www.webdeveloper.com
Results 1 to 7 of 7

Thread: sql syntax query...

  1. #1
    Join Date
    Jun 2006
    Location
    Doncaster
    Posts
    78

    sql syntax query...

    Hi all:
    I'm struggling to get this to work in PHP:
    PHP Code:
    $sql "INSERT INTO data (date, yname, ymail, cpname, ctname, email, ctphone, msg_type, session, session_date, notes)";
            
    $sql .="VALUES(NOW(),'$yname','$ymail','$cpname',','$ctname','$email','$ctphone','$type','$session','$date','$notes')";
            
    $result=mysql_query($sql$cid) or die(mysql_error()); 
    I'm just getting - check your syntax.
    What am I doing wrong?

  2. #2
    Join Date
    Jun 2006
    Location
    Doncaster
    Posts
    78
    I have altered the apostrophe - and now the message just reads the error.

  3. #3
    Join Date
    Nov 2008
    Posts
    2,477
    Try this:

    PHP Code:
    INSERT INTO `data` (`date`, `yname`, `ymail`, `cpname`, `ctname`, `email`, `ctphone`, `msg_type`, `session`, `session_date`, `notes`) VALUES(NOW(),'$yname','$ymail','$cpname','$ctname','$email','$ctphone','$type','$session','$date','$notes'
    Also it's helpful if you post the error you got.

  4. #4
    Join Date
    Jun 2006
    Location
    Doncaster
    Posts
    78
    Hi Mindzai - this is how it looks.

    the form, on a separate page:
    HTML Code:
    <form action="process1.php" method="post" name="data" id="data">
        	<table width="383" border="0" cellpadding="5" cellspacing="5">
              <caption align="top">
                <strong>About you</strong>
              </caption>
              <tr>
                <td width="163">Your name</td>
                <td width="185"><input name="yname"/></td>
              </tr>
              <tr>
                <td>Your email</td>
                <td><input name="ymail" /></td>
              </tr>
              <tr>
                <td>Your phone</td>
                <td><input name="yphone" /></td>
              </tr>
            </table>
    <table  border="0" cellspacing="5" cellpadding="5">
    <caption align="top">
        <strong>About the recipient</strong>
      </caption>
      <tr>
        <td width="162">Company name</td>
        <td><input name="cpname"/></td>
      </tr>
      <tr>
        <td>Contact name</td>
        <td><input name="ctname" length="25" /></td>
      </tr>
      <tr>
        <td>Contact phone</td>
        <td><input name="ctphone" /></td>
      </tr>
      <tr>
        <td>Email</td>
        <td><input name="email" /></td>
      </tr>
      </table>
      <table  border="0" cellspacing="5" cellpadding="5">
      <caption align="top">
        <strong>About the message</strong>
      </caption>
       <tr>
        <td>Type of message</td>
        <td><p>
          <label>
            <input type="radio" name="RadioGroup1" value="1" id="RadioGroup1_0" />
            Few Appts</label>
          <br />
          <label>
            <input type="radio" name="RadioGroup1" value="2" id="RadioGroup1_1" />
            Company Recruitment</label>
          <br />
        </p></td>
      </tr>
      </table>
      <table border="0" cellspacing="5" cellpadding="5">
      <caption align="top">
        <strong>About the session</strong>
      </caption>
      <tr>
        <td>Session to promote</td>
        <td><input name="session" /></td>
      </tr>
      <tr>
        <td>Date of session</td>
        <td><input name="date" id="date"><a href="javascript:NewCal('date','ddmmyyyy')"><img src="calendar/cal.gif" width="16" height="16" border="0" alt="Pick a date"></a></td>
      </tr>
      <tr>
        <td><p>Any general notes <br />
            <span class="style3"><em>not for message</em></span><em></em></p>
          </td>
        <td><textarea name="comments" cols="25" rows="5" id="comments"></textarea></td>
      </tr>
      <tr>
        <td><input type="reset" value="reset" /></td>
        <td><input type="submit" value="send!" /></td>
      </tr>
      
    </table>
    
        </form>
    fairly straightforward.
    The php looks like like this:
    PHP Code:
    <?php 
                
    //details sent from form
                
    $yname=$_POST['yname'];
                
    $ymail=$_POST['ymail'];
                
    $yphone=$_POST['yphone'];
                
    $cpname=$_POST['cpname'];
                
    $ctname=$_POST['ctname'];
                
    $ctphone=$_POST['ctphone'];
                
    $email=$_POST['email'];
                
    $type=$_POST['RadioGroup1'];
                
    $session=$_POST['session'];
                
    $date=$_POST['date'];
                
    $notes=$_POST['notes'];
                        
                
    $to $email;
                
    $subject "12 seconds";

                
    //get file according to radio selection
                
    $myFile "header".$type.".txt";
                
    $fh fopen($myFile'r');
                
    $theData fread($fhfilesize($myFile));
                
    fclose($fh);


      
    error_reporting(E_ALL);
        
    /*login to mysql*/
        
    require_once 'mysql_login.php';
        
    mysql_select_db("mktg",$cid);
        
        
    /*create query*/
            
    $sql "INSERT INTO `data` (`date`, `yname`, `ymail`, `cpname`, `ctname`, `email`, `ctphone`, `msg_type`, `session`, `session_date`, `notes`) VALUES(NOW(),'$yname','$ymail','$cpname','$ctname','$email','$ctphone','$type','$session','$date','$notes')";
            
    $result=mysql_query($sql$cid) or die(mysql_error());
            if (!
    mysql_query($sql$cid))    {
            echo 
    'Entered on database';
            } else    {
            echo 
    'Please contact the help desk!';
            }
            
        
    ?>
    including your changes.
    three issues come up:

    first, my mistake - there are blank fields being added to the database. It does not include the info from the form, although the datetime column is being filled in by php
    second, i'm struggling to get mysql to show what the error is
    third, why does it enter two lines into mysql?

  5. #5
    Join Date
    Nov 2008
    Posts
    2,477
    1 - have you checked the values are being correctly received by the processing script? What is the result of the folowing code placed at the top of process1.php

    PHP Code:
    echo '<pre>';
    print_r($_POST);
    echo 
    '</pre>'
    2. It isn't showing you an error because there is no error to show. If the data is getting inserted the query is working.

    3. Because you are calling the mysql_query() function twice. Replace

    PHP Code:
    if (!mysql_query($sql$cid)) { 
    with


    PHP Code:
    if (!$result) { 

  6. #6
    Join Date
    Apr 2007
    Posts
    1,664
    A couple of general notes on your script.

    When debugging SQL echo the queries to the page (or log or mail them to yourself). Comment out the bit where you run them and copy them into a CLI (command line interface) like putty.exe. You'll see what is going to get run before running it so can carefully look through it to see any potential dangerous errors. You get the error direct from the SQL server as well which might be less cryptic then the one from the PHP function.

    Renaming POST variables for no reason serves no purpose. It just means you don't know where the values came from and may not realize later in a script that the variable contains user inputted values and forget to sanitize correctly. Your statement is currently wide open to SQL injection.

    Any information that comes from any where but your scripts (POST, GET, opens URLs etc) needs to be sanitized and validated. Even radio button and checkboxes. Any and all or your vulnerable to attack.
    Anti Linux rants are usually the result of a lack of Linux experience, while anti Windows rants are usually a result of a lot of Windows experience.

  7. #7
    Join Date
    Jun 2006
    Location
    Doncaster
    Posts
    78

    Now sorted

    Thanks all - will follow up with the completed code, but in the meantime, Mindzai, the mysl_query, very useful.

    SyCo,ta 4 the reminder

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles