Page 2 of 2

Re: Problem in Insert Into Code

Posted: Thu Jan 17, 2008 6:15 am
by subho
Most Welcome.

RegId int(10) No auto_increment
img_id mediumint(10) Yes 0
ScrapId int(10) Yes 0
Name varchar(50) utf8_general_ci No
Address varchar(100) utf8_general_ci No
City varchar(50) utf8_general_ci No
Pcode varchar(10) utf8_general_ci No
State varchar(50) utf8_general_ci No
Country varchar(50) utf8_general_ci No
Cperson varchar(50) utf8_general_ci No
Desig varchar(30) utf8_general_ci Yes NULL
Ophone varchar(50) utf8_general_ci Yes NULL
Rphone varchar(50) utf8_general_ci No
Mobile varchar(30) utf8_general_ci Yes NULL
Fax varchar(30) utf8_general_ci Yes NULL
Email varchar(50) utf8_general_ci No
Website varchar(100) utf8_general_ci Yes NULL
Categ varchar(50) utf8_general_ci No
AbServ mediumtext utf8_general_ci No
Utype varchar(20) utf8_general_ci No
Rtype varchar(5) utf8_general_ci No
Uid varchar(10) utf8_general_ci Yes NULL
Pwd varchar(10) utf8_general_ci Yes NULL
Rmks mediumtext utf8_general_ci Yes NULL

Pl reply asap

thanks & regards
Subho

Re: Problem in Insert Into Code

Posted: Thu Jan 17, 2008 9:55 am
by jimthunderbird
I have no clue now also...I guess the problem is something else.

Here's some questions:
1. Could you provide some sample data you are trying to insert? Some fake data is fine.
2. Did you actually connect to the database?

Also, this might not be important, in your code, change mysql_numrows to mysql_num_rows since the former function is deprecated.

Re: Problem in Insert Into Code

Posted: Thu Jan 17, 2008 2:07 pm
by Jade
try putting this after your query, it will tell you what's wrong with it and may help us figure out what's going wrong:

Code: Select all

mysql_query($query) //your regular query in here
or die ('cannot complete query ' . mysql_error());
 
The mysql_error() function will let you know why mysql is rejecting the insert. It may be beacuse of a missing ' or a mis-spelled field, or a value you're trying to enter that has apostrophee's in it ' that you haven't added slashes to.

Make sure all of the text values that are being inserted have addslashes($varname) before they're inserted. If someone enters something like Jimmy's Cat into one of the fields mysql cannot process the ' without changing it to Jimmy\'s Cat.

Re: Problem in Insert Into Code

Posted: Fri Jan 18, 2008 12:23 am
by subho
With same code following is the error : -

"cannot complete query Duplicate entry '0-0' for key 3"

Pl let me know the root of the exact problem asap.

I have taken both of your suggestion.

thanks & regards
Subho

Re: Problem in Insert Into Code

Posted: Fri Jan 18, 2008 12:27 am
by jimthunderbird
Ok, things are more clear now, the insert statement I provided is correct, but I think your database table contains some keys other than the primary key, could check it out?

Re: Problem in Insert Into Code

Posted: Fri Jan 18, 2008 12:50 am
by subho
Ok Thanks a lot. Program is working fine right now.

Now if I use addslashes function how to use it ? Is the following way :-

$query = "insert into register set Name = addslashes($Name),
Address = addslashes($Address),
City = addslashes($City),
Pcode = addslashes($Pcode),
State = addslashes($State),
Country = addslashes($Country),
Cperson = addslashes($Cperson),
Desig = addslashes($Desig),
Ophone = addslashes($Ophone),
Rphone = addslashes($Rphone),
Mobile = addslashes($Mobile),
Fax = addslashes($Fax),
Email = addslashes($Email),
Website = addslashes($Website),
Categ = addslashes($Categ),
AbServ = addslashes($AbServ),
Utype = addslashes($Utype),
Rtype = addslashes($Rtype),
Rmks = addslashes($Rmks)
";

Another thing if I want to delete test records is it affecting auto incremented value, whether I miss those ids or those Ids are recreated at the time of new insertion.

Pl get back now.
From onwards now whenever I facing problem I will seeking help.
I want all of ur cooperation.

thanks & regards
Subho

Re: Problem in Insert Into Code

Posted: Fri Jan 18, 2008 1:10 am
by bdlang
Subho> No, that's not valid; addslashes() is a PHP function. Your example statement acts as if it's a MySQL function.

Here's the difference:

Code: Select all

 
$query = 'INSERT INTO sometable ';
$query.= 'SET somecolumn= "'. addslashes($incoming_data) .'"';
 
What I'm doing there is breaking the string and using the PHP function addslashes() to escape the data.

Now, having said that, it's never a good idea to simply use addslashes() without first checking to make certain the magic_quotes is turned on. Otherwise you'll get extra escaping slashes in your data. Furthermore, you should be using mysql_real_escape_string() to escape data headed towards MySQL.

What I like to do in these cases is to check for magic_quotes, then use array_map() to remove all slashes first, e.g.

Code: Select all

 
// incoming data in $_POST
// check for magic_quotes
if ( get_magic_quotes_gpc() ) {
    // if so, strip all slashes
    $_POST= array_map('stripslashes', $_POST);
}
// make sure you have connected to MySQL prior to this!!
foreach( $_POST AS $key => $value ) {
    // creates the variable and escapes at the same time
    // example $_POST['Name'] becomes $Name
    $$key = mysql_real_escape_string($value);
}
 
With a couple of simple constructs and a foreach loop, you can safely escape and reassign all variables in your script. No more line after line of reassignment.