Page 1 of 1

"Query is empty"

Posted: Wed Nov 02, 2005 8:44 pm
by joetheeskimo5
I used PHP to send the following query.

It checks to see if the submission type is a link or download, then does the according query.

Code: Select all

// db connection
$connection = mysql_connect("localhost", "username", "pass") or die(mysql_error());
$db = mysql_select_db("dbname", $connection) or die(mysql_error());

// is it a link?
if (($_POST['type'] == "link")) {
$sql = "INSERT INTO links ('url', 'description', 'category') VALUES ('$_POST[url]', '$_POST[description]', '$_POST[category]')";

// or is it a download?
} else if (($_POST['type'] == "download")) {
$sql = "INSERT INTO downloads ('title', 'url', 'description', 'category') VALUES ('$_POST[title]', '$_POST[url]', '$_POST[description]', '$_POST[category]')";
}

// send the query.
$result = mysql_query($sql, $connection) or die(mysql_error());
I checked to see if it's a problem with the form information; it's not - the form sent its info correctly.

What's wrong with my query?

Thanks in advance.

Posted: Wed Nov 02, 2005 8:59 pm
by John Cartwright

Code: Select all

$sql = "INSERT INTO downloads ('title', 'url', 'description', 'category') VALUES ('$_POST[title]', '$_POST[url]', '$_POST[description]', '$_POST[category]')";
to

Code: Select all

$sql = 'INSERT INTO downloads (\'title\', \'url\', \'description\', \'category\') VALUES (\''.$_POST['title'].'\', \''.$_POST['url'].'\', \''.$_POST['description'].'\', \''.$_POST['category'].'\')';
or

Code: Select all

$sql = "INSERT INTO downloads ('title', 'url', 'description', 'category') VALUES ('{$_POST['title']}', '{$_POST['url]'}', '{$_POST['description']}', '{$_POST['category']}')";
and quote your array indices.. eg $_POST[title] -> $_POST['title']

Posted: Wed Nov 02, 2005 9:03 pm
by feyd
other than you have the potential to not actually create $sql, I don't see anything else jumping out at me..

Posted: Thu Nov 03, 2005 3:32 am
by Chris Corbyn
feyd wrote:other than you have the potential to not actually create $sql, I don't see anything else jumping out at me..
mysql_real_escape_string() ;)

Your text-based input may include characters which will break your query.

Posted: Thu Nov 03, 2005 3:53 pm
by joetheeskimo5
Jcart wrote:

Code: Select all

$sql = "INSERT INTO downloads ('title', 'url', 'description', 'category') VALUES ('$_POST[title]', '$_POST[url]', '$_POST[description]', '$_POST[category]')";
to

Code: Select all

$sql = 'INSERT INTO downloads (\'title\', \'url\', \'description\', \'category\') VALUES (\''.$_POST['title'].'\', \''.$_POST['url'].'\', \''.$_POST['description'].'\', \''.$_POST['category'].'\')';
I did so, and it still said "query is empty".
Jcart wrote:
or

Code: Select all

$sql = "INSERT INTO downloads ('title', 'url', 'description', 'category') VALUES ('{$_POST['title']}', '{$_POST['url']}', '{$_POST['description']}', '{$_POST['category']}')";
and quote your array indices.. eg $_POST[title] -> $_POST['title']
I did this as well, and it gave me an error...

Parse error: parse error, unexpected T_STRING in /home/eskimoc/public_html/keclan/processsubmission.php on line 208
d11wtq wrote:
feyd wrote:other than you have the potential to not actually create $sql, I don't see anything else jumping out at me..
mysql_real_escape_string() ;)

Your text-based input may include characters which will break your query.
I used that function, and MySQL still insists my query was empty. *kicks mySQL*

Any other ideas? :(

Posted: Thu Nov 03, 2005 4:05 pm
by Charles256
assing your posts to variables..i.e.

Code: Select all

$title=$_POST['title'];
and then in your insert just go..

Code: Select all

"VALUES ('$title','$others');"

Posted: Thu Nov 03, 2005 4:21 pm
by joetheeskimo5
Wow.

Sorry about that; I ended up figuring it out by echoing $type. It turns out that in the form, (another file), I had acidentally assigned $type to the wrong value. In any case, it was no problem you guys could spot.

Thanks anyway :oops: