homepage Welcome to WebmasterWorld Guest from 54.243.23.129
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Accredited PayPal World Seller

Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
simple php query not working
trendz




msg:4310543
 9:40 pm on May 10, 2011 (gmt 0)

hello i am trying to get this query to insert information into my database from a form. my first query for customer_table is working, but the almost exact same query for phone_table is not working any ideas why?

here is the 1st query that is working



<html>
<body>
<?php
$con = mysql_connect('localhost','root','');
if (!$con)
{
die('Could not connect: ' . mysql_error());
}

mysql_select_db("trendzphones")or die(mysql_error());


$result = mysql_query("INSERT INTO customer_table (License_Num, First_Name, Last_Name, Address, City, usaState, Zip_code)
VALUES
('$_POST[License_Num]','$_POST[First_Name]','$_POST[Last_Name]','$_POST[Address]','$_POST[City]','$_POST[usaState]','$_POST[Zip_code]')")
or die(mysql_error());

echo "1 customer record added";

mysql_close($con)
?>


<FORM>
<INPUT TYPE="BUTTON" VALUE="Main Menu" ONCLICK="window.location.href='open.html'">
<INPUT TYPE="BUTTON" VALUE="add phone" ONCLICK="window.location.href='test3.html'">
</FORM>

</body>
</html>



the code above adds the customer to the database with no problems, but this code here gives me the error message;

"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Condition, Date, Paid) VALUES ('verizon','apple','iphone 4','a00000123456','wa' at line 1"

the verizon, apple, iphone, etc.. is just the info that i tried adding to the database.



<html>
<body>
<?php
$con = mysql_connect('localhost','root','');
if (!$con)
{
die('Could not connect: ' . mysql_error());
}

mysql_select_db("trendzphones")or die(mysql_error());


$result1 = mysql_query("INSERT INTO phone_table (Carrier, Make, Model, IMEI_Hex_ESN, Condition, Date, Paid)
VALUES
('$_POST[Carrier]','$_POST[Make]','$_POST[Model]','$_POST[IMEI_Hex_ESN]','$_POST[Condition]','$_POST[Date]','$_POST[Paid]')")
or die(mysql_error());


echo "1 phone record added";

mysql_close($con)
?>

<FORM>
<INPUT TYPE="BUTTON" VALUE="Main Menu" ONCLICK="window.location.href='open.html'">
<INPUT TYPE="BUTTON" VALUE="add phone" ONCLICK="window.location.href='test3.html'">
</FORM>

</body>
</html>



I'm stumped since the code structure looks the same to me i don't understand why the first one would work and the 2nd would give me a error message and not add the data.

any ideas or thoughts would be greatly appreciated.

i can post what my fields look like, but I'm pretty sure the naming is correct.

thank you

 

jNorth




msg:4310549
 9:52 pm on May 10, 2011 (gmt 0)

You should read up on SQL injection.

Perhaps one of your posted vars has a single or double quote in it.

and if the date column in a date or timestamp, odds are it is not formated correctly

eelixduppy




msg:4310550
 9:54 pm on May 10, 2011 (gmt 0)

Condition is a reserved word: [dev.mysql.com...]

All words such as these must be escaped using the prime character (`). For example:


INSERT INTO phone_table (`Carrier`, `Make`, `Model`, `IMEI_Hex_ESN`, `Condition`, `Date`, `Paid`) VALUES (......)

trendz




msg:4310968
 8:12 pm on May 11, 2011 (gmt 0)

it was the reserved word, i can't believe i didn't catch that.
thank you

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved