Menu
Community /Pin to ProfileBookmark
@NogDogOct 17.2016 — #I suspect it's this line:
You need to make the VALUES arguments two separate strings:
@NogDogOct 17.2016 — #PS: I'd like to see you do some sanitizing of the form inputs before using them in the DB queries (or use prepared statements with bound parameters if using PDO or MySQLi extensions), in order to prevent SQL injection attacks/errors.
https://xkcd.com/327/
Error:Column count doesn’t match value count at row 1
I get this error when submit form in my website:
Column count doesn’t match value count at row 1
Code:
[code=php]
<?php
require_once BASE_DIR . ‘/cp/inc/base.php’;
$page[title] = $str_lang[19];
$page[icon] = ‘setting’;
$active_tab = 5;
$page[url] = $base_url . ‘?mode=account-types’;
$page[add_new_link] = “<a href=’$page[url]&action=add’ class=’add-new’>Add New Account Type</a>”;
require_once ‘header.inc.php’;
if ($current_user[permission]{5})
{
$action = $_REQUEST[‘action’];
$do = $_REQUEST[‘do’];
if ($do == ‘add’)
{
$fld = request_to_fields($_REQUEST);
$doit = $db->query(“INSERT INTO SystemAccounts(accountName,field1) VALUES(‘$fld[accountName],$fld[field1]’)”);
if ($doit)
echo “<div class=’alert’>New account type added to the system.</div>”;
else
{
echo “<div class=’alert err’>”.mysql_error().”</div>”;
$action = ‘add’;
}
}
elseif ($do == ‘delete’)
{
$id = Tools::gat_safe_input($_REQUEST[‘id’]);
$count = $db->record_count(‘MemberAccounts’, ‘Count(*)’, ” WHERE accID = ‘$id'”);
if ($count > 0)
echo “<div class=’alert err’>You cannot delete this account.</div>”;
else
{
$doit = $db->query(“DELETE FROM SystemAccounts WHERE id = ‘$id'”);
if ($doit == ‘success’)
echo “<div class=’alert’>Account Type deleted.</div>”;
else
echo “<div class=’alert err’>”.mysql_error().”</div>”;
}
}
elseif ($do == ‘edit’)
{
$fld = request_to_fields($_REQUEST);
$doit = $db->query(“UPDATE SystemAccounts SET accountName =’$fld[accountName]’ , field1 =’$fld[field1]’ WHERE id = ‘” . Tools::gat_safe_input($_REQUEST[‘id’]) . “‘”);
if ($doit)
echo “<div class=’alert’>Account Type updated.</div>”;
else
{
echo “<div class=’alert err’>”.mysql_error().”</div>”;
$action = ‘edit’;
}
}
if (!$action || $action == ‘list’)
{
$qListContentCount = $db->record_count(‘SystemAccounts’, ‘Count(*)’);
if ($qListContentCount)
{
$qListContent = $db->query(“SELECT * FROM SystemAccounts ORDER BY `id` DESC”);
?>
<table border=’0′ width=’100%’ cellpadding=’0′ cellspacing=’0′ class=’tbl-list’>
<thead>
<tr>
<th class=’thrc’> </th>
<th class=’thmc’>Title</th>
<th class=’thmc’> </th>
<th class=’thlc’> </th>
</tr>
</thead>
<tfoot>
<tr>
<th class=’tfrc’> </th>
<th class=’tfmc’> </th>
<th class=’tfmc’> </th>
<th class=’tflc’> </th>
</tr>
</tfoot>
<tbody>
<?php
while ($cn = mysql_fetch_array($qListContent))
{
echo ”
<tr>
<td class=’trrc’> </td>
<td class=’trmc trmcb’>
<a href=’$page[url]&action=edit&id=$cn[id]’>$cn[accountName]</a>
<div class=’controlList’>
<div class=’controlLinks’>
<a href=’$page[url]&action=edit&id=$cn[id]’>$str_lang[28]</a>
“.(($cn[id] > 1) ? ” | <a href=’$page[url]&do=delete&id=$cn[id]’ onclick=”return deleteConfirm(‘$str_lang[30]’);” class=’dellink’>$str_lang[29]</a>” : ”).”
</div>
</div>
</td>
<td class=’trmc trmca’></td>
<td class=’trlc’> </td>
</tr>
“;
}
?>
</tbody>
</table>
<?php
}
else
echo Tools::sendError($str_lang[31]);
}
elseif ($action == ‘add’ || $action == ‘edit’)
{
$id = Tools::gat_safe_input($_REQUEST[id]);
if ($action == ‘edit’ && !$do)
{
$fld = $db->record(‘SystemAccounts’, $id);
}
?>
<form action='<?php echo $page[url];?>’ method=’post’>
<div>
<?php if ($action == ‘add’): ?>
<input type=’hidden’ name=’do’ value=’add’ />
<?php elseif ($action == ‘edit’): ?>
<input type=’hidden’ name=’do’ value=’edit’ />
<input type=’hidden’ name=’id’ value='<?php echo $fld[id]; ?>’ />
<?php endif; ?>
</div>
<table border=’0′ width=’750′>
<tr>
<td class=’t-label’><label for=’fld_accountName’>Broker Name</label></td>
<td class=’t-inp’><input type=’text’ name=’fld_accountName’ size=’40’ class=’inp_text’ id=’fld_name’ value='<?php echo $fld[accountName]; ?>’ /></td>
<td class=’t-label’><label for=’fld_field1′>rebate rate</label></td>
<td class=’t-inp’><input type=’text’ name=’fld_field1′ size=’10’ class=’inp_text’ id=’fld_field1′ value='<?php echo $fld[field1]; ?>’ /></td>
</tr>
</table>
<div class=’controls’>
<input type=’submit’ class=’inp_submit’ value='<?php echo (($action == ‘add’) ? ‘Add New Account Type’ : ‘Update’); ?>’ />
<input type=’button’ class=’inp_submit’ value=’Cancel’ onclick=”window.location='<?php echo $page[url];?>’;” />
</div>
</form>
<?php
}
}
else
Tools::sendError($str_lang[26]);
require_once ‘footer.inc.php’;
?>
Sign in
to post a comment2 Comments(s) ↴
0
@NogDogOct 17.2016 — #I suspect it's this line:[code=php]
$doit = $db->query("INSERT INTO SystemAccounts(accountName,field1) VALUES('$fld[accountName],$fld[field1]')");
[/code]You need to make the VALUES arguments two separate strings:
[code=php]
$doit = $db->query("INSERT INTO SystemAccounts(accountName,field1) VALUES('$fld[accountName]', '$fld[field1]')");
[/code]0
@NogDogOct 17.2016 — #PS: I'd like to see you do some sanitizing of the form inputs before using them in the DB queries (or use prepared statements with bound parameters if using PDO or MySQLi extensions), in order to prevent SQL injection attacks/errors.