[PHP] Strange MySQL Problem

2009-12-14 Thread Parham Doustdar 
Hello there,
Here's a short PHP script a friend has written, and given to me to test.
However, I am getting a MySQL error saying that the syntax error, on the
line that contains mysql_connect(); is wrong, near '')'
(note that it is not a PHP error, but a MySQL error.)
Here's the code:

[code]
?php
$username = root;
$password = abc;
$con = mysql_connect(, $username, $password);
mysql_select_db (test, $con);
$sql = INSERT INTO BOOK(bookname, authorsname, ISBN) VALUES
('$_POST[bookname]', '$_POST[authorsname]', $_POST[ISBN]');
if (!mysql_query($sql, $con))
 {
die( 'error: ' . mysql_error());
  }
echo 1 record added;
mysql_close($con)
?
[/code]




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Strange MySQL Problem

2009-12-14 Thread Jochen Schultz 

Hello Parham,

i think you should change this:

$sql = INSERT INTO BOOK(bookname, authorsname, ISBN) VALUES
 ('$_POST[bookname]', '$_POST[authorsname]', $_POST[ISBN]');

to this:

$sql = INSERT INTO BOOK(bookname, authorsname, ISBN) VALUES
('.$_POST[bookname].', '.$_POST[authorsname].', '.$_POST[ISBN].');


best regards
Jochen


Parham Doustdar schrieb:

Hello there,
Here's a short PHP script a friend has written, and given to me to test.
However, I am getting a MySQL error saying that the syntax error, on the
line that contains mysql_connect(); is wrong, near '')'
(note that it is not a PHP error, but a MySQL error.)
Here's the code:

[code]
?php
$username = root;
$password = abc;
$con = mysql_connect(, $username, $password);
mysql_select_db (test, $con);
$sql = INSERT INTO BOOK(bookname, authorsname, ISBN) VALUES
('$_POST[bookname]', '$_POST[authorsname]', $_POST[ISBN]');
if (!mysql_query($sql, $con))
 {
die( 'error: ' . mysql_error());
  }
echo 1 record added;
mysql_close($con)
?
[/code]






--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Strange MySQL Problem

2009-12-14 Thread Parham Doustdar 
Hi there,
Does it differ? I thought when in quotations, variables like that would be 
automatically interpreted?
Also, the MySQL is meant to connect to localhost. I had emptied it for 
testing purposes. With or without it, I get the same error.
Jochen Schultz jschu...@sportimport.de wrote in message 
news:4b25fb8e.3040...@sportimport.de...
 Hello Parham,

 i think you should change this:

 $sql = INSERT INTO BOOK(bookname, authorsname, ISBN) VALUES
  ('$_POST[bookname]', '$_POST[authorsname]', $_POST[ISBN]');

 to this:

 $sql = INSERT INTO BOOK(bookname, authorsname, ISBN) VALUES
 ('.$_POST[bookname].', '.$_POST[authorsname].', '.$_POST[ISBN].');


 best regards
 Jochen


 Parham Doustdar schrieb:
 Hello there,
 Here's a short PHP script a friend has written, and given to me to test.
 However, I am getting a MySQL error saying that the syntax error, on the
 line that contains mysql_connect(); is wrong, near '')'
 (note that it is not a PHP error, but a MySQL error.)
 Here's the code:

 [code]
 ?php
 $username = root;
 $password = abc;
 $con = mysql_connect(, $username, $password);
 mysql_select_db (test, $con);
 $sql = INSERT INTO BOOK(bookname, authorsname, ISBN) VALUES
 ('$_POST[bookname]', '$_POST[authorsname]', $_POST[ISBN]');
 if (!mysql_query($sql, $con))
  {
 die( 'error: ' . mysql_error());
   }
 echo 1 record added;
 mysql_close($con)
 ?
 [/code]


