Send form values to db error - php

When I try to send data from an html form to a database using php, I keep getting error unexpected ; in line 6. I cant seem to find the exact cause.
This is the code of send.php:
<?php
//Connecting to sql db.
$connect = mysqli_connect("host","user","password","database");
//Sending form data to sql db.
mysqli_query($connect,"INSERT INTO sw5_green (firstname_r, lastname_r, vid, occupation, address, firstname_s, lastname_s, country, amount, currency)
VALUES ('$_POST[post_firstname_r]', '$_POST[post_lastname_r]', '$_POST[post_vid]', '$_POST[post_occupation]', '$_POST[post_address]', '$_POST[post_firstname_s]', '$_POST[post_lastname_s]', '$_POST[post_country]', '$_POST[post_amount]', '$_POST[post_currency]')";
?>


You are missing ) at the end of the statement. put ) this before last ;.
Try it,
mysqli_query($connect,"INSERT INTO sw5_green (firstname_r, lastname_r, vid, occupation, address, firstname_s, lastname_s, country, amount, currency)
VALUES ('$_POST[post_firstname_r]', '$_POST[post_lastname_r]', '$_POST[post_vid]', '$_POST[post_occupation]', '$_POST[post_address]', '$_POST[post_firstname_s]', '$_POST[post_lastname_s]', '$_POST[post_country]', '$_POST[post_amount]', '$_POST[post_currency]')");


You are missing )
Replace your code with query with this
mysqli_query($connect,"INSERT INTO sw5_green (firstname_r, lastname_r, vid, occupation, address, firstname_s, lastname_s, country, amount, currency)
VALUES ('$_POST[post_firstname_r]', '$_POST[post_lastname_r]', '$_POST[post_vid]', '$_POST[post_occupation]', '$_POST[post_address]', '$_POST[post_firstname_s]', '$_POST[post_lastname_s]', '$_POST[post_country]', '$_POST[post_amount]', '$_POST[post_currency]'))";


wrong syntax
'$_POST[post_firstname_r]' should be $_POST['post_firstname_r']
Always escape your data before saving.

