Wednesday, August 21, 2002, 11:25:30 PM, you wrote:
n> I am a new person to PHP.  I have purchased and read PHP fast & easy by
n> Julie Meloni and have also read the 24 hours PHP book.  I am able to connect
n> to the SQL database and insert into the database via my html form.  However,
n> the values are null.  When I look at the data in my database, it reads " ",
n> " ", " ", etc.

n> I have tried a couple different code:

n> $query = "INSERT INTO MemberReviews
n>  VALUES (' ','$memb_name', '$bookname','$author', '$grade', '$review') ";
n> mysql_query($query);

n> mysql_close();

n> or in the form itself, I have tried:

n> <?
n>     # this is processed when the form is submitted
n>     # back on to this page (POST METHOD)
n>     if ($REQUEST_METHOD=="POST") {

n>         # double-up apostrophes
n>         $review = str_replace("'","''",$review);
n>         $author = str_replace("'","''",$author);

n>         # setup SQL statement
n>         $SQL = " INSERT INTO MemberReviews ";
n>         $SQL = $SQL . " (memb_name, bookname, author, grade, review) VALUES
n> ";
n>         $SQL = $SQL . " ('$memb_name', '$bookname','$author', '$grade',
n> '$review') ";

n>         #execute SQL statement
n>         $result = mysql_db_query($db,"$SQL",$cid);

n>         # check for error
n>         if (!$result) { echo("ERROR: " . mysql_error() . "\n$SQL\n");    }

n>         echo ("<P><B>New Record Added</B></P>\n");

n>     }


n> Thanks in advance for your help

n> Jennifer

If you have the latest version of php (4.2.2 or 4.2.1) try

if(!empty($_POST['memb_name']))$memb_name = add_slashes($_POST['memb_name']);
if(!empty($_POST['bookname']))$bookname = add_slashes($_POST['bookname']);

and so on, then add them to your query string.
(add_slashes() will take care of any pesky quotes)


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to