Hi,
I looked at what I sent you and missed a quote on line 3. It was
"VALUES ('; and should have been "VALUES (";. See below
$query = "INSERT INTO Players (fname, lname, address, city, state,
zip, phhome, phcell, phwork, other, email)";
$query .="VALUES (";
$query .=" '".$_POST['fname']."', '".$_POST['lname']."', '".$_POST
['address']."',";
$query .=" '".$_POST['city']."', '".$_POST['state']."', '".$_POST
['zip']."',";
$query .=' '".$_POST['phhome']."', '".$_POST['phcell']."',";
$query .=" '".$_POST['phwork']."', '".$_POST['other']."', '".$_POST
['email']."' ";
$query .=" )";
Also are you doing any cleanup or escaping on the POST data before
INSERTING it into your DB? You should escape each post.
/**Prevent SQL injections
***
*/
function quote_smart($value)
{
// Stripslashes
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
// Quote if not a number or a numeric string
if (!is_numeric($value)) {
$value = mysql_real_escape_string($value);
}
return $value;
}
You would use this like this:
$query .='".quote_smart($_POST['phhome'])."';
for each POST variable.
Sincerely,
Mike
--
Mike Brandonisio * IT Planning & Support
Tech One Illustration * Database Applications
tel (630) 759-9283 * e-Commerce
[EMAIL PROTECTED] * www.techoneillustration.com
On Jul 5, 2006, at 6:48 PM, Wade Smart wrote:
> 07052006 1845 GMT-6
>
> Im still having a bit of a problem with this insert.
>
> Im using the double quotes but this is the error:
>
> Players(fname,lname,address,city,state,zip,phhome,)
> VALUES (Bob,Smith,123 On Some Street, Batesville, OG, 01235,
> 333-222-1111,)
> Insert error: "You have an error in your SQL syntax.
> Check the manual that corresponds to your MySQL server version for the
> right syntax to use near
> ')VALUES (Bob,Smith,123 On Some Street, Batesville, OG, 01"
>
> Thats all it gives. It just stops though.
>
> wade
>
>
> On Mon, 2006-07-03 at 19:47 -0500, Mike Brandonisio wrote:
>> Hi,
>>
>> You need to encapsulate your data in quotes. I would have done it
>> like this with double quotes, single quote passed to query.
>>
>> $query = "INSERT INTO Players (fname, lname, address, city, state,
>> zip, phhome, phcell, phwork, other, email)";
>> $query .="VALUES (';
>> $query .=" '".$_POST['fname']."', '".$_POST['lname']."', '".$_POST
>> ['address']."',";
>> $query .=" '".$_POST['city']."', '".$_POST['state']."', '".$_POST
>> ['zip']."',";
>> $query .=' '".$_POST['phhome']."', '".$_POST['phcell']."',";
>> $query .=" '".$_POST['phwork']."', '".$_POST['other']."', '".$_POST
>> ['email']."' ";
>> $query .=" )";
>>
>> Sincerely,
>> Mike
>
>
>
> Community email addresses:
> Post message: [email protected]
> Subscribe: [EMAIL PROTECTED]
> Unsubscribe: [EMAIL PROTECTED]
> List owner: [EMAIL PROTECTED]
>
> Shortcut URL to this page:
> http://groups.yahoo.com/group/php-list
> Yahoo! Groups Links
>
>
>
>
>
>
>
>
>
------------------------ Yahoo! Groups Sponsor --------------------~-->
Yahoo! Groups gets a make over. See the new email design.
http://us.click.yahoo.com/XISQkA/lOaOAA/yQLSAA/HKFolB/TM
--------------------------------------------------------------------~->
Community email addresses:
Post message: [email protected]
Subscribe: [EMAIL PROTECTED]
Unsubscribe: [EMAIL PROTECTED]
List owner: [EMAIL PROTECTED]
Shortcut URL to this page:
http://groups.yahoo.com/group/php-list
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/php-list/
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
