Noob PHP Help
Moderator: General Moderators
Noob PHP Help
The database: ITEM; table: SELL
title (primary)
desc //description
name
email
image //not used
price //not used
This is my code to insert values into the db:
mysql_select_db("ITEM", $con);
mysql_query("INSERT INTO SELL (title, desc, name, email)
VALUES ('title', 'desc', 'name', 'email')");
Now, 'title' is an input field, with <input name="title ..>, is this the correct way to do this? Also 'desc' is a textarea, where <textarea name="desc" ..> is the the correct way to do this?
I also want to have this code run when a submit button is pressed, along with the mysql_connect, ect.
Please Help
Foxy
title (primary)
desc //description
name
image //not used
price //not used
This is my code to insert values into the db:
mysql_select_db("ITEM", $con);
mysql_query("INSERT INTO SELL (title, desc, name, email)
VALUES ('title', 'desc', 'name', 'email')");
Now, 'title' is an input field, with <input name="title ..>, is this the correct way to do this? Also 'desc' is a textarea, where <textarea name="desc" ..> is the the correct way to do this?
I also want to have this code run when a submit button is pressed, along with the mysql_connect, ect.
Please Help
Foxy
Re: Noob PHP Help
I have now changed this code:
VALUES ('$_POST[title]', '$_POST[desc]', '$_POST[name]', '$_POST[email]')");
but I cannot test it because I need to know how to run a block of code on a button press.
VALUES ('$_POST[title]', '$_POST[desc]', '$_POST[name]', '$_POST[email]')");
but I cannot test it because I need to know how to run a block of code on a button press.
Re: Noob PHP Help
I have gotten it to work, but I am now getting errors when I try to insert into a table. This is my code:
<?php
$con = mysql_connect("localhost", "yourcol1_default", "default");
if(!$con)
{
die('Cannot connect: ' .mysql_error());
}
mysql_select_db("yourcol1_ITEM", $con);
$sql = ("INSERT INTO SELL (title, desc, name, email)
VALUES ('$_POST[title]','$_POST[desc]','$_POST[name]','$_POST[email]')");
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "1 record added";
mysql_close($con);
?>
And I get this error:
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'desc,name,email) VALUES ('x','x','x','x')' at line 1
And the html code:
<form method="post" action="tmp.php">
Title:<input type="text" name="title" maxlength="50" size="50"/>
Description:<input type="text" name="desc" maxlength="100" size="50" />
Name:<input type="text" name="name" maxlength="50" size="50" />
Email:<input type="text" name="email" maxlength="70" size="50" />
<p align="center"> </p>
<p align="center">
<input type="submit" name="sell_submit" id="sell_submit" value="Next ->" />
</p>
</form>
I don't know what I am doing wrong, everything looks right.
<?php
$con = mysql_connect("localhost", "yourcol1_default", "default");
if(!$con)
{
die('Cannot connect: ' .mysql_error());
}
mysql_select_db("yourcol1_ITEM", $con);
$sql = ("INSERT INTO SELL (title, desc, name, email)
VALUES ('$_POST[title]','$_POST[desc]','$_POST[name]','$_POST[email]')");
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "1 record added";
mysql_close($con);
?>
And I get this error:
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'desc,name,email) VALUES ('x','x','x','x')' at line 1
And the html code:
<form method="post" action="tmp.php">
Title:<input type="text" name="title" maxlength="50" size="50"/>
Description:<input type="text" name="desc" maxlength="100" size="50" />
Name:<input type="text" name="name" maxlength="50" size="50" />
Email:<input type="text" name="email" maxlength="70" size="50" />
<p align="center"> </p>
<p align="center">
<input type="submit" name="sell_submit" id="sell_submit" value="Next ->" />
</p>
</form>
I don't know what I am doing wrong, everything looks right.
Re: Noob PHP Help
Change this line: to this
I don't see any syntax error in what you posted, but possibly you copied something wrong. Printing out the exact SQL statement when there's an error will often save you a lot of time debugging.
Code: Select all
die('Error: ' . mysql_error());Code: Select all
die(mysql_error()."<br>$sql");Re: Noob PHP Help
I am still getting the same error, and with the new code it says:
INSERT INTO SELL (title, desc, name, email) VALUES ('x','x','x','x')
Which is right, and I try to the same query with phpmyadmin and I get the same errors, I think the problem resides in my database. Attached is a picture of my database in phpmyadmin.