Related

Error in SQL Syntax when Inserting

I have been getting intermittent errors that come across like this.
You have an error in your SQL syntax; check the manual that corresponds
to your MySQL server version for the right syntax to use near '9 Sï¾')' at line 215
I don't get this everytime. Here is the code that it says the error occurs in. I am escaping all data before storing in the session and then inserting the session into the database. Line 215 is
'{$_SESSION['other-income-amount']}',
Here is the full code.
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$sql="INSERT INTO `application` (`ID`, `DATE`, `interested`, `intereseted2`,
`final`,
`type`,
`loan-type`,
`other-loan-type`,
`monthly-payment`,
`loan-total`,
`vehicle-submit`,
`name`,
`date-of-birth-month`,
`date-of-birth-day`,
`date-of-birth-year`,
`street`,
`city`,
`state`,
`zip`,
`marital-status`,
`personal-info-submit`,
`occupation`,
`salary`,
`date-of-employment`,
`employer-phone`,
`employer-phone2`,
`employer-phone3`,
`employer-address`,
`employer-city`,
`employer-state`,
`other-income`,
`other-income-amount`,
`income-submit`,
`mortgage`,
`creditor`,
`creditor2`,
`creditor3`,
`alimony`,
`orig-amount`,
`orig-amount1`,
`orig-amount2`,
`orig-amount3`,
`orig-amount4`,
`pres-balance`,
`pres-balance1`,
`pres-balance2`,
`pres-balance3`,
`mo-amount`,
`mo-amount1`,
`mo-amount2`,
`mo-amount3`,
`debts-info-submit`,
`reference-info-submit`,
`areacode`,
`middlethree`,
`lastfour`,
`email`,
`accountnumber`,
`month-of-employment`,
`day-of-employment`,
`year-of-employment`,
`relative-name`,
`relative-street`,
`relative-city`,
`relative-state`,
`relative-zip`,
`relative-phone1`,
`relative-phone2`,
`relative3`,
`relative-email`,
`relathionship`,
`posted_data`,
`personal-reason`,
`personal-submit`,
`total-amount`,
`other-submit`,
`additional-info`,
`joint-info-submit`,
`coname`,
`codate-of-birth-month`,
`codate-of-birth-day`,
`codate-of-birth-year`,
`costreet`,
`cocity`,
`costate`,
`cozip`,
`cophone`,
`cophone2`,
`cophone3`,
`coemail`,
`comarital-status`,
`coaccount`,
`cooccupation`,
`cosalary`,
`codate-of-employment-month`,
`codate-of-employment-day`,
`codate-of-employment-year`,
`coemployer-phone`,
`coemployer-phone-2`,
`coemployer-phone-3`,
`coemployer-address`,
`coemployer-city`,
`coemployer-state`,
`coother-income`,
`coother-income-amount`,
`no-hassle-amount`,
`employer-zip`,
`file`,
`ssn`
)
VALUES ('', '$date',
'{$_SESSION['interested']}',
'{$_SESSION['interested2']}',
'{$_SESSION['final']}',
'{$_SESSION['type']}',
'{$_SESSION['loan-type']}',
'{$_SESSION['other-loan-type']}',
'{$_SESSION['monthly-payment']}',
'{$_SESSION['loan-total']}',
'{$_SESSION['vehicle-submit']}',
'{$_SESSION['name']}',
'{$_SESSION['date-of-birth-month']}',
'{$_SESSION['date-of-birth-day']}',
'{$_SESSION['date-of-birth-year']}',
'{$_SESSION['street']}',
'{$_SESSION['city']}',
'{$_SESSION['state']}',
'{$_SESSION['zip']}',
'{$_SESSION['marital-status']}',
'{$_SESSION['personal-info-submit']}',
