Welcome to WebmasterWorld Guest from 54.147.44.93

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

simple php query not working

     

trendz

9:40 pm on May 10, 2011 (gmt 0)



hello i am trying to get this query to insert information into my database from a form. my first query for customer_table is working, but the almost exact same query for phone_table is not working any ideas why?

here is the 1st query that is working



<html>
<body>
<?php
$con = mysql_connect('localhost','root','');
if (!$con)
{
die('Could not connect: ' . mysql_error());
}

mysql_select_db("trendzphones")or die(mysql_error());


$result = mysql_query("INSERT INTO customer_table (License_Num, First_Name, Last_Name, Address, City, usaState, Zip_code)
VALUES
('$_POST[License_Num]','$_POST[First_Name]','$_POST[Last_Name]','$_POST[Address]','$_POST[City]','$_POST[usaState]','$_POST[Zip_code]')")
or die(mysql_error());

echo "1 customer record added";

mysql_close($con)
?>


<FORM>
<INPUT TYPE="BUTTON" VALUE="Main Menu" ONCLICK="window.location.href='open.html'">
<INPUT TYPE="BUTTON" VALUE="add phone" ONCLICK="window.location.href='test3.html'">
</FORM>

</body>
</html>



the code above adds the customer to the database with no problems, but this code here gives me the error message;

"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Condition, Date, Paid) VALUES ('verizon','apple','iphone 4','a00000123456','wa' at line 1"

the verizon, apple, iphone, etc.. is just the info that i tried adding to the database.



<html>
<body>
<?php
$con = mysql_connect('localhost','root','');
if (!$con)
{
die('Could not connect: ' . mysql_error());
}

mysql_select_db("trendzphones")or die(mysql_error());


$result1 = mysql_query("INSERT INTO phone_table (Carrier, Make, Model, IMEI_Hex_ESN, Condition, Date, Paid)
VALUES
('$_POST[Carrier]','$_POST[Make]','$_POST[Model]','$_POST[IMEI_Hex_ESN]','$_POST[Condition]','$_POST[Date]','$_POST[Paid]')")
or die(mysql_error());


echo "1 phone record added";

mysql_close($con)
?>

<FORM>
<INPUT TYPE="BUTTON" VALUE="Main Menu" ONCLICK="window.location.href='open.html'">
<INPUT TYPE="BUTTON" VALUE="add phone" ONCLICK="window.location.href='test3.html'">
</FORM>

</body>
</html>



I'm stumped since the code structure looks the same to me i don't understand why the first one would work and the 2nd would give me a error message and not add the data.

any ideas or thoughts would be greatly appreciated.

i can post what my fields look like, but I'm pretty sure the naming is correct.

thank you

jNorth

9:52 pm on May 10, 2011 (gmt 0)

5+ Year Member



You should read up on SQL injection.

Perhaps one of your posted vars has a single or double quote in it.

and if the date column in a date or timestamp, odds are it is not formated correctly

eelixduppy

9:54 pm on May 10, 2011 (gmt 0)

WebmasterWorld Senior Member eelixduppy is a WebmasterWorld Top Contributor of All Time 5+ Year Member



Condition is a reserved word: [dev.mysql.com...]

All words such as these must be escaped using the prime character (`). For example:


INSERT INTO phone_table (`Carrier`, `Make`, `Model`, `IMEI_Hex_ESN`, `Condition`, `Date`, `Paid`) VALUES (......)

trendz

8:12 pm on May 11, 2011 (gmt 0)



it was the reserved word, i can't believe i didn't catch that.
thank you
 

Featured Threads

Hot Threads This Week

Hot Threads This Month