PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Moderator: General Moderators
4Boredom
Forum Contributor
Posts: 176 Joined: Tue Nov 08, 2005 4:29 pm
Post
by 4Boredom » Mon Nov 27, 2006 4:56 am
Anyone know why this doesnt work? It posts fine with just the info for CommentMESSAGE... once I insert anything else into the code nothing works
My table is set like:
CommentMessage - LongText
CommentLoc- VarChar
CommentTO- Int
CommentFrom- Int
Code: Select all
$CommentMESSAGE = $_POST['CommentMESSAGE'];
$CommentLOC = "User Profile";
$CommentTO = "Test";
$CommentFROM = "Test";
$sql = mysql_query("INSERT INTO `comments`
(`CommentMESSAGE`, `CommentLOC`, `CommentTO`, `CommentFROM`) VALUES
('" . $CommentMESSAGE . ", " . $CommentLOC . ", " . $CommentTO . ", " . $CommentFROM . "')");
TheProgrammer
Forum Newbie
Posts: 22 Joined: Mon Nov 27, 2006 12:25 am
Post
by TheProgrammer » Mon Nov 27, 2006 5:42 am
hmmmm ... probably because you open a ' quoute before the first attached variable $CommentMESSAGE and you close it at the end. You should open close ' before and at the end of every string variable you insert.
Code: Select all
$sql = mysql_query("INSERT INTO `comments`
(`CommentMESSAGE`, `CommentLOC`, `CommentTO`, `CommentFROM`) VALUES
('" . $CommentMESSAGE . ", " . $CommentLOC . ", " . $CommentTO . ", " . $CommentFROM . "')");
Should probably looke like this:
Code: Select all
$sql = mysql_query("INSERT INTO `comments`
(`CommentMESSAGE`, `CommentLOC`, `CommentTO`, `CommentFROM`) VALUES
('" . $CommentMESSAGE . "', '" . $CommentLOC . "', '" . $CommentTO . "', '" . $CommentFROM . "')");
aaronhall
DevNet Resident
Posts: 1040 Joined: Tue Aug 13, 2002 5:10 pm
Location: Back in Phoenix, missing the microbrews
Contact:
Post
by aaronhall » Mon Nov 27, 2006 5:46 am
A set of single-quotes (or tildes) needs to enclose each and every value in the VALUES clause. You have a single set of quotes enclosing all of the fields. This will work (and it's a little prettier):
Code: Select all
$sql = mysql_query("INSERT INTO `comments`
(`CommentMESSAGE`, `CommentLOC`, `CommentTO`, `CommentFROM`) VALUES
(`$CommentMESSAGE`, `$CommentLOC`, `$CommentTO`, `$CommentFROM`)");
aaronhall
DevNet Resident
Posts: 1040 Joined: Tue Aug 13, 2002 5:10 pm
Location: Back in Phoenix, missing the microbrews
Contact:
Post
by aaronhall » Mon Nov 27, 2006 6:03 am
Also, make sure to use
mysql_real_escape_string() on any user input ($_GET, $_POST, $_COOKIE and $_REQUEST variables) before inserting it into a query to prevent SQL injection attacks.
4Boredom
Forum Contributor
Posts: 176 Joined: Tue Nov 08, 2005 4:29 pm
Post
by 4Boredom » Mon Nov 27, 2006 8:29 pm
I fixed that but it still didnt solve the problem.... could it be something in the SQL database?
volka
DevNet Evangelist
Posts: 8391 Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger
Post
by volka » Mon Nov 27, 2006 8:36 pm
Maybe. And maybe the database server wants to tell you something via mysql_error()
Code: Select all
$CommentMESSAGE = $_POST['CommentMESSAGE'];
$CommentLOC = "User Profile";
$CommentTO = "Test";
$CommentFROM = "Test";
$query = "INSERT INTO
`comments`
(`CommentMESSAGE`, `CommentLOC`, `CommentTO`, `CommentFROM`)
VALUES
('$CommentMESSAGE','$CommentLOC','$CommentTO','$CommentFROM')";
echo "<div>Debug: ", htmlentities($query), "</div>\n"; flush();
$sql = mysql_query($query) or die(mysql_error());
4Boredom
Forum Contributor
Posts: 176 Joined: Tue Nov 08, 2005 4:29 pm
Post
by 4Boredom » Mon Nov 27, 2006 8:52 pm
fixed
aaronhall
DevNet Resident
Posts: 1040 Joined: Tue Aug 13, 2002 5:10 pm
Location: Back in Phoenix, missing the microbrews
Contact:
Post
by aaronhall » Mon Nov 27, 2006 8:57 pm
As a courtesy to anyone who might be referencing this thread in the future, let us know what you did to fix it.
4Boredom
Forum Contributor
Posts: 176 Joined: Tue Nov 08, 2005 4:29 pm
Post
by 4Boredom » Tue Dec 05, 2006 3:41 pm
The single quotes was the issue I believe