Page 1 of 1
Mysql query not processing
Posted: Mon Nov 27, 2006 4:56 am
by 4Boredom
Anyone know why this doesnt work? It posts fine with just the info for CommentMESSAGE... once I insert anything else into the code nothing works
My table is set like:
CommentMessage - LongText
CommentLoc- VarChar
CommentTO- Int
CommentFrom- Int
Code: Select all
$CommentMESSAGE = $_POST['CommentMESSAGE'];
$CommentLOC = "User Profile";
$CommentTO = "Test";
$CommentFROM = "Test";
$sql = mysql_query("INSERT INTO `comments`
(`CommentMESSAGE`, `CommentLOC`, `CommentTO`, `CommentFROM`) VALUES
('" . $CommentMESSAGE . ", " . $CommentLOC . ", " . $CommentTO . ", " . $CommentFROM . "')");
Posted: Mon Nov 27, 2006 5:42 am
by TheProgrammer
hmmmm ... probably because you open a ' quoute before the first attached variable $CommentMESSAGE and you close it at the end. You should open close ' before and at the end of every string variable you insert.
Code: Select all
$sql = mysql_query("INSERT INTO `comments`
(`CommentMESSAGE`, `CommentLOC`, `CommentTO`, `CommentFROM`) VALUES
('" . $CommentMESSAGE . ", " . $CommentLOC . ", " . $CommentTO . ", " . $CommentFROM . "')");
Should probably looke like this:
Code: Select all
$sql = mysql_query("INSERT INTO `comments`
(`CommentMESSAGE`, `CommentLOC`, `CommentTO`, `CommentFROM`) VALUES
('" . $CommentMESSAGE . "', '" . $CommentLOC . "', '" . $CommentTO . "', '" . $CommentFROM . "')");
Posted: Mon Nov 27, 2006 5:46 am
by aaronhall
A set of single-quotes (or tildes) needs to enclose each and every value in the VALUES clause. You have a single set of quotes enclosing all of the fields. This will work (and it's a little prettier):
Code: Select all
$sql = mysql_query("INSERT INTO `comments`
(`CommentMESSAGE`, `CommentLOC`, `CommentTO`, `CommentFROM`) VALUES
(`$CommentMESSAGE`, `$CommentLOC`, `$CommentTO`, `$CommentFROM`)");
Posted: Mon Nov 27, 2006 6:03 am
by aaronhall
Also, make sure to use
mysql_real_escape_string() on any user input ($_GET, $_POST, $_COOKIE and $_REQUEST variables) before inserting it into a query to prevent SQL injection attacks.
Posted: Mon Nov 27, 2006 8:29 pm
by 4Boredom
I fixed that but it still didnt solve the problem.... could it be something in the SQL database?
Posted: Mon Nov 27, 2006 8:36 pm
by volka
Maybe. And maybe the database server wants to tell you something via mysql_error()
Code: Select all
$CommentMESSAGE = $_POST['CommentMESSAGE'];
$CommentLOC = "User Profile";
$CommentTO = "Test";
$CommentFROM = "Test";
$query = "INSERT INTO
`comments`
(`CommentMESSAGE`, `CommentLOC`, `CommentTO`, `CommentFROM`)
VALUES
('$CommentMESSAGE','$CommentLOC','$CommentTO','$CommentFROM')";
echo "<div>Debug: ", htmlentities($query), "</div>\n"; flush();
$sql = mysql_query($query) or die(mysql_error());
Posted: Mon Nov 27, 2006 8:52 pm
by 4Boredom
fixed
Posted: Mon Nov 27, 2006 8:57 pm
by aaronhall
As a courtesy to anyone who might be referencing this thread in the future, let us know what you did to fix it.
Posted: Tue Dec 05, 2006 3:41 pm
by 4Boredom
The single quotes was the issue I believe