'{$_SESSION['occupation']}',
'{$_SESSION['salary']}',
'{$_SESSION['date-of-employment']}',
'{$_SESSION['employer-phone']}',
'{$_SESSION['employer-phone-2']}',
'{$_SESSION['employer-phone-3']}',
'{$_SESSION['employer-address']}',
'{$_SESSION['employer-city']}',
'{$_SESSION['employer-state']}',
'{$_SESSION['other-income']}',
'{$_SESSION['other-income-amount']}',
'{$_SESSION['income-submit']}',
'{$_SESSION['mortgage']}',
'{$_SESSION['creditor']}',
'{$_SESSION['creditor2']}',
'{$_SESSION['creditor3']}',
'{$_SESSION['alimony']}',
'{$_SESSION['orig-amount']}',
'{$_SESSION['orig-amount1']}',
'{$_SESSION['orig-amount2']}',
'{$_SESSION['orig-amount3']}',
'{$_SESSION['orig-amount4']}',
'{$_SESSION['pres-balance']}',
'{$_SESSION['pres-balance1']}',
'{$_SESSION['pres-balance2']}',
'{$_SESSION['pres-balance3']}',
'{$_SESSION['mo-amount']}',
'{$_SESSION['mo-amount1']}',
'{$_SESSION['mo-amount2']}',
'{$_SESSION['mo-amount3']}',
'{$_SESSION['debts-info-submit']}',
'{$_SESSION['reference-info-submit']}',
'{$_SESSION['areacode']}',
'{$_SESSION['middlethree']}',
'{$_SESSION['lastfour']}',
'{$_SESSION['email']}',
'{$_SESSION['accountnumber']}',
'{$_SESSION['month-of-employment']}',
'{$_SESSION['day-of-employment']}',
'{$_SESSION['year-of-employment']}',
'{$_SESSION['relative-name']}',
'{$_SESSION['relative-street']}',
'{$_SESSION['relative-city']}',
'{$_SESSION['relative-state']}',
'{$_SESSION['relative-zip']}',
'{$_SESSION['relative-phone1']}',
'{$_SESSION['relative-phone2']}',
'{$_SESSION['relative3']}',
'{$_SESSION['relative-email']}',
'{$_SESSION['relathionship']}',
'{$_SESSION['posted_data']}',
'{$_SESSION['personal-reason']}',
'{$_SESSION['personal-submit']}',
'{$_SESSION['total-amount']}',
'{$_SESSION['other-submit']}',
'{$_SESSION['additional-info']}',
'{$_SESSION['joint-info-submit']}',
'{$_SESSION['coname']}',
'{$_SESSION['codate-of-birth-month']}',
'{$_SESSION['codate-of-birth-day']}',
'{$_SESSION['codate-of-birth-year']}',
'{$_SESSION['costreet']}',
'{$_SESSION['cocity']}',
'{$_SESSION['costate']}',
'{$_SESSION['cozip']}',
'{$_SESSION['cophone']}',
'{$_SESSION['cophone2']}',
'{$_SESSION['cophone3']}',
'{$_SESSION['coemail']}',
'{$_SESSION['comarital-status']}',
'{$_SESSION['coaccount']}',
'{$_SESSION['cooccupation']}',
'{$_SESSION['cosalary']}',
'{$_SESSION['codate-of-employment-month']}',
'{$_SESSION['codate-of-employment-day']}',
'{$_SESSION['codate-of-employment-year']}',
'{$_SESSION['coemployer-phone']}',
'{$_SESSION['coemployer-phone-2']}',
'{$_SESSION['coemployer-phone-3']}',
'{$_SESSION['coemployer-address']}',
'{$_SESSION['coemployer-city']}',
'{$_SESSION['coemployer-state']}',
'{$_SESSION['coother-income']}',
'{$_SESSION['coother-income-amount']}',
'{$_SESSION['no-hassle-amount']}',
'{$_SESSION['employer-zip']}',
'{$_FILES["file"]["name"]}',
'{$encrypted}'
)";
I escape with this then store into session.
foreach ($_POST as $key => $value) {
$_POST[$key] = mysqli_real_escape_string($con, $value);
}

