mysql error - PHP Server Side Scripting forum at WebmasterWorld - WebmasterWorld

Forum Moderators: coopster

Message Too Old, No Replies

mysql error

getting a T_Variable error

shakaal

7:31 pm on Dec 19, 2003 (gmt 0)

10+ Year Member

Hello Guys
I have written this script to add data to a table called authors in a database called larry_books...but I keep on getting this T_Variable error...I am familiar with the reasons for this error but for now I cannot figure out what is wrong..can anyone take a look and point it out.
thank you ..here is my code..
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/2000/REC-xhtml1-20000126/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Larry's Books Administration</title>
</head>
<body>
<?php
//connect to the database

$db_connection = mysql_connect("localhost", "root", "kipling") or die(mysql_error());

$db_select = mysql_select_db("larry_books", $db_connection) or die(mysql_error());

if($_POST['submit']){

$query = "insert into authors values('0', "$_POST['last_name']", "$_POST['first_name']")";

if(@mysql_query($query)){
echo 'The author has been added';
}else
{

echo 'The author has not been added'.mysql_error();
}

}
?>
<form action = "<?php echo $PHP_SELF?>" method = "post">
Last Name: <input type = "text" name="last_name" size = "50" maxlength = "50"/><br/>
First Name: <input type = "text" name="first_name" size = "30" maxlength = "30"/><br/>

<input type = "submit" name = "submit" value = "Submit"/>
</form>
</body>
</html>

dmorison

7:38 pm on Dec 19, 2003 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

$query = "insert into authors values('0', "$_POST['last_name']", "$_POST['first_name']")";

As you are using double-quotes in this line to separate literals and variables you need to use the string concatenation operator (.).

You could do away with the quotes and let PHP figure out what the variables should be, but I never do that. I think that line should read (additional string concatenation operators in bold):

$query = "insert into authors values('0', ".$_POST['last_name'].", ".$_POST['first_name'].")";

shakaal

7:58 pm on Dec 19, 2003 (gmt 0)

10+ Year Member

thank you for that ... that took care of the T_Variable error but now I am getting following error when I try to add values to the table
The author has not been added Unknown column 'sood' in 'field list'
what does this mean?

dmorison

8:03 pm on Dec 19, 2003 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

I would specify the field list explicitly, so use a query of the following syntax:

INSERT INTO table (field1,field2,field3) VALUES ('value1','value2','value3')

That way you have no argument over which columns you are trying to populate. Note also the apostrophe's around the field values (this may actually be what is causing your error). Whilst they are technically only required for string literals, I think it is good practice to delimit ALL values with apostrophe's, whatever the column type.

I would also have a look at the mysql_escapestring functions, as your script could be upset by apostrophe's within the input - certainly a possibility where people's names are concerned!

shakaal

8:08 pm on Dec 19, 2003 (gmt 0)

10+ Year Member

I did that and it still gives me the same error...I even dropped the table and recreated it...at present I have not used any name with apostrophe...I logged into mysql and inserted names directly and that works fine..but from the form it will not...

dmorison

8:10 pm on Dec 19, 2003 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

In your script, echo($query) and make sure you are seeing exactly the SQL that you expect. Then enter the same query into mysql on the command line and see what errors it gives you...

shakaal

8:17 pm on Dec 19, 2003 (gmt 0)

10+ Year Member

INSERT INTO authors(author_id, last_name, first_name) VALUES ('0', sood, seema)
thank you got it...
this is what is in the $query..and as you can see, the single quotes are missing forthe other two variables..
I have to add those...
If you do not mind..confirming this..
Would I be adding them like this

INSERT INTO authors(author_id, last_name, first_name) VALUES ('0', ".$_POST[\'last_name\'].", ".$_POST[\'first_name\'].")"

I tried that but it did not work..could you tell me how to do it..i have spent too much time on this ..one so I do now wish to read adn find out..I will appreciate if you can tell me...thanks

dmorison

8:24 pm on Dec 19, 2003 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Not quite, you need to add the single quotes within the main query string, not the included variable.

Try this:

INSERT INTO authors(author_id, last_name, first_name) VALUES ('0', '".$_POST['last_name']."','".$_POST['first_name']."')"

shakaal

8:27 pm on Dec 19, 2003 (gmt 0)

10+ Year Member

got it...
i did this authors(author_id, last_name, first_name) VALUES ('0', '".$_POST['last_name']."', '".addslashes($_POST['first_name'])."')";

just a clarification in php if you want the quotes to be printed you have to escape it with \", right?
but it seems to print single quote you do not need to escape it...is that right?

shakaal

8:31 pm on Dec 19, 2003 (gmt 0)

10+ Year Member

please ignore the addslashes() function..i removed it..
thanks for your helpp...I can move forward now..