jjacquay712 Posted June 6, 2008 Share Posted June 6, 2008 I am having trouble getting a user entered variable into a query. here is my code: mysql_query("CREATE TABLE " . $_POST['name'] . " (" . $_POST['email'] . " varchar)") or die("Could not Create Table"); it always prints the error message "Could not Create Table" any suggestions in the syntax for entering user variables? Thanks for the help, John Link to comment https://forums.phpfreaks.com/topic/109048-solved-using-_post-variable-in-a-sql-query/ Share on other sites More sharing options...
DarkWater Posted June 6, 2008 Share Posted June 6, 2008 Change the die clause to: die(mysql_error()) so you can see what's going on. Link to comment https://forums.phpfreaks.com/topic/109048-solved-using-_post-variable-in-a-sql-query/#findComment-559434 Share on other sites More sharing options...
jjacquay712 Posted June 6, 2008 Author Share Posted June 6, 2008 it gives me this error message You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 1 Link to comment https://forums.phpfreaks.com/topic/109048-solved-using-_post-variable-in-a-sql-query/#findComment-559436 Share on other sites More sharing options...
discomatt Posted June 6, 2008 Share Posted June 6, 2008 Well, you want to match a very strict set of values... soo using a regex like if ( preg_match( '/[^\w-]/', $_POST['name'] ) || preg_match( '/[^\[email protected]]/', $_POST['email'] ) ) # Found something that wasnt a letter, number, underscore or dash! ( @ and . allowed in email ) exit( 'Invalid characters used' ); Second, varchar must have a length, i believe # Assuming it passes the regex above $q = <<<QDOC CREATE TABLE `{$_POST['name']}` ( `{$_POST['email']}` VARCHAR( 255 ) ) QDOC; mysql_query($q); Link to comment https://forums.phpfreaks.com/topic/109048-solved-using-_post-variable-in-a-sql-query/#findComment-559438 Share on other sites More sharing options...
jjacquay712 Posted June 6, 2008 Author Share Posted June 6, 2008 im not worryed about someone hacking it, i just need to figure out how to get that variable in to the query. ill try using a value for varchar Link to comment https://forums.phpfreaks.com/topic/109048-solved-using-_post-variable-in-a-sql-query/#findComment-559439 Share on other sites More sharing options...
Psycho Posted June 6, 2008 Share Posted June 6, 2008 Change the die clause to: die(mysql_error()) so you can see what's going on. Better yet, create your query as a string so you can echo it to the page when there is an error: <?php $query = "CREATE TABLE " . $_POST['name'] . " (" . $_POST['email'] . " varchar)"; mysql_query($query) or die("Could not Create Table<br>Query: $query<br>Error: ".mysql_error()); ?> Link to comment https://forums.phpfreaks.com/topic/109048-solved-using-_post-variable-in-a-sql-query/#findComment-559442 Share on other sites More sharing options...
jjacquay712 Posted June 6, 2008 Author Share Posted June 6, 2008 good thinking, ill try that Link to comment https://forums.phpfreaks.com/topic/109048-solved-using-_post-variable-in-a-sql-query/#findComment-559445 Share on other sites More sharing options...
discomatt Posted June 6, 2008 Share Posted June 6, 2008 Read my second example. The answer is there. Link to comment https://forums.phpfreaks.com/topic/109048-solved-using-_post-variable-in-a-sql-query/#findComment-559448 Share on other sites More sharing options...
jjacquay712 Posted June 6, 2008 Author Share Posted June 6, 2008 Read my second example. The answer is there. ok thanks, ill check it out Link to comment https://forums.phpfreaks.com/topic/109048-solved-using-_post-variable-in-a-sql-query/#findComment-559451 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.