FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


What is wrong with this ????





stagga
I keep receiving different types of errors... can someone tell me the problem in this php script?
Code:

<?php
$con = mysql_connect("localhost","root","");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("pharma", $con);

$sql="INSERT INTO info (initial, name, pname, phone, country, email, fax, comment)
VALUES
('$_POST[ddGender]','$_POST[txtContactPerson]','$_POST[txtprodtName]','$_POST[txtPhNo]','$_POST[Country]'),'$_POST

[txtEmail]','$_POST[txtFax]','$_POST[txtRemark]'";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
echo "1 record added";

mysql_close($con);
?>
jmraker
Quote:

Code:

<?php
..

$sql="INSERT INTO info (initial, name, pname, phone, country, email, fax, comment)
VALUES
('$_POST[ddGender]','$_POST[txtContactPerson]','$_POST[txtprodtName]','$_POST[txtPhNo]','$_POST[Country]'),'$_POST[txtEmail]','$_POST[txtFax]','$_POST[txtRemark]'";

?>


What are the error messages that you are getting when the code is executed?

It's possible you can't use an associative array inside a string without escaping it with curly quotes.

Code:
"('{$_POST[ddGender]}',..."
or
"('${_POST[ddGender]}',..."


Complex (curly) syntax
http://php.net/manual/en/language.types.string.php

Also, since the key seems to be using constants php will generate warning(s) if the constant isn't defined and it tries to use a variable name under the same name. If it isn't defined you can add quotes around the array key like $_POST['ddGender'] or prepend with a dollar sign to use the $ddGender variable.
Marcuzzo
I didn't test it but this should work:
Code:
$sql="
   INSERT INTO info
      (initial, name, pname, phone, country, email, fax, comment)
   VALUES
   (" . $_POST['ddGender'] . ", " . $_POST['txtContactPerson'] . ", " . $_POST['txtprodtName'] . " , " . $_POST['txtPhNo'] . ", " . $_POST['Country'] . ", " . $_POST['txtEmail'] . ", " . $_POST['txtFax'] . ", " . $_POST['txtRemark'] . ");";


here's the thing
1. you had a bracket in the middle of your string:
Code:
'$_POST[Country]'),'$_POST


2. the $_POST variable is an associative array of variables passed to the current script via the HTTP POST method.
you were using $_POST[incorrect] instead of $_POST['correct']

3. cancatenating variables in a quoted string only works with $variables and not with $_POST['somevar']
I've had some problems with this matter in the past and now I just declare variables and use that
example:

$name = $_POST['name'];
$tel = $_POST['tel'] ;

$sql = "insert into contacts ( name, tel ) values ($name, $tel );";


make sense?
Peterssidan
It is possible to access array elements in strings like the OP is doing. I think the only problem was that he put the bracket in the wrong place (Marcuzzo's point 2).

It is not a good idea put the input from the user directly inside the SQL query. To prevent SQL injections you should use mysql_real_escape_string if I remember correctly. If Magic Quotes are turned on you might not need to do this.
sonam
I cannot find out where is bug but my suggestion is don't insert any submitted ($_POST) content directly in MySql. Otherwise you can easy to get some injection and loose all your database.

Sonam
Marcuzzo
Peterssidan wrote:
It is not a good idea put the input from the user directly inside the SQL query. To prevent SQL injections you should use mysql_real_escape_string if I remember correctly. If Magic Quotes are turned on you might not need to do this.


php.net wrote:
Use of this extension is discouraged. Instead, the MySQLi or PDO_MySQL extension should be used. See also MySQL: choosing an API guide and related FAQ for more information. Alternatives to this function include:

mysqli_real_escape_string()
PDO::quote()


so they advise to use mysqli_real_escape_string()


I just think that the error in the code is the bracket, see my point 1 in my previous post
without having the actual error messages it is hard to troubleshoot this issue
Related topics
Ok a little help for a semi-beginner
Optimization is spelled wrong
Wrong number leads to drug arrest
Is the death penalty wrong?
What is wrong with FTP???
Date wrong on pc
Something wrong with signatures
waht is wrong with muslims???
Give me a HOLLA if you are a fervent agnostic!
Make me a riddle-for 50 Frih$ (Closed - winners announced!)
Somethin is wrong with my account
Email from Yahoo! and AOL will be CHARGED
Why scream NOTHING when SOMETHING is obversely wrong????
Are one night stand's wrong?
parking a domain on server 2 using directAdmin
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.