Hello there,
Here's a short PHP script a friend has written, and given to me to test.
However, I am getting a MySQL error saying that the syntax error, on the
line that contains mysql_connect(); is wrong, near '')'
(note that it is not a PHP error, but a MySQL error.)
Here's the code:
[code]
?php
Hello Parham,
i think you should change this:
$sql = INSERT INTO BOOK(bookname, authorsname, ISBN) VALUES
('$_POST[bookname]', '$_POST[authorsname]', $_POST[ISBN]');
to this:
$sql = INSERT INTO BOOK(bookname, authorsname, ISBN) VALUES
('.$_POST[bookname].', '.$_POST[authorsname].',
Hi there,
Does it differ? I thought when in quotations, variables like that would be
automatically interpreted?
Also, the MySQL is meant to connect to localhost. I had emptied it for
testing purposes. With or without it, I get the same error.
Jochen Schultz jschu...@sportimport.de wrote in
Salaaam
$sql = INSERT INTO BOOK(bookname, authorsname, ISBN) VALUES
('.$_POST[bookname].'' , '.$_POST[authorsname].',''.$_POST[ISBN].');
above line is correct, your code is wrong ,$_POST[ISBN]');
and add
$host = 'localhost';
$con = mysql_connect($host, $username, $password);
you can also
Thank you, everyone. All fixed.
metastable list...@metastable-services.net wrote in message
news:4b260641.80...@metastable-services.net...
Parham Doustdar wrote:
Hi there,
Does it differ? I thought when in quotations, variables like that would
be
automatically interpreted?
Also, the MySQL
You're missing a tick in the query. There should be a tick before the
$_POST[ISBN].
Take care,
Floyd
On Dec 14, 2009, at 3:41 AM, Parham Doustdar wrote:
Hello there,
Here's a short PHP script a friend has written, and given to me to test.
However, I am getting a MySQL error saying that the
At 1:12 PM +0330 12/14/09, Parham Doustdar wrote:
Thank you, everyone. All fixed.
Really?!?
I think you would be well advised to sanitize the values coming into
from a public $_POST.
That habit allows MySQL injection problems.
Cheers,
tedd
--
---
http://sperling.com
7 matches
Mail list logo