Put your values without quotes.
Instead of this:
'{$_SESSION['other-income-amount']}',
Use this:
$_SESSION['interested'], $_SESSION['other-income-amount'], ...
Your code will be like this:
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$sql="INSERT INTO application (ID, DATE, interested, intereseted2,
final,
type,
loan-type,
other-loan-type,
monthly-payment,
loan-total,
vehicle-submit,
name,
date-of-birth-month,
date-of-birth-day,
date-of-birth-year,
street,
city,
state,
zip,
marital-status,
personal-info-submit,
occupation,
salary,
date-of-employment,
employer-phone,
employer-phone2,
employer-phone3,
employer-address,
employer-city,
employer-state,
other-income,
other-income-amount,
income-submit,
mortgage,
creditor,
creditor2,
creditor3,
alimony,
orig-amount,
orig-amount1,
orig-amount2,
orig-amount3,
orig-amount4,
pres-balance,
pres-balance1,
pres-balance2,
pres-balance3,
mo-amount,
mo-amount1,
mo-amount2,
mo-amount3,
debts-info-submit,
reference-info-submit,
areacode,
middlethree,
lastfour,
email,
accountnumber,
month-of-employment,
day-of-employment,
year-of-employment,
relative-name,
relative-street,
relative-city,
relative-state,
relative-zip,
relative-phone1,
relative-phone2,
relative3,
relative-email,
relathionship,
posted_data,
personal-reason,
personal-submit,
total-amount,
other-submit,
additional-info,
joint-info-submit,
coname,
codate-of-birth-month,
codate-of-birth-day,
codate-of-birth-year,
costreet,
cocity,
costate,
cozip,
cophone,
cophone2,
cophone3,
coemail,
comarital-status,
coaccount,
cooccupation,
cosalary,
codate-of-employment-month,
codate-of-employment-day,
codate-of-employment-year,
coemployer-phone,
coemployer-phone-2,
coemployer-phone-3,
coemployer-address,
coemployer-city,
coemployer-state,
coother-income,
coother-income-amount,
no-hassle-amount,
employer-zip,
file,
ssn
)
VALUES ('', $date,
$_SESSION['interested'],
$_SESSION['interested2'],
$_SESSION['final'],
$_SESSION['type'],
$_SESSION['loan-type'],
$_SESSION['other-loan-type'],
$_SESSION['monthly-payment'],
$_SESSION['loan-total'],
$_SESSION['vehicle-submit'],
$_SESSION['name'],
$_SESSION['date-of-birth-month'],
$_SESSION['date-of-birth-day'],
$_SESSION['date-of-birth-year'],
$_SESSION['street'],
$_SESSION['city'],
$_SESSION['state'],
$_SESSION['zip'],
$_SESSION['marital-status'],
$_SESSION['personal-info-submit'],
$_SESSION['occupation'],
$_SESSION['salary'],
$_SESSION['date-of-employment'],
$_SESSION['employer-phone'],
$_SESSION['employer-phone-2'],
$_SESSION['employer-phone-3'],
$_SESSION['employer-address'],
$_SESSION['employer-city'],
$_SESSION['employer-state'],
$_SESSION['other-income'],
$_SESSION['other-income-amount'],
$_SESSION['income-submit'],
$_SESSION['mortgage'],
$_SESSION['creditor'],
$_SESSION['creditor2'],
$_SESSION['creditor3'],
$_SESSION['alimony'],
$_SESSION['orig-amount'],
$_SESSION['orig-amount1'],
$_SESSION['orig-amount2'],
$_SESSION['orig-amount3'],
$_SESSION['orig-amount4'],
$_SESSION['pres-balance'],
$_SESSION['pres-balance1'],
$_SESSION['pres-balance2'],
$_SESSION['pres-balance3'],
$_SESSION['mo-amount'],
$_SESSION['mo-amount1'],
$_SESSION['mo-amount2'],
$_SESSION['mo-amount3'],
$_SESSION['debts-info-submit'],
$_SESSION['reference-info-submit'],
$_SESSION['areacode'],
$_SESSION['middlethree'],
$_SESSION['lastfour'],
$_SESSION['email'],
$_SESSION['accountnumber'],
$_SESSION['month-of-employment'],
$_SESSION['day-of-employment'],
$_SESSION['year-of-employment'],
$_SESSION['relative-name'],
$_SESSION['relative-street'],
$_SESSION['relative-city'],
$_SESSION['relative-state'],
$_SESSION['relative-zip'],
$_SESSION['relative-phone1'],
$_SESSION['relative-phone2'],
$_SESSION['relative3'],
$_SESSION['relative-email'],
$_SESSION['relathionship'],
$_SESSION['posted_data'],
$_SESSION['personal-reason'],
$_SESSION['personal-submit'],
$_SESSION['total-amount'],
$_SESSION['other-submit'],
$_SESSION['additional-info'],
$_SESSION['joint-info-submit'],
$_SESSION['coname'],
$_SESSION['codate-of-birth-month'],
$_SESSION['codate-of-birth-day'],
$_SESSION['codate-of-birth-year'],
$_SESSION['costreet'],
$_SESSION['cocity'],
$_SESSION['costate'],
$_SESSION['cozip'],
$_SESSION['cophone'],
$_SESSION['cophone2'],
$_SESSION['cophone3'],
$_SESSION['coemail'],
$_SESSION['comarital-status'],
$_SESSION['coaccount'],
$_SESSION['cooccupation'],
$_SESSION['cosalary'],
$_SESSION['codate-of-employment-month'],
$_SESSION['codate-of-employment-day'],
$_SESSION['codate-of-employment-year'],
$_SESSION['coemployer-phone'],
$_SESSION['coemployer-phone-2'],
$_SESSION['coemployer-phone-3'],
$_SESSION['coemployer-address'],
$_SESSION['coemployer-city'],
$_SESSION['coemployer-state'],
$_SESSION['coother-income'],
$_SESSION['coother-income-amount'],
$_SESSION['no-hassle-amount'],
$_SESSION['employer-zip'],
$_FILES['file']['name'],
$encrypted
)";
Also study about sprintf in php would be very useful. Google it!

