Attila Posted August 23, 2008 Share Posted August 23, 2008 I want to insert this data from a form into my database. $sql = mysql_query('INSERT INTO `Character`) WHERE (`user` = $uname AND `password` = $Pass) VALUES (NULL, \'$uname\', \'$Pass]\', \'$_POST[realname]\', \'$_POST[maintoonsname]\', \'$_POST[location]\', \'$_POST[timezone]\', \'$_POST[playtime]\', \'$_POST[blog]') or die(mysql_error()); Quote Link to comment Share on other sites More sharing options...
wildteen88 Posted August 23, 2008 Share Posted August 23, 2008 The problem is the your query has invalid syntax and you should never place _POST data directly in a query, also variables are not passed within single quotes Quote Link to comment Share on other sites More sharing options...
ohdang888 Posted August 23, 2008 Share Posted August 23, 2008 you can't use INSERT INTO with a WHERE clause, that makes no sense, and its wrong. whenever you deal with variables in a query, you must put them in single quote... '$pass' Quote Link to comment Share on other sites More sharing options...
Attila Posted August 23, 2008 Author Share Posted August 23, 2008 OK I have done some fixing to this with the suggestions provided but still no luck: mysql_query("UPDATE Character SET maintoonsname = '$_POST[maintoonsname]' AND SET location = '$_POST[location]' AND SET timezone = '$_POST[timezone]' AND SET playtime = '$_POST[playtime]' AND SET blog = "$blogging" WHERE user = "$uname" AND password = "$Pass""); Quote Link to comment Share on other sites More sharing options...
DarkWater Posted August 23, 2008 Share Posted August 23, 2008 You don't use AND SET, you just use a comma. Quote Link to comment Share on other sites More sharing options...
Attila Posted August 23, 2008 Author Share Posted August 23, 2008 Thanks for that last piece of input but still no help so let me provide everything it might help more on the grand sceme of this. I am just creating a simple blog for a video game a group of us play. It is not going to be super safe as I will hard code the user and password into the database so I am not too concerned about security. If you could please look at this and tell me what is wrong I would realy appreciate it. You can go to this website to view it the user name is Test and the pass it Test. http://thaczero.com/memberslog.php You will notice a bunch of echo statements so I can see what data I am loosing and I might have those wrong as well. LOL Things I notice wrong it is not updating the database and I can't seem to get the echo statements to echo the correct data or any data for that matter. <? // start the session session_start(); ob_start(); header("Cache-control: private"); //IE 6 Fix ?> <title>THAC0 (To Hit Armor Class Zero)</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <link href="CSS/style.css" rel="stylesheet" type="text/css"> <body bgcolor="#000000" text="#CCCCCC"> <div> <? include ('includes/thacoheader.php'); include ('includes/allfunctions.php'); if ($count != "1") { $sql = "SELECT * FROM `Character` WHERE `user` = \"$_GET[uname]\" AND `password` = \"$_GET[Password]\""; database_connected(); $result = mysql_query($sql) or die(mysql_error()); $num_rows = mysql_num_rows($result); while($row = mysql_fetch_array($result)) { $count = 1; $uname = $_GET['Uname']; $pass = $_GET['Password']; $img = $row['picture']; $rname = $row['realname']; $toon = $row['maintoonsname']; $loc = $row['location']; $tim = $row['timezone']; $ptim = $row['playtime']; $origblog = $row['blog']; } //end to the while loop } ?> <p align="center"><img src="<? echo $img; ?>"></p> <? $top_form = "<form method=\"post\" action=\"$_SERVER[php_SELF]\"> <table align=\"center\"> <tr class=\"cindex\"> <td>Field Name</td> <td>Whats in the Database</td> <td>This is the colum you edit</td> <td>Notes</td> </tr> <tr class=\"cindex\"> <td>Real Name:</td> <td>$rname</td> <td><input name=\"textfield\" type=\"text\" name=\"realname\" size=\"30\" maxlength=\"30\" value=\"$_POST[realname]\"/></td> <td>This can only be up to 30 Characters long with no spaces just your first name.</td> </tr> <tr class=\"cindex\"> <td>Main Toons Name:</td> <td>$toon </td> <td><input name=\"textfield\" type=\"text\" name=\"maintoonsname\" size=\"30\" maxlength=\"30\" value=\"$_POST[maintoonsname]\"/></td> <td>This can only be up to 30 Characters long with no spaces just your characters first name.