Forum Moderators: coopster
I've been looking all over the web, but was unable to find a solution for this problem. This script has given me many errors before, now the only error I get is:
Parse error: parse error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting ']' in /home/(etc) on line 9.
<?php
$con = mysql_connect("localhost","myusername","mypwd");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("mydatabse", $con);
$sql="INSERT INTO notams (by, from, to, notam)
VALUES ('$_POST[by]','$_POST[from]','$_POST[to]','$_POST[notam')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "1 record added";
mysql_close($con)
?>
I don't seem to be able to spot any mistakes. You guys have any ideas?
Thanks.
Pedro Diogo
Also, please read up on sql injection and why you should not insert $_POST data directly into your db without running it through mysql_real_escape_string first.
<?phpinclude 'db.php';
// Define post fields into simple variables
$by = $_POST['by'];
$from = $_POST['from'];
$to = $_POST['to'];
$notam = $_POST['notam'];
$sql="INSERT INTO notams (by, from, to, notam)VALUES ('$by','$from','$to','$notam')";
?>
I've been working on this for nearly 2 days now and did many other scripts like this one in one day and they all worked... You guys have any other ideas or even a "ready-made" script I could adapt?
Thanks.
Pedro
$by = mysql_real_escape_string($_POST['by']);