All the information you need is in error you are getting: You have an error in your SQL syntax; ... for the right syntax to use near '9 Sï¾')'
What this means is $_SESSION['other-income-amount'] contains the value 9 Sï¾').
This could be a character set issue. Usually this is the case when you see weird characters you aren't expecting. For example, someone might be entering 9 € but because the character sets may be incorrect, php ends up receiving it as '9 Sï¾')
Figure out how $_SESSION['other-income-amount'] gets the wrong value in it and fix that issue.

PHP Date not inserting to mysql

Hi I don't know what's the problem. The date field is not inserting to mysql.The format should be in YYYY-MM-DD like in mysql. Maybe that's the problem? The date in the input type is mm-dd-yyyy.
Query:
if(isset($_POST['subButton']))
{
mysql_query("INSERT INTO order_queue (Date, Tracking, Name, Address,
ContactNo, dateneed, Payment, Claiming, qtyBlackWhite,
totalBlackWhite, qtyChocnut, totalChocnut, qtyHotMama, totalHotMama,
qtyMocha, totalMocha, qtyUbeKeso, totalUbeKeso, GrandTotal)
VALUES (NOW(), '".$_POST['Tracking']."', '".$_POST['Name']."',
'".$_POST['Address']."', '".$_POST['ContactNo']."',
'".$_POST['dateneed']."', '".$_POST['Payment']."',
'".$_POST['Claiming']."', '".$_POST['qtyBlackWhite']."',
'".$_POST['totalBlackWhite']."', '".$_POST['qtyChocnut']."',
'".$_POST['totalChocnut']."', '".$_POST['qtyHotMama']."',
'".$_POST['totalHotMama']."', '".$_POST['qtyMocha']."',
'".$_POST['totalMocha']."', '".$_POST['qtyUbeKeso']."',
'".$_POST['totalUbeKeso']."', '".$_POST['GrandTotal']."')");
}
html
<input type="date" name="dateneed" id="dateneed" />
The date input type is mm/dd/yyyy.
In mysql the dateneed field is in DATE datatype and NN. What's wrong? In the query the Date is the auto inserting of date when the form is submitted. The problem is the dateneed is kinda preventing the form from insert everything. T__T

There are more problems with it.
As other suggested, first of all, don't use PHP mysql extension, use mysqli or PDO.
Second, always check for EVERY user input data, and format them according to your query.
Use parameters in your SQL or escape the values you insert.
But to answer your question, use this:
$d = explode('/',$_POST['dateneed']);
$date = $d[2].'-'.$d[0].'-'.$d[1];
But you should check the date to be valid.

You Just have to pass fieldname is dateneed instead of Date
if(isset($_POST['subButton']))
{
mysql_query("INSERT INTO order_queue (dateneed, Tracking, Name, Address,
ContactNo, dateneed, Payment, Claiming, qtyBlackWhite,
totalBlackWhite, qtyChocnut, totalChocnut, qtyHotMama, totalHotMama,
qtyMocha, totalMocha, qtyUbeKeso, totalUbeKeso, GrandTotal)
VALUES (NOW(), '".$_POST['Tracking']."', '".$_POST['Name']."',
'".$_POST['Address']."', '".$_POST['ContactNo']."',
'".$_POST['dateneed']."', '".$_POST['Payment']."',
'".$_POST['Claiming']."', '".$_POST['qtyBlackWhite']."',
'".$_POST['totalBlackWhite']."', '".$_POST['qtyChocnut']."',
'".$_POST['totalChocnut']."', '".$_POST['qtyHotMama']."',
'".$_POST['totalHotMama']."', '".$_POST['qtyMocha']."',
'".$_POST['totalMocha']."', '".$_POST['qtyUbeKeso']."',
'".$_POST['totalUbeKeso']."', '".$_POST['GrandTotal']."')");
}

YOu can manipulate the dateneed value into require format then we can store it to database.
if(isset($_POST['subButton']))
{
$dateneedExplode = explode('-',$_POST['dateneed']);
$dateneedValue = $dateneedExplode[2].'-'.$dateneedExplode[0].'- '.$dateneedExplode[1];
mysql_query("INSERT INTO order_queue (Date, Tracking, Name, Address,
ContactNo, dateneed, Payment, Claiming, qtyBlackWhite,
totalBlackWhite, qtyChocnut, totalChocnut, qtyHotMama, totalHotMama,
qtyMocha, totalMocha, qtyUbeKeso, totalUbeKeso, GrandTotal)
VALUES (NOW(), '".$_POST['Tracking']."', '".$_POST['Name']."',
'".$_POST['Address']."', '".$_POST['ContactNo']."',
'".$dateneedValue."', '".$_POST['Payment']."',
'".$_POST['Claiming']."', '".$_POST['qtyBlackWhite']."',
'".$_POST['totalBlackWhite']."', '".$_POST['qtyChocnut']."',
'".$_POST['totalChocnut']."', '".$_POST['qtyHotMama']."',
'".$_POST['totalHotMama']."', '".$_POST['qtyMocha']."',
'".$_POST['totalMocha']."', '".$_POST['qtyUbeKeso']."',
'".$_POST['totalUbeKeso']."', '".$_POST['GrandTotal']."')");
}

