toney Posted March 6, 2012 Share Posted March 6, 2012 i am trying to insert data into a database with the following code <?php $first_name=$_POST['first_name']; $middle_name=$_POST['middle_name']; $last_name=$_POST['last_name']; $gender=$_POST['gender']; $file_number=$_POST['file_number']; $character=$_POST['character']; $diagnosis=$_POST['diagnosis']; $description=$_POST['description']; $day = $_POST['day']; $month = $_POST['month']; $year = $_POST['year']; $date = date("Y-m-d", mktime(0,0,0,$month, $day, $year)); $con = mysql_connect("localhost","fathersh_search","f33321rh"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("fathersh_childsearch", $con); $sql="INSERT INTO child_info (first_name,middle_name,last_name,gender,birthdate,character,diagnosis,description,file_number) VALUES ('$_POST[first_name]','$_POST[middle_name]','$_POST[last_name]','$_POST[file_number]','$_POST[gender]','$date','$_POST[character]','$_POST[diagnosis]','$_POST[description]')"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "1 record added"; mysql_close($con) ?> the error i get is Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'character,diagnosis,description,file_number) VALUES ('James','Anthony','Peters',' at line 1 Quote Link to comment Share on other sites More sharing options...
batwimp Posted March 6, 2012 Share Posted March 6, 2012 What do you get when you echo out your $sql variable? Also, why are you assigning your $_POST variables to other variables, but not using the new assignments in your INSERT? Also, why are you not sanitizing your input? Quote Link to comment Share on other sites More sharing options...
joel24 Posted March 6, 2012 Share Posted March 6, 2012 character is a mysql variable, you need to surround that fieldname with backquotes; `character` $sql="INSERT INTO child_info (first_name,middle_name,last_name,gender,birthdate,`character`,diagnosis,description,file_number) VALUES ('$_POST[first_name]','$_POST[middle_name]','$_POST[last_name]','$_POST[file_number]','$_POST[gender]','$date','$_POST[character]','$_POST[diagnosis]','$_POST[description]')"; Quote Link to comment Share on other sites More sharing options...
toney Posted March 6, 2012 Author Share Posted March 6, 2012 Php is not my strong point if you could be more enlightning I would appreciate it Quote Link to comment Share on other sites More sharing options...
yoursurrogategod Posted March 6, 2012 Share Posted March 6, 2012 i am trying to insert data into a database with the following code <?php $first_name=$_POST['first_name']; $middle_name=$_POST['middle_name']; $last_name=$_POST['last_name']; $gender=$_POST['gender']; $file_number=$_POST['file_number']; $character=$_POST['character']; $diagnosis=$_POST['diagnosis']; $description=$_POST['description']; $day = $_POST['day']; $month = $_POST['month']; $year = $_POST['year']; $date = date("Y-m-d", mktime(0,0,0,$month, $day, $year)); $con = mysql_connect("localhost","fathersh_search","f33321rh"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("fathersh_childsearch", $con); $sql="INSERT INTO child_info (first_name,middle_name,last_name,gender,birthdate,character,diagnosis,description,file_number) VALUES ('$_POST[first_name]','$_POST[middle_name]','$_POST[last_name]','$_POST[file_number]','$_POST[gender]','$date','$_POST[character]','$_POST[diagnosis]','$_POST[description]')"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "1 record added"; mysql_close($con) ?> the error i get is Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'character,diagnosis,description,file_number) VALUES ('James','Anthony','Peters',' at line 1 I noticed one thing, "character" is a reserved keyword. I wouldn't use it if I were you. Pick some other word or add to it: character_id http://dev.mysql.com/doc/refman/5.5/en/reserved-words.html Quote Link to comment Share on other sites More sharing options...
yoursurrogategod Posted March 6, 2012 Share Posted March 6, 2012 Php is not my strong point if you could be more enlightning I would appreciate it Your PHP is fine, your SQL is busted. The error refers specifically to the SQL error. Don't use "character" , change that. Quote Link to comment Share on other sites More sharing options...
