/    Sign up×
Community /Pin to ProfileBookmark

sql syntax query…

Copy linkTweet thisAlerts:
Apr 19.2009

Hi all:
I’m struggling to get this to work in PHP:

[code=php]
$sql = “INSERT INTO data (date, yname, ymail, cpname, ctname, email, ctphone, msg_type, session, session_date, notes)”;
$sql .=”VALUES(NOW(),’$yname’,’$ymail’,’$cpname’,’,’$ctname’,’$email’,’$ctphone’,’$type’,’$session’,’$date’,’$notes’)”;
$result=mysql_query($sql, $cid) or die(mysql_error());
[/code]

I’m just getting – check your syntax.
What am I doing wrong?

to post a comment
PHP

6 Comments(s)

Copy linkTweet thisAlerts:
@AliHurworthauthorApr 19.2009 — I have altered the apostrophe - and now the message just reads the error.
Copy linkTweet thisAlerts:
@MindzaiApr 19.2009 — Try this:

[code=php]
INSERT INTO data (date, yname, ymail, cpname, ctname, email, ctphone, msg_type, session, session_date, notes) VALUES(NOW(),'$yname','$ymail','$cpname','$ctname','$email','$ctphone','$type','$session','$date','$notes')
[/code]

Also it's helpful if you post the error you got.
Copy linkTweet thisAlerts:
@AliHurworthauthorApr 19.2009 — Hi Mindzai - this is how it looks.

the form, on a separate page:
[code=html]<form action="process1.php" method="post" name="data" id="data">
<table width="383" border="0" cellpadding="5" cellspacing="5">
<caption align="top">
<strong>About you</strong>
</caption>
<tr>
<td width="163">Your name</td>
<td width="185"><input name="yname"/></td>
</tr>
<tr>
<td>Your email</td>
<td><input name="ymail" /></td>
</tr>
<tr>
<td>Your phone</td>
<td><input name="yphone" /></td>
</tr>
</table>
<table border="0" cellspacing="5" cellpadding="5">
<caption align="top">
<strong>About the recipient</strong>
</caption>
<tr>
<td width="162">Company name</td>
<td><input name="cpname"/></td>
</tr>
<tr>
<td>Contact name</td>
<td><input name="ctname" length="25" /></td>
</tr>
<tr>
<td>Contact phone</td>
<td><input name="ctphone" /></td>
</tr>
<tr>
<td>Email</td>
<td><input name="email" /></td>
</tr>
</table>
<table border="0" cellspacing="5" cellpadding="5">
<caption align="top">
<strong>About the message</strong>
</caption>
<tr>
<td>Type of message</td>
<td><p>
<label>
<input type="radio" name="RadioGroup1" value="1" id="RadioGroup1_0" />
Few Appts</label>
<br />
<label>
<input type="radio" name="RadioGroup1" value="2" id="RadioGroup1_1" />
Company Recruitment</label>
<br />
</p></td>
</tr>
</table>
<table border="0" cellspacing="5" cellpadding="5">
<caption align="top">
<strong>About the session</strong>
</caption>
<tr>
<td>Session to promote</td>
<td><input name="session" /></td>
</tr>
<tr>
<td>Date of session</td>
<td><input name="date" id="date"><a href="javascript:NewCal('date','ddmmyyyy')"><img src="calendar/cal.gif" width="16" height="16" border="0" alt="Pick a date"></a></td>
</tr>
<tr>
<td><p>Any general notes <br />
<span class="style3"><em>not for message</em></span><em></em></p>
</td>
<td><textarea name="comments" cols="25" rows="5" id="comments"></textarea></td>
</tr>
<tr>
<td><input type="reset" value="reset" /></td>
<td><input type="submit" value="send!" /></td>
</tr>

</table>

</form>[/code]

fairly straightforward.

