Noob PHP Help

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Foxy999
Forum Commoner
Posts: 45
Joined: Sat Mar 21, 2009 11:50 am

Noob PHP Help

Post by Foxy999 »

The database: ITEM; table: SELL
title (primary)
desc //description
name
email
image //not used
price //not used

This is my code to insert values into the db:

mysql_select_db("ITEM", $con);
mysql_query("INSERT INTO SELL (title, desc, name, email)
VALUES ('title', 'desc', 'name', 'email')");

Now, 'title' is an input field, with <input name="title ..>, is this the correct way to do this? Also 'desc' is a textarea, where <textarea name="desc" ..> is the the correct way to do this?

I also want to have this code run when a submit button is pressed, along with the mysql_connect, ect.

Please Help
Foxy
Foxy999
Forum Commoner
Posts: 45
Joined: Sat Mar 21, 2009 11:50 am

Re: Noob PHP Help

Post by Foxy999 »

I have now changed this code:

VALUES ('$_POST[title]', '$_POST[desc]', '$_POST[name]', '$_POST[email]')");

but I cannot test it because I need to know how to run a block of code on a button press.
User avatar
califdon
Jack of Zircons
Posts: 4484
Joined: Thu Nov 09, 2006 8:30 pm
Location: California, USA

Re: Noob PHP Help

Post by califdon »

Foxy999
Forum Commoner
Posts: 45
Joined: Sat Mar 21, 2009 11:50 am

Re: Noob PHP Help

Post by Foxy999 »

I have gotten it to work, but I am now getting errors when I try to insert into a table. This is my code:

<?php
$con = mysql_connect("localhost", "yourcol1_default", "default");
if(!$con)
{
die('Cannot connect: ' .mysql_error());
}

mysql_select_db("yourcol1_ITEM", $con);
$sql = ("INSERT INTO SELL (title, desc, name, email)
VALUES ('$_POST[title]','$_POST[desc]','$_POST[name]','$_POST[email]')");

if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "1 record added";

mysql_close($con);

?>

And I get this error:

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'desc,name,email) VALUES ('x','x','x','x')' at line 1

And the html code:

<form method="post" action="tmp.php">
Title:<input type="text" name="title" maxlength="50" size="50"/>

Description:<input type="text" name="desc" maxlength="100" size="50" />

Name:<input type="text" name="name" maxlength="50" size="50" />

Email:<input type="text" name="email" maxlength="70" size="50" />

<p align="center">&nbsp;</p>
<p align="center">
<input type="submit" name="sell_submit" id="sell_submit" value="Next ->" />
</p>
</form>

I don't know what I am doing wrong, everything looks right.
User avatar
califdon
Jack of Zircons
Posts: 4484
Joined: Thu Nov 09, 2006 8:30 pm
Location: California, USA

Re: Noob PHP Help

Post by califdon »

Change this line:

Code: Select all

die('Error: ' . mysql_error());
to this

Code: Select all

die(mysql_error()."<br>$sql");
I don't see any syntax error in what you posted, but possibly you copied something wrong. Printing out the exact SQL statement when there's an error will often save you a lot of time debugging.
Foxy999
Forum Commoner
Posts: 45
Joined: Sat Mar 21, 2009 11:50 am

Re: Noob PHP Help

Post by Foxy999 »

I am still getting the same error, and with the new code it says:

INSERT INTO SELL (title, desc, name, email) VALUES ('x','x','x','x')

Which is right, and I try to the same query with phpmyadmin and I get the same errors, I think the problem resides in my database. Attached is a picture of my database in phpmyadmin.

Please help


Foxyy
Attachments
db.jpg
db.jpg (74.28 KiB) Viewed 154 times
User avatar
califdon
Jack of Zircons
Posts: 4484
Joined: Thu Nov 09, 2006 8:30 pm
Location: California, USA

Re: Noob PHP Help

Post by califdon »

Would you please show your exact SQL statement? The error you are receiving says that it is a syntax error, so that's the place to start.

Probably not a factor in this problem, but your use of TEXT data type for such fields is highly questionable. That data type is intended for storing extremely large text strings in a field. Ordinarily, anything that's not going to be longer than 255 characters should be a VARCHAR(n) data type. Also, you don't have a primary key designated, which is also not recommended.
Foxy999
Forum Commoner
Posts: 45
Joined: Sat Mar 21, 2009 11:50 am

Re: Noob PHP Help

Post by Foxy999 »

This is it:

INSERT INTO SELL (title, desc, name, email) VALUES ('x','x','x','x')

Im not sure what else you want. Also I have messed around with the types and made them VARCHAR but it didn't solve the problem.
User avatar
JAB Creations
DevNet Resident
Posts: 2341
Joined: Thu Jan 13, 2005 6:44 pm
Location: Sarasota Florida
Contact:

Re: Noob PHP Help

Post by JAB Creations »

Since you're using phpMyAdmin why not do a manual INSERT?

Then compare the MySQL statement phpMyAdmin gives you compared to the one you're using.

Granted I think the MySQL statements phpMyAdmin generates have some unnecessary/excessive code but removing other people's code and getting a minimum test case will help you zero in on how you should write/fix the query you're having trouble with. :)
User avatar
php_east
Forum Contributor
Posts: 453
Joined: Sun Feb 22, 2009 1:31 pm
Location: Far Far East.

Re: Noob PHP Help

Post by php_east »

Code: Select all

$sql = ("INSERT INTO SELL (`title`, `desc`, `name`, `email`)
VALUES ('$_POST[title]','$_POST[desc]','$_POST[name]','$_POST[email]')");
 
Foxy999
Forum Commoner
Posts: 45
Joined: Sat Mar 21, 2009 11:50 am

Re: Noob PHP Help

Post by Foxy999 »

Foxy999 wrote:This is it:

INSERT INTO SELL (title, desc, name, email) VALUES ('x','x','x','x')

Im not sure what else you want. Also I have messed around with the types and made them VARCHAR but it didn't solve the problem.
If you read you will see that I did try that in phpmyadmin.
Foxy999
Forum Commoner
Posts: 45
Joined: Sat Mar 21, 2009 11:50 am

Re: Noob PHP Help

Post by Foxy999 »

php_east wrote:

Code: Select all

$sql = ("INSERT INTO SELL (`title`, `desc`, `name`, `email`)
VALUES ('$_POST[title]','$_POST[desc]','$_POST[name]','$_POST[email]')");
 

Thank you so much!
User avatar
JAB Creations
DevNet Resident
Posts: 2341
Joined: Thu Jan 13, 2005 6:44 pm
Location: Sarasota Florida
Contact:

Re: Noob PHP Help

Post by JAB Creations »

WHOA HOLD ON THERE!

DO NOT DIRECTLY PUT $_POST or any other user generated data directly in to the database!

That leaves you open to SQL injection attacks!

Code: Select all

<?php
$title = mysql_real_escape_string($_POST[title]);
$desc = mysql_real_escape_string($_POST[desc]);
$name = mysql_real_escape_string($_POST[name]);
$email = mysql_real_escape_string($_POST[email])
 
$sql = ("INSERT INTO SELL (title, desc, name, email) VALUES ('$title','$desc','$name','$email')");
?>
Post Reply