Results 1 to 11 of 11

Thread: [RESOLVED] MySQL + PHP error.

  1. #1

    Thread Starter
    Frenzied Member
    Join Date
    Jan 2008
    Posts
    1,754

    Resolved [RESOLVED] MySQL + PHP error.

    Here is my code:

    Code:
    <?php
    session_start();
    include ("Includes/database_info.php");
    mysql_select_db("a1401476_records", $con);
    $sql="INSERT INTO products (Title, Description, Seller, Picture, Condition, Price, Country, Province, City, School, Campus, Grade, Class) 
    VALUES ('$_POST[title]','$_POST[description]','$_SESSION[username]','$_POST[image]','$_POST[condition]','$_POST[price]','$_POST[country]','$_POST[province]','$_POST[city]','$_POST[school]','$_POST[campus]','$_POST[grade]','$_POST[class]')";
    if (!mysql_query($sql,$con))
      {
      die('Error: ' . mysql_error());
      }
    mysql_close($con);
    ?>
    The include file contains the database info.

    Here is my html form.

    Code:
    <div>
    <form action="sell.php" method="post">
    <b>Seller's Username</b>: <?php echo $_SESSION['username']; ?> <br /><a href="logout.php">If you are not <?php echo $_SESSION['username']; ?> then click here to logout.</a><br /><br />
    <b>Title</b>: <input name="title" type="text"></input>
    <br />
    <b>Short Description</b>:<br /> <textarea name="description" rows="5" cols="25"></textarea> 
    <br /><br /> 
    <b>School</b>: <input name="school" type="text"></input><br /> 
    <b>Campus</b>: <input name="campus" type="text"></input><br /> 
    <b>Grade</b>: <input name="grade" type="text"></input><br /> 
    <b>Class</b>: <input name="class" type="text"></input><br /> 
    <br /> 
    <b>Condition</b>: 
    <select name="condition">
    <option value="excelent">Excelent</option>
    <option value="good">Good</option>
    <option value="poor">Poor</option>
    </select>
    <br /><br />
    <b>Price</b>: <b>$</b><input name="price" type="text"></input><br /><br /><br /> 
    <p>If you choose to include an image then upload the image to a file sharing site such as <a href="http://www.photobucket.com">Photobucket</a>, then supply the direct link below.</p>
    <b>Image of Textbook</b>: <input name="image" type="text"></input>
    <br /><br />
    <input type="submit" value="Sell your Textbook"></input>
    </form> 
    </div>
    I am getting an error when i submit the form and no it shouldn't be related to the length of the input...

    Error:
    Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Condition, Price, Country, Province, City, School, Campus, Grade, Class) VALUES' at line 1
    I used this exact code with a few modifications for my register/login page and it worked perfectly. What is wrong? It works fine if you just enter regular strings but i need to be able to use $_POST.

  2. #2
    Super Moderator manavo11's Avatar
    Join Date
    Nov 2002
    Location
    Around the corner from si_the_geek
    Posts
    7,171

    Re: MySQL + PHP error.

    I'm not sure if it's this, but you should sanitize the $_POST data before inserting it in the database, for example by running mysql_real_escape_string.


    Has someone helped you? Then you can Rate their helpful post.

  3. #3

    Thread Starter
    Frenzied Member
    Join Date
    Jan 2008
    Posts
    1,754

    Re: MySQL + PHP error.

    I added in the mysql_real_escape_string:

    Code:
    <?php
    session_start();
    include ("Includes/database_info.php");
    mysql_select_db("a1401476_records", $con);
    $title = mysql_real_escape_string($_POST[title]);
    $description = mysql_real_escape_string($_POST[description]);
    $seller = mysql_real_escape_string($_SESSION[username]);
    $picture = mysql_real_escape_string($_POST[image]);
    $condition = mysql_real_escape_string($_POST[condition]);
    $price = mysql_real_escape_string($_POST[price]);
    $country = mysql_real_escape_string($_POST[country]);
    $province = mysql_real_escape_string($_POST[province]);
    $city = mysql_real_escape_string($_POST[city]);
    $school = mysql_real_escape_string($_POST[school]);
    $campus = mysql_real_escape_string($_POST[campus]);
    $grade = mysql_real_escape_string($_POST[grade]);
    $class = mysql_real_escape_string($_POST[class]);
    $sql="INSERT INTO products (Title, Description, Seller, Picture, Condition, Price, Country, Province, City, School, Campus, Grade, Class) 
    VALUES ('$title','description','$seller','$picture','$condition','$price','$country','$province','$city','$school','$campus','$grade','$class')";
    if (!mysql_query($sql,$con))
      {
      die('Error: ' . mysql_error());
      }
    mysql_close($con);
    ?>
    Now i get this error:
    Parse error: syntax error, unexpected T_CLASS, expecting ']' in /home/a1401476/public_html/sell.php on line 17

  4. #4
    Super Moderator manavo11's Avatar
    Join Date
    Nov 2002
    Location
    Around the corner from si_the_geek
    Posts
    7,171

    Re: MySQL + PHP error.

