unplugged_web Posted October 11, 2012 Share Posted October 11, 2012 Please help me, I've no idea what's going wrong here. I'm trying to add to a database. This works: mysql_query("INSERT INTO `images` (`id`, `class`, `foreign_id`, `title`, `filename`, `created`, `modified`, `order`, `category`) VALUES (NULL,'Bio','99','test','image.jpg',CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,'0','0')"); But this doesn't: mysql_query("INSERT INTO `images` (`id`, `class`, `foreign_id`, `title`, `filename`, `created`, `modified`, `order`, `category`) VALUES (NULL, '$_POST[class]'', '$_POST[foreign_id]', '$_POST[name]', '$_POST[pic]', CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, '$_POST[order]', '$_POST[category]')"); All of the fields have the correct values, but for some reason it just won't let me do it. I've sent three days trying to get it sorted, but I think I'm just going round in circles now. Link to comment Share on other sites More sharing options...
justsomeguy Posted October 11, 2012 Share Posted October 11, 2012 Did you add code to check for errors from MySQL over those three days? I see one syntax error, but there might also be unescaped quotes in the data. Use mysql_error to check for errors, and print out the query to verify what it says. There's no reason to spend 3 days debugging a syntax error when you can have MySQL tell you exactly what the problem is. Link to comment Share on other sites More sharing options...
oldscholar Posted October 11, 2012 Share Posted October 11, 2012 I think the error was in the'$_POST[class]'' should be '$_POST[class]'Maybe you unintentionally doubled the single quote. Link to comment Share on other sites More sharing options...
unplugged_web Posted October 12, 2012 Author Share Posted October 12, 2012 That's I didn't notice that - I guess I was looking in the wrong place. In phpmyadmin it said that there was an error, but in a php checker it said there wasn't any errors at all so I got quite confused. Thanks Link to comment Share on other sites More sharing options...
birbal Posted October 12, 2012 Share Posted October 12, 2012 it will not report errors in mysql implictly unless you tell it to do so. what php myadmin do is display errors when there is error in mysql. mysql_error() is the function which tells about the errors. Link to comment Share on other sites More sharing options...
justsomeguy Posted October 12, 2012 Share Posted October 12, 2012 It's not a PHP error because the error is inside the SQL string that you're sending to MySQL. It's a SQL error, not a PHP error, so a PHP error checking wouldn't find anything wrong. Link to comment Share on other sites More sharing options...
ShadowMage Posted October 12, 2012 Share Posted October 12, 2012 I can't believe nobody's mentioned escaping data. You are using the POST variables directly in the query, which is a very bad idea. Google "SQL injection" if you want to see why it's a bad idea. You should be using mysql_real_escape_string to escape those values before using them in your query. Link to comment Share on other sites More sharing options...
JohnTipperton Posted October 18, 2012 Share Posted October 18, 2012 yes you should use mysql_real_escape_string to avoid sql injection. try to declare your variables first like. $user=$_POST['username']; so it will be easier for you. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now