Mysql query not processing

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
4Boredom
Forum Contributor
Posts: 176
Joined: Tue Nov 08, 2005 4:29 pm

Mysql query not processing

Post by 4Boredom »

Anyone know why this doesnt work? It posts fine with just the info for CommentMESSAGE... once I insert anything else into the code nothing works

My table is set like:
CommentMessage - LongText
CommentLoc- VarChar
CommentTO- Int
CommentFrom- Int

Code: Select all

$CommentMESSAGE = $_POST['CommentMESSAGE'];
$CommentLOC = "User Profile";
$CommentTO = "Test";
$CommentFROM = "Test";


 $sql = mysql_query("INSERT INTO `comments` 
                (`CommentMESSAGE`, `CommentLOC`, `CommentTO`, `CommentFROM`) VALUES 
                ('" . $CommentMESSAGE . ", " . $CommentLOC . ", " . $CommentTO . ", " . $CommentFROM . "')");
TheProgrammer
Forum Newbie
Posts: 22
Joined: Mon Nov 27, 2006 12:25 am

Post by TheProgrammer »

hmmmm ... probably because you open a ' quoute before the first attached variable $CommentMESSAGE and you close it at the end. You should open close ' before and at the end of every string variable you insert.

Code: Select all

$sql = mysql_query("INSERT INTO `comments`
                (`CommentMESSAGE`, `CommentLOC`, `CommentTO`, `CommentFROM`) VALUES
                ('" . $CommentMESSAGE . ", " . $CommentLOC . ", " . $CommentTO . ", " . $CommentFROM . "')");
Should probably looke like this:

Code: Select all

$sql = mysql_query("INSERT INTO `comments`
                (`CommentMESSAGE`, `CommentLOC`, `CommentTO`, `CommentFROM`) VALUES
                ('" . $CommentMESSAGE . "', '" . $CommentLOC . "', '" . $CommentTO . "', '" . $CommentFROM . "')");
User avatar
aaronhall
DevNet Resident
Posts: 1040
Joined: Tue Aug 13, 2002 5:10 pm
Location: Back in Phoenix, missing the microbrews
Contact:

Post by aaronhall »

A set of single-quotes (or tildes) needs to enclose each and every value in the VALUES clause. You have a single set of quotes enclosing all of the fields. This will work (and it's a little prettier):

Code: Select all

$sql = mysql_query("INSERT INTO `comments`
                (`CommentMESSAGE`, `CommentLOC`, `CommentTO`, `CommentFROM`) VALUES
                (`$CommentMESSAGE`, `$CommentLOC`, `$CommentTO`, `$CommentFROM`)");
User avatar
aaronhall
DevNet Resident
Posts: 1040
Joined: Tue Aug 13, 2002 5:10 pm
Location: Back in Phoenix, missing the microbrews
Contact:

Post by aaronhall »

Also, make sure to use mysql_real_escape_string() on any user input ($_GET, $_POST, $_COOKIE and $_REQUEST variables) before inserting it into a query to prevent SQL injection attacks.
4Boredom
Forum Contributor
Posts: 176
Joined: Tue Nov 08, 2005 4:29 pm

Post by 4Boredom »

I fixed that but it still didnt solve the problem.... could it be something in the SQL database?
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

Maybe. And maybe the database server wants to tell you something via mysql_error()

Code: Select all

$CommentMESSAGE = $_POST['CommentMESSAGE'];
$CommentLOC = "User Profile";
$CommentTO = "Test";
$CommentFROM = "Test";


$query = "INSERT INTO
		`comments`
		(`CommentMESSAGE`, `CommentLOC`, `CommentTO`, `CommentFROM`)
	VALUES
		('$CommentMESSAGE','$CommentLOC','$CommentTO','$CommentFROM')";

echo "<div>Debug: ", htmlentities($query), "</div>\n"; flush();
$sql = mysql_query($query) or die(mysql_error());
4Boredom
Forum Contributor
Posts: 176
Joined: Tue Nov 08, 2005 4:29 pm

Post by 4Boredom »

fixed
User avatar
aaronhall
DevNet Resident
Posts: 1040
Joined: Tue Aug 13, 2002 5:10 pm
Location: Back in Phoenix, missing the microbrews
Contact:

Post by aaronhall »

As a courtesy to anyone who might be referencing this thread in the future, let us know what you did to fix it.
4Boredom
Forum Contributor
Posts: 176
Joined: Tue Nov 08, 2005 4:29 pm

Post by 4Boredom »

The single quotes was the issue I believe
Post Reply