Inserting data with PDO. I have tried so many ways and failed

I have just begun learning PDO. I have connected to my database and I have a working login happening with the mySql database. Now I am trying to get three pieces of data from a form and then insert them into the table. I have been on this for a week and every version I come up with fails. I get no error messages yet when I check the table it remains empty.
As I have other PDO action working, I'm confident that the problem is in the following piece of code. The button involved is named 'addGig'. This is the first time I have used the name of a button... I'm not confident with this.
I have just edited this post to include my revised code.
So many rookie mistakes!
$date = $_POST['date'];
$venue = $_POST['venue'];
$time = $_POST['time'];
if (!empty($date) && !empty($venue) && !empty($time)){
try{
$query = $connect->prepare("INSERT INTO gigs (date, venue, time) VALUES (:date, :venue, :time)");
$query->bindParam(':date' , $date);
$query->bindParam(':venue' , $venue);
$query->bindParam(':time' , $time);
$query->execute();
}
catch(PDOException $e)
{
handle_sql_errors($query, $e->getMessage());
}
}
}
This is my html form
<form>
<label>date</label><br><input type="text" name="date"><br>
<label>venue</label><br><input type="text" name="venue"><br>
<label>time</label><br><input type="text" name="time"><br>
<br>
<button type="submit" value="addGig" name="addGig">add gig</button>
</form>

You have ZERO error handling, and are simply assuming that your prepare could never fail. If you had error handling, you'd have been told about your syntax errors:
INSERT INTO gigs ('date', 'venue', 'time')
^----^--^-----^--^----^----
You've used the incorrect quotes. ' turns things into string literals. You cannot use string literals as identifiers in MySQL. Identifiers (table/field names) must either be bare words, or quoted with backticks. Since none of your field names are reserved words, backticks are not required. But either of the following would be acceptable
INSERT INTO gigs (`date`, `venue`, `time`)
INSERT INTO gigs (date, venue, time)

you have to edit your prepared statement into the right format:
the columns in your database shouldn't be escaped with '.
"INSERT INTO gigs (date, venue, time) ...
you can write the prepared statement like this (for better reading):
...VALUES (:date, :venue, :time)...
In your bindParam Method you can assign your variables like this:
$query->bindParam(':date' , $date);
Or you do it like in your query:
...VALUES (?, ?, ?)...
and then:
$query->bindParam(1 , $date);
try this:
$query = $connect->prepare("INSERT INTO gigs (date, venue, time) VALUES (:date, :venue, :time)");
$query->bindParam(':date' , $date);
$query->bindParam(':venue' , $venue);
$query->bindParam(':time' , $time);
$query->execute();
for more information consult the manual:
http://php.net/pdo.prepared-statements

There are a few issues here. (Now known after you posted your form code).
One of which is, that you are using <form> which defaults to GET when a method is not given. This in conjunction with your $_POST variables.
Therefore you need to give it a specific method, POST.
<form method="post">
Plus, without an action, defaults to self.
If you're using the form seperately from your SQL, you need to specify it.
I.e.:
<form method="post" action="handler.php">
Plus, you are/were using quotes for your columns. Remove them or using ticks.
Those aren't the right identifiers, as per your original question
https://stackoverflow.com/revisions/28091236/2
('date', 'venue', 'time')
http://dev.mysql.com/doc/refman/5.0/en/identifier-qualifiers.html

Creating a lookup list table from a query, and it's located on a form page, I'm requesting a $_GET variable