 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Strange MySQL Problem

2009-12-14 Thread shahrzad khorrami 
Salaaam

$sql = INSERT INTO BOOK(bookname, authorsname, ISBN) VALUES
('.$_POST[bookname].'' , '.$_POST[authorsname].',''.$_POST[ISBN].');

above line is correct, your code is wrong ,$_POST[ISBN]');

and add
$host = 'localhost';
$con = mysql_connect($host, $username, $password);

you can also check this page:
http://php.net/manual/en/function.mysql-connect.php

Regards,
Shahrzad

Re: [PHP] Strange MySQL Problem

2009-12-14 Thread Parham Doustdar 
Thank you, everyone. All fixed.
metastable list...@metastable-services.net wrote in message 
news:4b260641.80...@metastable-services.net...
 Parham Doustdar wrote:
 Hi there,
 Does it differ? I thought when in quotations, variables like that would 
 be
 automatically interpreted?
 Also, the MySQL is meant to connect to localhost. I had emptied it for
 testing purposes. With or without it, I get the same error.
 Jochen Schultz jschu...@sportimport.de wrote in message
 news:4b25fb8e.3040...@sportimport.de...

 Hello Parham,

 i think you should change this:

 $sql = INSERT INTO BOOK(bookname, authorsname, ISBN) VALUES
  ('$_POST[bookname]', '$_POST[authorsname]', $_POST[ISBN]');

 to this:

 $sql = INSERT INTO BOOK(bookname, authorsname, ISBN) VALUES
 ('.$_POST[bookname].', '.$_POST[authorsname].', 
 '.$_POST[ISBN].');


 best regards
 Jochen


 Parham Doustdar schrieb:

 Hello there,
 Here's a short PHP script a friend has written, and given to me to 
 test.
 However, I am getting a MySQL error saying that the syntax error, on 
 the
 line that contains mysql_connect(); is wrong, near '')'
 (note that it is not a PHP error, but a MySQL error.)
 Here's the code:

 [code]
 ?php
 $username = root;
 $password = abc;
 $con = mysql_connect(, $username, $password);
 mysql_select_db (test, $con);
 $sql = INSERT INTO BOOK(bookname, authorsname, ISBN) VALUES
 ('$_POST[bookname]', '$_POST[authorsname]', $_POST[ISBN]');
 if (!mysql_query($sql, $con))
  {
 die( 'error: ' . mysql_error());
   }
 echo 1 record added;
 mysql_close($con)
 ?
 [/code]







 Exactly the opposite. Use double quotes for interpolation.
 Moreover, you would still get an error, as mysql requires text columns
 to be escaped. Use Jochens code.
 Also: SQL injection ! -- http://en.wikipedia.org/wiki/SQL_injection


 HTH,

 Stijn 



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Strange MySQL Problem

2009-12-14 Thread Floyd Resler 
You're missing a tick in the query.  There should be a tick before the 
$_POST[ISBN].

Take care,
Floyd

On Dec 14, 2009, at 3:41 AM, Parham Doustdar wrote:

 Hello there,
 Here's a short PHP script a friend has written, and given to me to test.
 However, I am getting a MySQL error saying that the syntax error, on the
 line that contains mysql_connect(); is wrong, near '')'
 (note that it is not a PHP error, but a MySQL error.)
 Here's the code:
 
 [code]
 ?php
 $username = root;
 $password = abc;
 $con = mysql_connect(, $username, $password);
 mysql_select_db (test, $con);
 $sql = INSERT INTO BOOK(bookname, authorsname, ISBN) VALUES
 ('$_POST[bookname]', '$_POST[authorsname]', $_POST[ISBN]');
 if (!mysql_query($sql, $con))
 {
 die( 'error: ' . mysql_error());
  }
 echo 1 record added;
 mysql_close($con)
 ?
 [/code]
 
 
 
 
 -- 
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Strange MySQL Problem

2009-12-14 Thread tedd 

At 1:12 PM +0330 12/14/09, Parham Doustdar wrote:

Thank you, everyone. All fixed.



Really?!?

I think you would be well advised to sanitize the values coming into 
from a public $_POST.


That habit allows MySQL injection problems.

Cheers,

tedd
--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php