yoursurrogategod Posted March 6, 2012 Share Posted March 6, 2012 Also, why are you assigning your $_POST variables to other variables, but not using the new assignments in your INSERT? Also, why are you not sanitizing your input? Those two points are quite important. toney, if you don't plan on using the variables, just get rid of them entirely. Furthermore, google some info on sanitizing PHP inputs into a DB. Quote Link to comment Share on other sites More sharing options...
toney Posted March 6, 2012 Author Share Posted March 6, 2012 Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/fathersh/public_html/admin/insert.php on line 25 i fixed the character problem but now getting this error Quote Link to comment Share on other sites More sharing options...
yoursurrogategod Posted March 6, 2012 Share Posted March 6, 2012 Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/fathersh/public_html/admin/insert.php on line 25 i fixed the character problem but now getting this error Well, post your code along with the error . Quote Link to comment Share on other sites More sharing options...
toney Posted March 6, 2012 Author Share Posted March 6, 2012 <?php $first_name=$_POST['first_name']; $middle_name=$_POST['middle_name']; $last_name=$_POST['last_name']; $gender=$_POST['gender']; $file_number=$_POST['file_number']; $features=$_POST['features']; $diagnosis=$_POST['diagnosis']; $description=$_POST['description']; $day = $_POST['day']; $month = $_POST['month']; $year = $_POST['year']; $date = date("Y-m-d", mktime(0,0,0,$month, $day, $year)); $con = mysql_connect("localhost","fathersh_search","f33321rh"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("fathersh_childsearch", $con); $sql="INSERT INTO child_info (first_name,middle_name,last_name,gender,birthdate,character,diagnosis,description,file_number) VALUES ('$_POST[first_name]','$_POST[middle_name]','$_POST[last_name]','$_POST[file_number]','$_POST[gender]','$date','$_POST['features']','$_POST[diagnosis]','$_POST[description]')"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "1 record added"; mysql_close($con) ?> Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/fathersh/public_html/admin/insert.php on line 25 Quote Link to comment Share on other sites More sharing options...
yoursurrogategod Posted March 6, 2012 Share Posted March 6, 2012 toney, please use the code tags, it makes it much easier to view and understand your code other than just dumping it. As for your code, look at the part where you have a $_POST that all by itself on a new line. You forgot to escape your ' tags with \'. Try that and tell me what you get. Lastly, you still have your "character" name, at least in this snippet. You still need to fix that. <?php $first_name=$_POST['first_name']; $middle_name=$_POST['middle_name']; $last_name=$_POST['last_name']; $gender=$_POST['gender']; $file_number=$_POST['file_number']; $features=$_POST['features']; $diagnosis=$_POST['diagnosis']; $description=$_POST['description']; $day = $_POST['day']; $month = $_POST['month']; $year = $_POST['year']; $date = date("Y-m-d", mktime(0,0,0,$month, $day, $year)); $con = mysql_connect("localhost","fathersh_search","f33321rh"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("fathersh_childsearch", $con); $sql="INSERT INTO child_info (first_name,middle_name,last_name,gender,birthdate,character,diagnosis,description,file_number) VALUES ('$_POST[first_name]','$_POST[middle_name]','$_POST[last_name]','$_POST[file_number]','$_POST[gender]','$date', '$_POST[\'features\']', '$_POST[diagnosis]','$_POST[description]')"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "1 record added"; mysql_close($con) ?> Quote Link to comment Share on other sites More sharing options...
toney Posted March 6, 2012 Author Share Posted March 6, 2012 ok I got it to add a record to the database but it does not put it in the right section Quote Link to comment Share on other sites More sharing options...
yoursurrogategod Posted March 6, 2012 Share Posted March 6, 2012 ok I got it to add a record to the database but it does not put it in the right section What do you mean by 'section'? Quote Link to comment Share on other sites More sharing options...
toney Posted March 6, 2012 Author Share Posted March 6, 2012 for each entry it puts it in the wrong one such as birthdate its puts it in the features Quote Link to comment Share on other sites More sharing options...