Here's my query:
$near = ('select id,
first,
last,
trainer_address1,
CITY,
STATE,
trainer_zip
from event.A.trainer where trainer zip ='.($_GET['zip1']));
echo lookup_gen::query_results_table($near, matry::here_to('edit'));
echo "<pre>"; print_r ($near); echo "</pre>";
When I print_r I get everything empty except the $_GET variable for zip1.
like so:
select id,
first,
last,
trainer_address1,
CITY,
STATE,
trainer_zip
from event.A.trainer where trainer zip =92054
If i drop the $_GET variable and hardcode a zip code it works fine:
$near = ("select id,
first,
last,
trainer_zip
from event.A.trainer where trainer_zip = '66415'");
echo lookup_gen::query_results_table($near, matry::here_to('edit'));
Am i using the $_GET variable wrong? Additionally, if anyone is interested in looking at lookup_gen::query_results_table i'll post the code for that function.
I hope that makes sense and i surely hope someone can help me. Thank you.
This worked for me:
$near = ("select id,
first,
last,
trainer_zip
from event.A.trainer where trainer_zip ='".($_GET['zip1']."'"));
echo lookup_gen::query_results_table($near, matry::here_to('edit'));

you need to surround the variable with single quotes so it should be
$zip = mysql_real_escape_string($_GET['zip1']);
$near = "select id, first, last, trainer_address1, CITY, STATE, trainer_zip "
"from event.ACS.trainer where trainer zip ='{$zip}'";

Issue with Inserting a record into a MySql database

I am having an issue with a simple form uploading script.
On this upload script I built to upload data to a MySql database, I can't seem to get the record to insert into the database when I include this one variable.
I figured that perhaps I am overlooking some minor coding issue, and I'm working on a deadline to get this system live...
Here is the code snippit that is giving me issues.
$title=$_REQUEST['title'];
$author=$_REQUEST['author'];
$hours=$_REQUEST['hours'];
$start_d=$_REQUEST['start_d'];
$start_m=$_REQUEST['start_m'];
$start_y=$_REQUEST['start_y'];
$end_d=$_REQUEST['end_d'];
$end_m=$_REQUEST['end_m'];
$end_y=$_REQUEST['end_y'];
$certificate=$_REQUEST['certificate'];
$required=$_REQUEST['required'];
$assessment=$_REQUEST['assessment'];
$describe=$_REQUEST['description'];
$query=mysql_query("INSERT INTO `records` (title, hours, start_date_d, start_date_m, start_date_y , end_date_d, end_date_m, end_date_y , certificate, requirement, author, approved, assessment, describe) VALUES ('$title', '$hours', '$start_d', '$start_m', '$start_y', '$end_d', '$end_m', '$end_y', '$certificate', '$required', '$author', '0', '$assessment', '$describe')");
mysql_close();
The variable that is giving me issues is the one denoted as '$describe'.
My previous testing has indicated:
The form script is collecting data correctly
The form script is passing the data to the upload script correctly via method='post'
The database connection information is correct
All of the field names in the mysql query are typed correctly
Thank you in advance for your help.
Update:
echo mysql_error(); => "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' assessment, describe) VALUES' at line 1

this awful code should be totally rewritten.
but to solve this very problem
foreach ($_REQUEST as $key => $value) $_REQUEST[$key] = mysql_real_escape_string($value);
Something like this.
Note that i've changed date fields to date format.
$_POST['start_date'] = $_POST['start_y'].'-'.$_POST['start_m'].'-'.$_POST['start_d'];
$_POST['end_date'] = $_POST['end_y'].'-'.$_POST['end_m'].'-'.$_POST['end_d'];
$_POST['approved'] = 0;
$fields = explode(" ","title author hours start_date end_date certificate required assessment describe");
$query = "INSERT INTO `records` SET ".dbSet($fields);
mysql_query($query) or trigger_error(mysql_error().$query);
function dbSet($fields) {
$q='';
foreach ($fields as $v) $q.="`$v`='".mysql_real_escape_string($_POST[$v])."', ";
return trim($q,", ");
}

Try this:
$query="INSERT INTO `records` (title, hours, start_date_d, start_date_m, start_date_y , end_date_d, end_date_m, end_date_y , certificate, requirement, author, approved, assessment, describe) VALUES ('$title', '$hours', '$start_d', '$start_m', '$start_y', '$end_d', '$end_m', '$end_y', '$certificate', '$required', '$author', '0', '$assessment', '$describe')";
var_dump($query);
And post to us :)

It turns out that "Describe" is a reserved word in MySql.
I changed the field name, and now my script works...

Categories