Re: [PHP] going blind for looking...need eyes

Fri, 06 Feb 2009 10:04:39 -0800 

Daniel Brown schreef:
> On Fri, Feb 6, 2009 at 12:44, Terion Miller <[email protected]> wrote:
>> ---------------------
>> $sql = "INSERT INTO admin (UserName, Password, Name, Email, Property,
>> Department, AddWorkOrder, ";
>>        $sql .= "ViewAllWorkOrders, ViewNewOrders, ViewNewArt,
>> ViewPendingWorkOrders, ViewPendingArtwork, ViewCompletedArt, ";
>>        $sql .= "ViewCompletedWorkOrders, SearchWorkOrder, EditWorkOrder,
>> DelWorkOrder, ChangeStatus, AddEditAdmin";
>>        $sql .= ") VALUES(  '$UserName', '$Password', '$Name', '$Email',
                           ^-- does the lack of space here screw things up?

>> '$Property', '$Department', '$AddWorkOrder', ";
>>        $sql .= "'$ViewAllWorkOrders', '$ViewNewOrders', '$ViewNewArt',
>> '$ViewPendingWorkOrders', '$ViewPendingArtwork', ";
>>        $sql .= "'$ViewCompletedArt', '$ViewCompletedWorkOrders',
>> '$SearchWorkOrder', '$EditWorkOrder', '$DelWorkOrder',  ";
>>        $sql .= "'$ChangeStatus', '$AddEditAdmin', '$ViewMyOrders')";
>>        $result = mysql_query($sql);
> 
>     1.) You have 19 columns named, but 20 values given.
>     2.) Make sure you use mysql_real_escape_string() or otherwise
> sanitize the data.
>     3.) When you run into similar issues, use <?php mysql_query($sql)
> or die(mysql_error()); ?>

good points from Dan, I suggest additionally something a little more
vague and possibly not to your taste ... but ... try making your
query a little more readable:

$sql = "INSERT INTO admin (
                 UserName, Password, Name, Email, Property, Department,
                 AddWorkOrder, ViewAllWorkOrders, ViewNewOrders, ViewNewArt,
                 ViewPendingWorkOrders, ViewPendingArtwork, ViewCompletedArt,
                 ViewCompletedWorkOrders, SearchWorkOrder, EditWorkOrder,
                 DelWorkOrder, ChangeStatus, AddEditAdmin
        ) VALUES (
                 '$UserName', '$Password', '$Name', '$Email', '$Property', 
'$Department',
                 '$AddWorkOrder', '$ViewAllWorkOrders', '$ViewNewOrders', 
'$ViewNewArt',
                 '$ViewPendingWorkOrders', '$ViewPendingArtwork', 
'$ViewCompletedArt',
                 '$ViewCompletedWorkOrders', '$SearchWorkOrder', 
'$EditWorkOrder',
                 '$DelWorkOrder', '$ChangeStatus', '$AddEditAdmin', 
'$ViewMyOrders'
        )";

there are a zillion variations on this theme (e.g. using HEREDOC syntax and/or 
putting each field & value
on a single line, which is sometimes helpful in counting whether no. of fields 
matches no. of values)

> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to