|
-
May 15th, 2009, 10:37 PM
#1
Thread Starter
Frenzied Member
[RESOLVED] MySQL + PHP error.
Here is my code:
Code:
<?php
session_start();
include ("Includes/database_info.php");
mysql_select_db("a1401476_records", $con);
$sql="INSERT INTO products (Title, Description, Seller, Picture, Condition, Price, Country, Province, City, School, Campus, Grade, Class)
VALUES ('$_POST[title]','$_POST[description]','$_SESSION[username]','$_POST[image]','$_POST[condition]','$_POST[price]','$_POST[country]','$_POST[province]','$_POST[city]','$_POST[school]','$_POST[campus]','$_POST[grade]','$_POST[class]')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
mysql_close($con);
?>
The include file contains the database info.
Here is my html form.
Code:
<div>
<form action="sell.php" method="post">
<b>Seller's Username</b>: <?php echo $_SESSION['username']; ?> <br /><a href="logout.php">If you are not <?php echo $_SESSION['username']; ?> then click here to logout.</a><br /><br />
<b>Title</b>: <input name="title" type="text"></input>
<br />
<b>Short Description</b>:<br /> <textarea name="description" rows="5" cols="25"></textarea>
<br /><br />
<b>School</b>: <input name="school" type="text"></input><br />
<b>Campus</b>: <input name="campus" type="text"></input><br />
<b>Grade</b>: <input name="grade" type="text"></input><br />
<b>Class</b>: <input name="class" type="text"></input><br />
<br />
<b>Condition</b>:
<select name="condition">
<option value="excelent">Excelent</option>
<option value="good">Good</option>
<option value="poor">Poor</option>
</select>
<br /><br />
<b>Price</b>: <b>$</b><input name="price" type="text"></input><br /><br /><br />
<p>If you choose to include an image then upload the image to a file sharing site such as <a href="http://www.photobucket.com">Photobucket</a>, then supply the direct link below.</p>
<b>Image of Textbook</b>: <input name="image" type="text"></input>
<br /><br />
<input type="submit" value="Sell your Textbook"></input>
</form>
</div>
I am getting an error when i submit the form and no it shouldn't be related to the length of the input...
Error:
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Condition, Price, Country, Province, City, School, Campus, Grade, Class) VALUES' at line 1
I used this exact code with a few modifications for my register/login page and it worked perfectly. What is wrong? It works fine if you just enter regular strings but i need to be able to use $_POST.
-
May 16th, 2009, 04:46 AM
#2
-
May 18th, 2009, 10:26 AM
#3
Thread Starter
Frenzied Member
Re: MySQL + PHP error.
I added in the mysql_real_escape_string:
Code:
<?php
session_start();
include ("Includes/database_info.php");
mysql_select_db("a1401476_records", $con);
$title = mysql_real_escape_string($_POST[title]);
$description = mysql_real_escape_string($_POST[description]);
$seller = mysql_real_escape_string($_SESSION[username]);
$picture = mysql_real_escape_string($_POST[image]);
$condition = mysql_real_escape_string($_POST[condition]);
$price = mysql_real_escape_string($_POST[price]);
$country = mysql_real_escape_string($_POST[country]);
$province = mysql_real_escape_string($_POST[province]);
$city = mysql_real_escape_string($_POST[city]);
$school = mysql_real_escape_string($_POST[school]);
$campus = mysql_real_escape_string($_POST[campus]);
$grade = mysql_real_escape_string($_POST[grade]);
$class = mysql_real_escape_string($_POST[class]);
$sql="INSERT INTO products (Title, Description, Seller, Picture, Condition, Price, Country, Province, City, School, Campus, Grade, Class)
VALUES ('$title','description','$seller','$picture','$condition','$price','$country','$province','$city','$school','$campus','$grade','$class')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
mysql_close($con);
?>
Now i get this error:
Parse error: syntax error, unexpected T_CLASS, expecting ']' in /home/a1401476/public_html/sell.php on line 17
-
May 18th, 2009, 10:40 AM
#4
-
May 18th, 2009, 11:01 AM
#5
Re: MySQL + PHP error.
come to think of it... I think that's what was wrong with the original query in the first place....
-tg
-
May 18th, 2009, 11:45 AM
#6
-
May 18th, 2009, 11:57 AM
#7
Re: MySQL + PHP error.
 Originally Posted by manavo11
Possibly, but it's still not a bad idea to run a sanitizing function on the input data! 
True... true... I hate it when I'm customizing a system and I find inline var use like that.... I'll usually pull it out and attempt to run it through filters first too....
-tg
-
May 18th, 2009, 07:19 PM
#8
Thread Starter
Frenzied Member
Re: MySQL + PHP error.
I changed Class to Room in all my code including the actual database.
Now i am getting the original error:
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Condition, Price, Country, Province, City, School, Campus, Grade, Room) VALUES ' at line 1
-
May 18th, 2009, 11:39 PM
#9
Re: MySQL + PHP error.
you can try putting quotes around the word 'condition.' it might be reserved, too!
PHP Code:
$sql="INSERT INTO products (Title, Description, Seller, Picture, `Condition`, Price, Country, Province, City, School, Campus, Grade, Class) VALUES ('$title','description','$seller','$picture','$condition','$price','$country','$province','$city','$school','$campus','$grade','$class')"; if (!mysql_query($sql,$con))
-
May 19th, 2009, 06:18 PM
#10
Thread Starter
Frenzied Member
Re: MySQL + PHP error.
If a word is reserved i can just put qoutes around it?
-
May 19th, 2009, 06:28 PM
#11
Thread Starter
Frenzied Member
Re: MySQL + PHP error.
I changed Condition to Qaulity in the mySQL database. Ends up Condition is a reserved keyword. I tested my form again it works perfectly. Before i just never thought about the keywords since when i program vb.net the keywords turn blue while with my php i write it in notepad.
Anyway this thread was usefull, through this thread i improved my code by adding the escape_real etc...
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|