Page 1 of 1

Mysql query not processing

Posted: Mon Nov 27, 2006 4:56 am
by 4Boredom
Anyone know why this doesnt work? It posts fine with just the info for CommentMESSAGE... once I insert anything else into the code nothing works

My table is set like:
CommentMessage - LongText
CommentLoc- VarChar
CommentTO- Int
CommentFrom- Int

Code: Select all

$CommentMESSAGE = $_POST['CommentMESSAGE'];
$CommentLOC = "User Profile";
$CommentTO = "Test";
$CommentFROM = "Test";


 $sql = mysql_query("INSERT INTO `comments` 
                (`CommentMESSAGE`, `CommentLOC`, `CommentTO`, `CommentFROM`) VALUES 
                ('" . $CommentMESSAGE . ", " . $CommentLOC . ", " . $CommentTO . ", " . $CommentFROM . "')");

Posted: Mon Nov 27, 2006 5:42 am
by TheProgrammer
hmmmm ... probably because you open a ' quoute before the first attached variable $CommentMESSAGE and you close it at the end. You should open close ' before and at the end of every string variable you insert.

Code: Select all

$sql = mysql_query("INSERT INTO `comments`
                (`CommentMESSAGE`, `CommentLOC`, `CommentTO`, `CommentFROM`) VALUES
                ('" . $CommentMESSAGE . ", " . $CommentLOC . ", " . $CommentTO . ", " . $CommentFROM . "')");
Should probably looke like this:

Code: Select all

$sql = mysql_query("INSERT INTO `comments`
                (`CommentMESSAGE`, `CommentLOC`, `CommentTO`, `CommentFROM`) VALUES
                ('" . $CommentMESSAGE . "', '" . $CommentLOC . "', '" . $CommentTO . "', '" . $CommentFROM . "')");

Posted: Mon Nov 27, 2006 5:46 am
by aaronhall
A set of single-quotes (or tildes) needs to enclose each and every value in the VALUES clause. You have a single set of quotes enclosing all of the fields. This will work (and it's a little prettier):

Code: Select all

$sql = mysql_query("INSERT INTO `comments`
                (`CommentMESSAGE`, `CommentLOC`, `CommentTO`, `CommentFROM`) VALUES
                (`$CommentMESSAGE`, `$CommentLOC`, `$CommentTO`, `$CommentFROM`)");

Posted: Mon Nov 27, 2006 6:03 am
by aaronhall
Also, make sure to use mysql_real_escape_string() on any user input ($_GET, $_POST, $_COOKIE and $_REQUEST variables) before inserting it into a query to prevent SQL injection attacks.

Posted: Mon Nov 27, 2006 8:29 pm
by 4Boredom
I fixed that but it still didnt solve the problem.... could it be something in the SQL database?

Posted: Mon Nov 27, 2006 8:36 pm
by volka
Maybe. And maybe the database server wants to tell you something via mysql_error()

Code: Select all

$CommentMESSAGE = $_POST['CommentMESSAGE'];
$CommentLOC = "User Profile";
$CommentTO = "Test";
$CommentFROM = "Test";


$query = "INSERT INTO
		`comments`
		(`CommentMESSAGE`, `CommentLOC`, `CommentTO`, `CommentFROM`)
	VALUES
		('$CommentMESSAGE','$CommentLOC','$CommentTO','$CommentFROM')";

echo "<div>Debug: ", htmlentities($query), "</div>\n"; flush();
$sql = mysql_query($query) or die(mysql_error());

Posted: Mon Nov 27, 2006 8:52 pm
by 4Boredom
fixed

Posted: Mon Nov 27, 2006 8:57 pm
by aaronhall
As a courtesy to anyone who might be referencing this thread in the future, let us know what you did to fix it.

Posted: Tue Dec 05, 2006 3:41 pm
by 4Boredom
The single quotes was the issue I believe