Jump to content

php help getting error


Liquid

Recommended Posts

<?php  if ( ! empty( $_POST )) {    $con = mysql_connect("localhost","root","*********");    if (!$con)      die('Could not connect:' . mysql_error());    mysql_select_db("DSA", $con);    mysql_query("INSERT INTO users (username, password) VALUES ('$_POST[username]','$_POST[password]'") or die(mysql_error());    mysql_close($con);		// Retrieve all the data from the "example" table	$result = mysql_query("SELECT * FROM DSA")	or die(mysql_error());  	// store the record of the "example" table into $row	$row = mysql_fetch_array( $result );	// Print out the contents of the entry 	echo "Name: ".$row['name'];	echo " Age: ".$row['age'];  }?><html><body><form action="dbtest.php" method="post">username: <input type="text" name="username" />password: <input type="password" name="password" /><input type="submit" /></form></body></html>

this is my code, it should take whatever i enter in the username and password fields should be entered as data in my databasei get this errorYou have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

Link to comment
Share on other sites

this error means you have some problems with mysql syntax.

$result = mysql_query("SELECT * FROM DSA")

i think DSA is your databse name. but you have to put table name in SELECT query.if you want catch the data from users table it should be

SELECT * FROM user

mysql_close($con);// Retrieve all the data from the "example" table$result = mysql_query("SELECT * FROM DSA")

you closed your connection before sending mysql_query. so you dont have any active connection. you can ommit mysql_close(). it clopse the connection at the end of the script automaticaly.

Link to comment
Share on other sites

<?php  if ( ! empty( $_POST )) {	$con = mysql_connect("localhost","root","NIF123not");	if (!$con)	  die('Could not connect:' . mysql_error());	mysql_select_db("DSA", $con);	mysql_query("INSERT INTO users (username, password) VALUES ('$_POST[username]','$_POST[password]'") or die(mysql_error());		// Retrieve all the data from the "example" table	$result = mysql_query("SELECT * FROM users")	or die(mysql_error());  	// store the record of the "example" table into $row	while ($row = mysql_fetch_array( $result )){	// Print out the contents of the entry 	echo "Username: ".$row['username'];	echo " Password: ".$row['password'];}	mysql_close($con);  }?><html><body><form action="dbtest.php" method="post">username: <input type="text" name="username" />password: <input type="password" name="password" /><input type="submit" /></form></body></html>

same issue still doesnt work

Link to comment
Share on other sites

This might be part of the problem:mysql_query("INSERT INTO users (username, password) VALUES ('$_POST[username]','$_POST[password]'") or die(mysql_error());You need to use brackets '{}' to interpolate array variables:mysql_query("INSERT INTO users (username, password) VALUES ('{$_POST[username]}','{$_POST[password]}'") or die(mysql_error());

Link to comment
Share on other sites

This might be part of the problem:mysql_query("INSERT INTO users (username, password) VALUES ('$_POST[username]','$_POST[password]'") or die(mysql_error());You need to use brackets '{}' to interpolate array variables:mysql_query("INSERT INTO users (username, password) VALUES ('{$_POST[username]}','{$_POST[password]}'") or die(mysql_error());
I'm fairly certain php will interpolate array variables without curly braces. When the arrays become more nested, then I think curly braces are required.I guess it doesn't matter because these values should probably be escaped anyway.edit: Liquid, the reason it's not working is because you're missing a parenthesis at the end of the mysql_query call:
mysql_query("INSERT INTO users (username, password) VALUES('".mysql_real_escape_string($_POST['username'])."', '".mysql_real_escape_string($_POST['password'])."')") or die(mysql_error());

BTW, if you have PDO available, I highly recommend it over using the basic mysql functions. It's a lot cleaner and will escape and quote every value for you. Also, if you ever decide to switch to a different kind of DB, it's an easy transition. http://us.php.net/manual/en/book.pdo.phpHere's an example of what it might look like:

$options = array(PDO::ATTR_AUTOCOMMIT => true, PDO::ATTR_ERRMODE => PDO::ERRMODE_WARNING); //this will enable auto commit and make errors visible$db = new PDO('mysql:dbname=DSA;host=localhost', 'username', 'pass', $options);$db->prepare('INSERT INTO users (username, password) VALUES(?, ?)')->execute(array($_POST['username'], $_POST['password']));

Link to comment
Share on other sites

PHP will interpolate array element values without the braces when the associative index is not quoted, which is the case in Post #4. But that is old school, and no longer (I believe) best practice.I'm not at all certain what, if anything, happens when the index is not quoted, but the array element IS wrapped in braces.

Link to comment
Share on other sites

Liquid, the reason it's not working is because you're missing a parenthesis at the end of the mysql_query call
Quite so. Unless that's a typo, this script should not have executed at all. And if it didn't execute, it did not report a mysql error. So when liquid writes "same issue," it is not the same issue at all.If that is the case, liquid should have explained more clearly. (Apologies if that is not the case.)
Link to comment
Share on other sites

If you write a constant name, like thus: $_POST[username], then the interpreter will look for a constant of that name, and if it can't find one will treat it as a string. So without using braces and quoting the key, it will still "work" - but it's not the right way.

Link to comment
Share on other sites

If you write a constant name, like thus: $_POST[username], then the interpreter will look for a constant of that name, and if it can't find one will treat it as a string. So without using braces and quoting the key, it will still "work" - but it's not the right way.
But you'll also get a Notice if you do that right?"Undefined constant: username; Assuming 'username'"Something like that?
Link to comment
Share on other sites

The issue is taken up more clearly here: http://us2.php.net/manual/en/language.type....string.parsingThe following constructs are not parsed in the same way, despite the similarity:"$_POST[username]""{$_POST[username]}"Only in the second version does PHP try to treat username as a constant. The first is a syntax candy/language construct kind of thing that allows array elements to be accessed in a fashion that looks familiar. That is to say, referencing the array element inside double quotes will cause an unquoted associative index to be read as a string literal, not as a presumed constant.For that reason, these two constructs do seem to be parsed in the same way:"$_POST[username]""{$_POST['username']}"But I think only the second is considered best practice. That is, I'm pretty sure I read it in something authoritative, though I don't remember where or when. Lerdorf's book, maybe.

Link to comment
Share on other sites

"{$_POST['username']}"But I think only the second is considered best practice. That is, I'm pretty sure I read it in something authoritative, though I don't remember where or when. Lerdorf's book, maybe.
what's the advantage of the double quotes, the curly braces, and the single quotes?
Link to comment
Share on other sites

The double quotes have no advantage. I'm only showing them because the question was about the way array elements are interpolated when they are wrapped in double quotes, as they might be, for example, in a mysql query.The advantage of using single quotes to delimit the array element is consistency in all contexts. I mean a human reading the code will always know whether the element is being referenced by a string literal or a constant.But the rules make that consistency come at a price, which is the curly braces. I don't understand the need for them at all, since their general purpose is to delimit identifiers that would otherwise be ambiguous to a computer. It's hard to imagine a situation where $arr['index'] could be interpolated in more than one way; and even such a context exists, the rule could be the same: use the curly braces only if they are needed. Hard to believe the interpreter can't do that.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...