Page 1 of 1

SQL Insert Question

Posted: Tue Jul 20, 2010 2:52 pm
by webphotogeek
I am having a problem with SQL Insert. All of them work, except the last one (highlighted). Is is something with the syntax of the date and time? Do I need to use the mysql_real_escape_string()? Or could it be something else? If anyone has any idea what is going on, please let me know. Thanks.
Code is below:

$gen="INSERT INTO general (ID, fname, lname, address, city, state) VALUES ('$cust_id','$fname','$lname','$address','$city','$state')";
mysql_query($gen) or die('Could not connect to general table: ' . mysql_error());

$pur="INSERT INTO Purchasing (ID, Item, Description, Quantity, Price) VALUES ('$cust_id','$item','$descr','$quantity','$price')";
mysql_query($pur)or die('Could not connect to Purchasing table: ' . mysql_error());

$cre="INSERT INTO Credit (ID, Credit_Card_Number, Expiration, Code) VALUES ('$cust_id','$credit_card_number','$expiration','$code')";
mysql_query($cre)or die('Could not connect to Credit table: ' . mysql_error());

$del="INSERT INTO Delivery (ID, Date, Time, AMPM) VALUES ('$cust_id','$date','$time','$ampm')";
mysql_query($del)or die('Could not connect to Delivery table: ' . mysql_error());

Re: SQL Insert Question

Posted: Tue Jul 20, 2010 2:59 pm
by AbraCadaver
What is the error?

Re: SQL Insert Question

Posted: Tue Jul 20, 2010 3:13 pm
by webphotogeek
No errors show up. I'm guessing the syntax is right and it is opening the table, but I was told I might need to add the mysql_real_escape_string() to prevent injection attacks for Insert. Is that true? And if so, how would I incorporate it into the syntax?

Thanks.

Re: SQL Insert Question

Posted: Tue Jul 20, 2010 3:27 pm
by AbraCadaver
You should run any user submitted data, GET, POST, etc through mysql_real_escape_string() before inserting, but your issue is most likely the time/date format. What is the format in the DB and what is the format in your vars?

Re: SQL Insert Question

Posted: Tue Jul 20, 2010 4:53 pm
by webphotogeek
In the DB, Date is set to date format (YYYY-MM-DD) and Time is set to time format (HH:MM:SS).

Re: SQL Insert Question

Posted: Tue Jul 20, 2010 5:49 pm
by AbraCadaver
webphotogeek wrote:In the DB, Date is set to date format (YYYY-MM-DD) and Time is set to time format (HH:MM:SS).
And the $date and $time vars?