yoursurrogategod Posted March 6, 2012 Share Posted March 6, 2012 toney, your SQL code is messed up. Look at just the SQL, ignore the PHP. You're mismatching the column names with the inputs. file_number is all the way at the end in terms of the column names, but in the middle when it's an input. This is why your data is messed up. Formatting the code a little helps as well to make it more readable . <?php $sql=" INSERT INTO child_info (first_name, middle_name, last_name, gender, birthdate, character, diagnosis, description, file_number) VALUES ('$_POST[first_name]', '$_POST[middle_name]', '$_POST[last_name]', '$_POST[gender]', '$date', '$_POST[diagnosis]', '$_POST[description]', '$_POST[file_number]') "; ?> I don't know why you need this: '$_POST[\'features\']' According to your insert statement, you're not inserting it into the database. Quote Link to comment Share on other sites More sharing options...
toney Posted March 6, 2012 Author Share Posted March 6, 2012 every thing else is working except the features in bold is not inserting in the database <?php $file_number=$_POST['file_number']; $first_name=$_POST['first_name']; $middle_name=$_POST['middle_name']; $last_name=$_POST['last_name']; $gender=$_POST['gender']; $features=$_POST['features']; $diagnosis=$_POST['diagnosis']; $description=$_POST['description']; $day = $_POST['day']; $month = $_POST['month']; $year = $_POST['year']; $date = date("Y-m-d", mktime(0,0,0,$month, $day, $year)); $con = mysql_connect("localhost","fathersh_search","f33321rh"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("fathersh_childsearch", $con); $sql="INSERT INTO child_info (first_name, middle_name, last_name, gender, birthdate, features, diagnosis, description, file_number) VALUES ('$_POST[first_name]', '$_POST[middle_name]', '$_POST[last_name]', '$_POST[gender]', '$date', '$_POST[features]', '$_POST[diagnosis]', '$_POST[description]', '$_POST[file_number]') "; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "1 record added"; mysql_close($con) ?> Quote Link to comment Share on other sites More sharing options...
yoursurrogategod Posted March 6, 2012 Share Posted March 6, 2012 What's happening? An error? Quote Link to comment Share on other sites More sharing options...
toney Posted March 6, 2012 Author Share Posted March 6, 2012 no error just not writing in the database Quote Link to comment Share on other sites More sharing options...
yoursurrogategod Posted March 6, 2012 Share Posted March 6, 2012 Looking at it as is, it should work. Try replacing the post with $features variable and see what that gives you. Quote Link to comment Share on other sites More sharing options...
batwimp Posted March 6, 2012 Share Posted March 6, 2012 Or maybe $_POST['features'] is empty? Try echoing it out and see if there's something there. Quote Link to comment Share on other sites More sharing options...
toney Posted March 6, 2012 Author Share Posted March 6, 2012 <tr> <td> <div align="left">Character</div></td> <td> <div align="left"> <input type="text" class="form-textbox " id="features" name="features" size="100" /> </div></td> </tr> thats the html I am using with features Quote Link to comment Share on other sites More sharing options...
toney Posted March 6, 2012 Author Share Posted March 6, 2012 for some reason it started working now some mentioned sanitizing the info going into the database how do I do that Quote Link to comment Share on other sites More sharing options...
yoursurrogategod Posted March 6, 2012 Share Posted March 6, 2012 <tr> <td> <div align="left">Character</div></td> <td> <div align="left"> <input type="text" class="form-textbox " id="features" name="features" size="100" /> </div></td> </tr> thats the html I am using with features No, he means before running any of the My-SQL insertion code, do this: echo $_POST['features']; Quote Link to comment Share on other sites More sharing options...
yoursurrogategod Posted March 6, 2012 Share Posted March 6, 2012 for some reason it started working now some mentioned sanitizing the info going into the database how do I do that Off to the wonderful world of Google you go . Poke around there, include the word 'tutorial' in your search and it will get you started. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.