    In all the lines, the $_POST key should be in quotes (single or double). So instead of

    PHP Code:
    $_POST[title
    you should have

    PHP Code:
    $_POST['title'
    On line 17, class is a php keyword so obviously can't be used there in that context.


    Has someone helped you? Then you can Rate their helpful post.

  5. #5
    PowerPoster techgnome's Avatar
    Join Date
    May 2002
    Posts
    34,687

    Re: MySQL + PHP error.

    come to think of it... I think that's what was wrong with the original query in the first place....

    -tg
    * I don't respond to private (PM) requests for help. It's not conducive to the general learning of others.*
    * I also don't respond to friend requests. Save a few bits and don't bother. I'll just end up rejecting anyways.*
    * How to get EFFECTIVE help: The Hitchhiker's Guide to Getting Help at VBF - Removing eels from your hovercraft *
    * How to Use Parameters * Create Disconnected ADO Recordset Clones * Set your VB6 ActiveX Compatibility * Get rid of those pesky VB Line Numbers * I swear I saved my data, where'd it run off to??? *

  6. #6
    Super Moderator manavo11's Avatar
    Join Date
    Nov 2002
    Location
    Around the corner from si_the_geek
    Posts
    7,171

    Re: MySQL + PHP error.

    Quote Originally Posted by techgnome View Post
    come to think of it... I think that's what was wrong with the original query in the first place....

    -tg
    Possibly, but it's still not a bad idea to run a sanitizing function on the input data!


    Has someone helped you? Then you can Rate their helpful post.

  7. #7
    PowerPoster techgnome's Avatar
    Join Date
    May 2002
    Posts
    34,687

    Re: MySQL + PHP error.

    Quote Originally Posted by manavo11 View Post
    Possibly, but it's still not a bad idea to run a sanitizing function on the input data!
    True... true... I hate it when I'm customizing a system and I find inline var use like that.... I'll usually pull it out and attempt to run it through filters first too....

    -tg
    * I don't respond to private (PM) requests for help. It's not conducive to the general learning of others.*
    * I also don't respond to friend requests. Save a few bits and don't bother. I'll just end up rejecting anyways.*
    * How to get EFFECTIVE help: The Hitchhiker's Guide to Getting Help at VBF - Removing eels from your hovercraft *
    * How to Use Parameters * Create Disconnected ADO Recordset Clones * Set your VB6 ActiveX Compatibility * Get rid of those pesky VB Line Numbers * I swear I saved my data, where'd it run off to??? *

  8. #8

    Thread Starter
    Frenzied Member
    Join Date
    Jan 2008
    Posts
    1,754

    Re: MySQL + PHP error.

    I changed Class to Room in all my code including the actual database.

    Now i am getting the original error:
    Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Condition, Price, Country, Province, City, School, Campus, Grade, Room) VALUES ' at line 1

  9. #9
    PowerPoster
    Join Date
    Sep 2003
    Location
    Edmonton, AB, Canada
    Posts
    2,629

    Re: MySQL + PHP error.

    you can try putting quotes around the word 'condition.' it might be reserved, too!

    PHP Code:
    $sql="INSERT INTO products (Title, Description, Seller, Picture, `Condition`, Price, Country, Province, City, School, Campus, Grade, Class) 
    VALUES ('
    $title','description','$seller','$picture','$condition','$price','$country','$province','$city','$school','$campus','$grade','$class')";
    if (!
    mysql_query($sql,$con)) 

  10. #10

    Thread Starter
    Frenzied Member
    Join Date
    Jan 2008
    Posts
    1,754

    Re: MySQL + PHP error.

    If a word is reserved i can just put qoutes around it?

  11. #11

    Thread Starter
    Frenzied Member
    Join Date
    Jan 2008
    Posts
    1,754

    Re: MySQL + PHP error.

    I changed Condition to Qaulity in the mySQL database. Ends up Condition is a reserved keyword. I tested my form again it works perfectly. Before i just never thought about the keywords since when i program vb.net the keywords turn blue while with my php i write it in notepad.

    Anyway this thread was usefull, through this thread i improved my code by adding the escape_real etc...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width