_name=expr, ... ]
Or:
INSERT [LOW_PRIORITY | DELAYED | HIGH_PRIORITY] [IGNORE]
[INTO] tbl_name
SET col_name={expr | DEFAULT}, ...
[ ON DUPLICATE KEY UPDATE col_name=expr, ... ]
Or:
INSERT [LOW_PRIORITY | HIGH_PRIORITY] [IGNORE]
[INTO] tbl_name [(col_name,...)]
SELECT ...
[ ON DUPLICATE KEY UPDATE col_name=expr, ... ]
There's no mutliple-table insert.