Hi,
Wednesday, August 21, 2002, 11:25:30 PM, you wrote:
n> I am a new person to PHP. I have purchased and read PHP fast & easy by
n> Julie Meloni and have also read the 24 hours PHP book. I am able to connect
n> to the SQL database and insert into the database via my html form. However,
n> the values are null. When I look at the data in my database, it reads " ",
n> " ", " ", etc.
n> I have tried a couple different code:
n> $query = "INSERT INTO MemberReviews
n> VALUES (' ','$memb_name', '$bookname','$author', '$grade', '$review') ";
n> mysql_query($query);
n> mysql_close();
n> or in the form itself, I have tried:
n> <?
n> # this is processed when the form is submitted
n> # back on to this page (POST METHOD)
n> if ($REQUEST_METHOD=="POST") {
n> # double-up apostrophes
n> $review = str_replace("'","''",$review);
n> $author = str_replace("'","''",$author);
n> # setup SQL statement
n> $SQL = " INSERT INTO MemberReviews ";
n> $SQL = $SQL . " (memb_name, bookname, author, grade, review) VALUES
n> ";
n> $SQL = $SQL . " ('$memb_name', '$bookname','$author', '$grade',
n> '$review') ";
n> #execute SQL statement
n> $result = mysql_db_query($db,"$SQL",$cid);
n> # check for error
n> if (!$result) { echo("ERROR: " . mysql_error() . "\n$SQL\n"); }
n> echo ("<P><B>New Record Added</B></P>\n");
n> }
?>>
n> Thanks in advance for your help
n> Jennifer
If you have the latest version of php (4.2.2 or 4.2.1) try
if(!empty($_POST['memb_name']))$memb_name = add_slashes($_POST['memb_name']);
if(!empty($_POST['bookname']))$bookname = add_slashes($_POST['bookname']);
and so on, then add them to your query string.
(add_slashes() will take care of any pesky quotes)
--
regards,
Tom
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
