Forum Moderators: coopster
Can't get it to send the data to the db.
<?
$date = date("Y-m-d G:i:s") ;
$db="dbname";
mysql_query ("INSERT INTO dbname (var1, var2, var3, IP) VALUES ($_POST['var1'],$_POST['var2'],$_POST['var3'],$_POST['IP'])$db");
?>
Thanks a lot.
Try putting your values between single quotes (apostrophes):
mysql_query ("INSERT INTO dbname (var1, var2, var3, IP) VALUES ('$_POST['var1']','$_POST['var2']','$_POST['var3']','$_POST['IP']')
See if that helps.
dc
I get
parse error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING
as an error message.
A friend suggested this
VALUES ('". $_POST['var1'] ."',
which I have also tried, and that doesnt seem to work either - just generates a parse error:
unexpected ',' in /home/site/public_html/page.php on line 84 - which is of course the above code.
<?
$date = date("Y-m-d G:i:s");
$db="dbname";mysql_query ("INSERT INTO dbname.table (var1, var2, var3, IP) VALUES ('".$_POST['var1']."', '".$_POST['var2']."', '".$_POST['var3']."', '". $_POST['IP']."'"), $db);
?>
you didn't put comma before database name, also you need to end question before chosing $db
Michal Cibor
[edited by: mcibor at 11:22 am (utc) on Jan. 11, 2005]
$var1 = mysql_escape_string($_POST['var1']);
before putting them in the query
I've really managed to get completely lost along the way : forgot to backup a file before I overwrote it, and now I'm b******d.
Here is the code in its entirety : if someone could tell me exactly what I need to do to the below to get it working, I would be very thankful.
The code below is EXACTLY what I've got at the moment, and its shot to hell.
<?
$date = date("Y-m-d G:i:s") ;
$db="userdetails";
mysql_query ("INSERT INTO userdetails (date, quantity, compcode, Name, Street, address_1a, Town, County, Country, Zip, Email, Telephone1, Telephone2, Source, IP) VALUES ('". $_POST['date'] ."','". $_POST['quantity'] ."','". $_POST['compcode'] ."','". $_POST['Name'] ."','". ,$_POST['Street'] ."','". $_POST['address_1a'] ."','". $_POST['Town'] ."','". $_POST['County'] ."','". $_POST['Country'] ."','". $_POST['Zip'] ."','". $_POST['Email'] ."','". $_POST['Telephone1'] ."','". $_POST['Telephone2'] ."','". $_POST['Source'] ."','". $_POST['IP'] ."')$db");
?>
I would be really grateful if anyone is able to dig me out of the mess I seem to have got myself in.
try this
$sql = "INSERT INTO userdetails (date, quantity, compcode, Name, Street, address_1a, Town, County, Country, Zip, Email, Telephone1, Telephone2, Source, IP) VALUES ('". $_POST['date'] ."','". $_POST['quantity'] ."','". $_POST['compcode'] ."','". $_POST['Name'] ."','". ,$_POST['Street'] ."','". $_POST['address_1a'] ."','". $_POST['Town'] ."','". $_POST['County'] ."','". $_POST['Country'] ."','". $_POST['Zip'] ."','". $_POST['Email'] ."','". $_POST['Telephone1'] ."','". $_POST['Telephone2'] ."','". $_POST['Source'] ."','". $_POST['IP'] ."')$db";
echo '<p>query: ',$sql;
mysql_query($sql) or die ('<p>db error: ' . mysql_error());
that will help you diagnose the problem. I am guessing that the $db at the end of the query shouldn't be there to start with, I also see one comma extra before $_POST['Street']. I don't have time to opick through it all but that will get you rolling.
I can see some of the problems now - maybe just needed time away from the screen.
The mistake is at the end of the query
<?PHP $date = date("Y-m-d G:i:s") ; $db="userdetails"; mysql_query ("INSERT INTO userdetails (date, quantity, compcode, Name, Street, address_1a, Town, County, Country, Zip, Email, Telephone1, Telephone2, Source, IP) VALUES ('". $_POST['date'] ."','". $_POST['quantity'] ."','". $_POST['compcode'] ."','". $_POST['Name'] ."','". ,$_POST['Street'] ."','". $_POST['address_1a'] ."','". $_POST['Town'] ."','". $_POST['County'] ."','". $_POST['Country'] ."','". $_POST['Zip'] ."','". $_POST['Email'] ."','". $_POST['Telephone1'] ."','". $_POST['Telephone2'] ."','". $_POST['Source'] ."','". $_POST['IP'] ."')",$db");?>
And add slashes to all $_POST:
$country = mysql_escape_string($_POST['Country']);
So the actual code would be:
?PHP $data = date("Y-m-d"); //If the database field is date type; if text, then ok, but still cannot be used name date. It is restricted. $db="userdetails"; $quantity = mysql_escape_string($_POST['quantity']); $compcode = mysql_escape_string($_POST['compcode']); $Name = mysql_escape_string($_POST['Name']); $Street = mysql_escape_string($_POST['Street']); $address_1a = mysql_escape_string($_POST['address_1a']); $Town = mysql_escape_string($_POST['Town']); $County = mysql_escape_string($_POST['Country']); $Country = mysql_escape_string($_POST['Country']); $Zip = mysql_escape_string($_POST['Zip']); $Email = mysql_escape_string($_POST['Email']); $Telephone1 = mysql_escape_string($_POST['Telephone1']); $Telephone2 = mysql_escape_string($_POST['Telephone2']); $Source = mysql_escape_string($_POST['Source']); $IP = mysql_escape_string($_POST['IP']); mysql_query ("INSERT INTO userdetails (date, quantity, compcode, Name, Street, address_1a, Town, County, Country, Zip, Email, Telephone1, Telephone2, Source, IP) VALUES ('$data', '$quantity', '$compcode', '$Name', '$Street', '$address_1a', '$Town', '$County', '$Country', '$Zip', '$Email', '$Telephone1', '$Telephone2', '$Source', '$IP')", $db);?>
Best regards
Michal Cibor
Thanks for your help and pointers. :)