Please help
Foxyy
INSERT INTO SELL (title, desc, name, email) VALUES ('x','x','x','x')
Which is right, and I try to the same query with phpmyadmin and I get the same errors, I think the problem resides in my database. Attached is a picture of my database in phpmyadmin.
Please help
Foxyy
- Attachments
-
- db.jpg (74.28 KiB) Viewed 154 times
Re: Noob PHP Help
Would you please show your exact SQL statement? The error you are receiving says that it is a syntax error, so that's the place to start.
Probably not a factor in this problem, but your use of TEXT data type for such fields is highly questionable. That data type is intended for storing extremely large text strings in a field. Ordinarily, anything that's not going to be longer than 255 characters should be a VARCHAR(n) data type. Also, you don't have a primary key designated, which is also not recommended.
Probably not a factor in this problem, but your use of TEXT data type for such fields is highly questionable. That data type is intended for storing extremely large text strings in a field. Ordinarily, anything that's not going to be longer than 255 characters should be a VARCHAR(n) data type. Also, you don't have a primary key designated, which is also not recommended.
Re: Noob PHP Help
This is it:
INSERT INTO SELL (title, desc, name, email) VALUES ('x','x','x','x')
Im not sure what else you want. Also I have messed around with the types and made them VARCHAR but it didn't solve the problem.
INSERT INTO SELL (title, desc, name, email) VALUES ('x','x','x','x')
Im not sure what else you want. Also I have messed around with the types and made them VARCHAR but it didn't solve the problem.
- JAB Creations
- DevNet Resident
- Posts: 2341
- Joined: Thu Jan 13, 2005 6:44 pm
- Location: Sarasota Florida
- Contact:
Re: Noob PHP Help
Since you're using phpMyAdmin why not do a manual INSERT?
Then compare the MySQL statement phpMyAdmin gives you compared to the one you're using.
Granted I think the MySQL statements phpMyAdmin generates have some unnecessary/excessive code but removing other people's code and getting a minimum test case will help you zero in on how you should write/fix the query you're having trouble with.
Then compare the MySQL statement phpMyAdmin gives you compared to the one you're using.
Granted I think the MySQL statements phpMyAdmin generates have some unnecessary/excessive code but removing other people's code and getting a minimum test case will help you zero in on how you should write/fix the query you're having trouble with.
Re: Noob PHP Help
Code: Select all
$sql = ("INSERT INTO SELL (`title`, `desc`, `name`, `email`)
VALUES ('$_POST[title]','$_POST[desc]','$_POST[name]','$_POST[email]')");
Re: Noob PHP Help
If you read you will see that I did try that in phpmyadmin.Foxy999 wrote:This is it:
INSERT INTO SELL (title, desc, name, email) VALUES ('x','x','x','x')
Im not sure what else you want. Also I have messed around with the types and made them VARCHAR but it didn't solve the problem.
Re: Noob PHP Help
php_east wrote:Code: Select all
$sql = ("INSERT INTO SELL (`title`, `desc`, `name`, `email`) VALUES ('$_POST[title]','$_POST[desc]','$_POST[name]','$_POST[email]')");
Thank you so much!
- JAB Creations
- DevNet Resident
- Posts: 2341
- Joined: Thu Jan 13, 2005 6:44 pm
- Location: Sarasota Florida
- Contact:
Re: Noob PHP Help
WHOA HOLD ON THERE!
DO NOT DIRECTLY PUT $_POST or any other user generated data directly in to the database!
That leaves you open to SQL injection attacks!
DO NOT DIRECTLY PUT $_POST or any other user generated data directly in to the database!
That leaves you open to SQL injection attacks!
Code: Select all
<?php
$title = mysql_real_escape_string($_POST[title]);
$desc = mysql_real_escape_string($_POST[desc]);
$name = mysql_real_escape_string($_POST[name]);
$email = mysql_real_escape_string($_POST[email])
$sql = ("INSERT INTO SELL (title, desc, name, email) VALUES ('$title','$desc','$name','$email')");
?>