Page 1 of 1
Noob PHP Help
Posted: Sat Mar 21, 2009 1:02 pm
by Foxy999
The database: ITEM; table: SELL
title (primary)
desc //description
name
email
image //not used
price //not used
This is my code to insert values into the db:
mysql_select_db("ITEM", $con);
mysql_query("INSERT INTO SELL (title, desc, name, email)
VALUES ('title', 'desc', 'name', 'email')");
Now, 'title' is an input field, with <input name="title ..>, is this the correct way to do this? Also 'desc' is a textarea, where <textarea name="desc" ..> is the the correct way to do this?
I also want to have this code run when a submit button is pressed, along with the mysql_connect, ect.
Please Help
Foxy
Re: Noob PHP Help
Posted: Sat Mar 21, 2009 1:06 pm
by Foxy999
I have now changed this code:
VALUES ('$_POST[title]', '$_POST[desc]', '$_POST[name]', '$_POST[email]')");
but I cannot test it because I need to know how to run a block of code on a button press.
Re: Noob PHP Help
Posted: Sat Mar 21, 2009 2:15 pm
by califdon
Re: Noob PHP Help
Posted: Sat Mar 21, 2009 2:31 pm
by Foxy999
I have gotten it to work, but I am now getting errors when I try to insert into a table. This is my code:
<?php
$con = mysql_connect("localhost", "yourcol1_default", "default");
if(!$con)
{
die('Cannot connect: ' .mysql_error());
}
mysql_select_db("yourcol1_ITEM", $con);
$sql = ("INSERT INTO SELL (title, desc, name, email)
VALUES ('$_POST[title]','$_POST[desc]','$_POST[name]','$_POST[email]')");
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "1 record added";
mysql_close($con);
?>
And I get this error:
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'desc,name,email) VALUES ('x','x','x','x')' at line 1
And the html code:
<form method="post" action="tmp.php">
Title:<input type="text" name="title" maxlength="50" size="50"/>
Description:<input type="text" name="desc" maxlength="100" size="50" />
Name:<input type="text" name="name" maxlength="50" size="50" />
Email:<input type="text" name="email" maxlength="70" size="50" />
<p align="center"> </p>
<p align="center">
<input type="submit" name="sell_submit" id="sell_submit" value="Next ->" />
</p>
</form>
I don't know what I am doing wrong, everything looks right.
Re: Noob PHP Help
Posted: Sat Mar 21, 2009 3:22 pm
by califdon
Change this line:
to this
I don't see any syntax error in what you posted, but possibly you copied something wrong. Printing out the exact SQL statement when there's an error will often save you a lot of time debugging.
Re: Noob PHP Help
Posted: Sat Mar 21, 2009 3:34 pm
by Foxy999
I am still getting the same error, and with the new code it says:
INSERT INTO SELL (title, desc, name, email) VALUES ('x','x','x','x')
Which is right, and I try to the same query with phpmyadmin and I get the same errors, I think the problem resides in my database. Attached is a picture of my database in phpmyadmin.
Please help
Foxyy
Re: Noob PHP Help
Posted: Sat Mar 21, 2009 6:23 pm
by califdon
Would you please show your exact SQL statement? The error you are receiving says that it is a syntax error, so that's the place to start.
Probably not a factor in this problem, but your use of TEXT data type for such fields is highly questionable. That data type is intended for storing extremely large text strings in a field. Ordinarily, anything that's not going to be longer than 255 characters should be a VARCHAR(n) data type. Also, you don't have a primary key designated, which is also not recommended.
Re: Noob PHP Help
Posted: Sat Mar 21, 2009 11:41 pm
by Foxy999
This is it:
INSERT INTO SELL (title, desc, name, email) VALUES ('x','x','x','x')
Im not sure what else you want. Also I have messed around with the types and made them VARCHAR but it didn't solve the problem.
Re: Noob PHP Help
Posted: Sun Mar 22, 2009 4:03 am
by JAB Creations
Since you're using phpMyAdmin why not do a
manual INSERT?
Then compare the MySQL statement phpMyAdmin gives you compared to the one you're using.
Granted I think the MySQL statements phpMyAdmin generates have some unnecessary/excessive code but removing other people's code and getting a minimum test case will help you zero in on how you should write/fix the query you're having trouble with.

Re: Noob PHP Help
Posted: Sun Mar 22, 2009 4:21 am
by php_east
Code: Select all
$sql = ("INSERT INTO SELL (`title`, `desc`, `name`, `email`)
VALUES ('$_POST[title]','$_POST[desc]','$_POST[name]','$_POST[email]')");
Re: Noob PHP Help
Posted: Sun Mar 22, 2009 10:35 am
by Foxy999
Foxy999 wrote:This is it:
INSERT INTO SELL (title, desc, name, email) VALUES ('x','x','x','x')
Im not sure what else you want. Also I have messed around with the types and made them VARCHAR but it didn't solve the problem.
If you read you will see that I did try that in phpmyadmin.
Re: Noob PHP Help
Posted: Sun Mar 22, 2009 10:40 am
by Foxy999
php_east wrote:Code: Select all
$sql = ("INSERT INTO SELL (`title`, `desc`, `name`, `email`)
VALUES ('$_POST[title]','$_POST[desc]','$_POST[name]','$_POST[email]')");
Thank you so much!
Re: Noob PHP Help
Posted: Mon Mar 23, 2009 4:32 pm
by JAB Creations
WHOA HOLD ON THERE!
DO NOT DIRECTLY PUT $_POST or any other user generated data directly in to the database!
That leaves you open to SQL injection attacks!
Code: Select all
<?php
$title = mysql_real_escape_string($_POST[title]);
$desc = mysql_real_escape_string($_POST[desc]);
$name = mysql_real_escape_string($_POST[name]);
$email = mysql_real_escape_string($_POST[email])
$sql = ("INSERT INTO SELL (title, desc, name, email) VALUES ('$title','$desc','$name','$email')");
?>