The php looks like like this:
[code=php]<?php
//details sent from form
$yname=$_POST['yname'];
$ymail=$_POST['ymail'];
$yphone=$_POST['yphone'];
$cpname=$_POST['cpname'];
$ctname=$_POST['ctname'];
$ctphone=$_POST['ctphone'];
$email=$_POST['email'];
$type=$_POST['RadioGroup1'];
$session=$_POST['session'];
$date=$_POST['date'];
$notes=$_POST['notes'];

$to = $email;
$subject = "12 seconds";

//get file according to radio selection
$myFile = "header".$type.".txt";
$fh = fopen($myFile, 'r');
$theData = fread($fh, filesize($myFile));
fclose($fh);


error_reporting(E_ALL);
/*login to mysql*/
require_once 'mysql_login.php';
mysql_select_db("mktg",$cid);

/*create query*/
$sql = "INSERT INTO data (date, yname, ymail, cpname, ctname, email, ctphone, msg_type, session, session_date, notes) VALUES(NOW(),'$yname','$ymail','$cpname','$ctname','$email','$ctphone','$type','$session','$date','$notes')";
$result=mysql_query($sql, $cid) or die(mysql_error());
if (!mysql_query($sql, $cid)) {
echo 'Entered on database';
} else {
echo 'Please contact the help desk!';
}

?>[/code]
including your changes.

three issues come up:

first, my mistake - there are blank fields being added to the database. It does not include the info from the form, although the datetime column is being filled in by php

second, i'm struggling to get mysql to show what the error is

third, why does it enter two lines into mysql?
Copy linkTweet thisAlerts:
@MindzaiApr 20.2009 — 1 - have you checked the values are being correctly received by the processing script? What is the result of the folowing code placed at the top of process1.php

[code=php]
echo '<pre>';
print_r($_POST);
echo '</pre>';
[/code]

  • 2. It isn't showing you an error because there is no error to show. If the data is getting inserted the query is working.


  • 3. Because you are calling the mysql_query() function twice. Replace


    • [code=php]if (!mysql_query($sql, $cid)) {[/code]

    with


    [code=php]if (!$result) {[/code]
    Copy linkTweet thisAlerts:
    @SyCoApr 20.2009 — A couple of general notes on your script.

    When debugging SQL echo the queries to the page (or log or mail them to yourself). Comment out the bit where you run them and copy them into a CLI (command line interface) like putty.exe. You'll see what is going to get run before running it so can carefully look through it to see any potential dangerous errors. You get the error direct from the SQL server as well which might be less cryptic then the one from the PHP function.

    Renaming POST variables for no reason serves no purpose. It just means you don't know where the values came from and may not realize later in a script that the variable contains user inputted values and forget to sanitize correctly. Your statement is currently wide open to SQL injection.

    Any information that comes from any where but your scripts (POST, GET, opens URLs etc) needs to be sanitized and validated. Even radio button and checkboxes. Any and all or your vulnerable to attack.
    Copy linkTweet thisAlerts:
    @AliHurworthauthorApr 20.2009 — Thanks all - will follow up with the completed code, but in the meantime, Mindzai, the mysl_query, very useful.

    SyCo,ta 4 the reminder
    ×

    Success!

    Help @AliHurworth spread the word by sharing this article on Twitter...

    Tweet This
    Sign in
    Forgot password?
    Sign in with TwitchSign in with GithubCreate Account
    about: ({
    version: 0.1.9 BETA 5.15,
    whats_new: community page,
    up_next: more Davinci•003 tasks,
    coming_soon: events calendar,
    social: @webDeveloperHQ
    });

    legal: ({
    terms: of use,
    privacy: policy
    });
    changelog: (
    version: 0.1.9,
    notes: added community page

    version: 0.1.8,
    notes: added Davinci•003

    version: 0.1.7,
    notes: upvote answers to bounties

    version: 0.1.6,
    notes: article editor refresh
    )...
    recent_tips: (
    tipper: @AriseFacilitySolutions09,
    tipped: article
    amount: 1000 SATS,

    tipper: @Yussuf4331,
    tipped: article
    amount: 1000 SATS,

    tipper: @darkwebsites540,
    tipped: article
    amount: 10 SATS,
    )...