</td> </tr> <tr class=\"cindex\"> <td>Location:</td> <td>$loc</td> <td><input name=\"textfield\" type=\"text\" name=\"location\" size=\"30\" maxlength=\"30\" value=\"$_POST[location]\"/></td> <td>This can only be up to 30 Characters long and it is where you live.</td> </tr> <tr class=\"cindex\"> <td>Time Zone:</td> <td>$tim</td> <td><input name=\"textfield\" type=\"text\" name=\"timezone\" size=\"30\" maxlength=\"30\" value=\"$_POST[timezone]\"/></td> <td>What time zone do you live in?</td> </tr> <tr class=\"cindex\"> <td>Play time:</td> <td>$ptim</td> <td><input name=\"textfield\" type=\"text\" name=\"playtime\" size=\"30\" maxlength=\"30\" value=\"$_POST[playtime]\"/></td> <td>What time of day do you usually play?</td> </tr> <tr class=\"cindex\"> <td colspan=\"4\">Blog:</td> </tr> </tr> <tr class=\"cindex\"> <td colspan=\"4\"><p>Just add more of your blog information at the top here. If you delete any data here and submit it will be lost. This data is going to be parsed with BBC code. So some things that you can do to spruce up your coding look like this: </p> <p>This is for Bold [b][/b] <br> This is for italix [i][/i] <br> This is for underline [u][/u] <br> This is for a hyperlink [url][/url] <br> This is to align left [align=left][/align] <br> This is to align center [align=center][/align] <br> This is to align right [align=right[/align] <br> This is for an image [img][/img] </p> <br> You will need to put your text between those tags so they will work. If you accidantly screwed up on what you are adding and want to start over please go to another web address like www.thaczero.com then relog back in so you will not loose what you already have in the database. </td> </tr> <tr class=\"cindex\"> <td colspan=\"2\" valign=\"top\">$origblog <td colspan=\"2\"><div align=\"center\"><textarea name=\"blog\" cols=\"75\" rows=\"30\">$_POST[blog]</textarea></div> </tr> </tr> </tr> <tr class=\"cindex\"> <td colspan=\"4\"><div align=\"center\"> <input type=\"submit\" name=\"Submit\" value=\"Submit\" /> <input type=\"hidden\" name=\"op\" value=\"ds\"> </div></td> </tr> </table> </form>"; if ($_POST[op] != "ds") { // they need to see the form echo $top_form; } else if ($_POST[op] == "ds") { $blogging = "$origblog"."$_POST[blog]"; $query = mysql_query("UPDATE charactedatabase SET maintoonsname = '$_POST[maintoonsname]' , SET location = '$_POST[location]' , SET timezone = '$_POST[timezone]' , SET playtime = '$_POST[playtime]' , SET blog = '$blogging' WHERE user = '$uname' , password = '$Pass'"); echo $_POST['realname']."<br>"; echo $_POST['maintoonsname']."<br>"; echo $_POST['location']."<br>"; echo $_POST['timezone']."<br>"; echo $_POST['playtime']."<br>"; echo $blogging."<br>"; echo $uname."<br>"; echo $Pass."<br>"; echo "these are the variables<br>"; echo $uname; echo "<br>"; echo $pass; echo "<br>"; echo $img; echo "<br>"; echo $rname; echo "<br>"; echo $toon; echo "<br>"; echo $loc; echo "<br>"; echo $tim; echo "<br>"; echo $ptim; echo "<br>"; echo $origblog; echo "<br>"; exit; } include ('includes/thacofooter.php'); ?> Quote Link to comment Share on other sites More sharing options...
DarkWater Posted August 23, 2008 Share Posted August 23, 2008 You only use SET once and then you use commas. UPDATE some_table SET username = 'DarkWater', password = 'foobar' WHERE username = 'IWasDarkWater'; Quote Link to comment Share on other sites More sharing options...
Attila Posted August 23, 2008 Author Share Posted August 23, 2008 I have done what you said but still no update to the database. There has to be something simple I/we are missing. Thanks for all your help. Quote Link to comment Share on other sites More sharing options...
Caesar Posted August 23, 2008 Share Posted August 23, 2008 Not sure but maybe some of your column names are reserved words in MySQL. Try surrounding the table and field names in ticks.(Eg. UPDATE `charactedatabase` SET `maintoonsname` = ...) And you definitely don't want to use the post data directly like that...such a security issue that can come back and bite you in the ass later. Quote Link to comment Share on other sites More sharing options...
Attila Posted August 23, 2008 Author Share Posted August 23, 2008 I tried what you said as well but still no luck. If somoen can look at my echo statements at the bottom do I have them correcly to echo the data. I am not seing any data after I submit and they echo. So if I knew I was echoing them corectly then for some reason my variables are not getting the data. So I could look into that. Quote Link to comment Share on other sites More sharing options...
Lamez Posted August 23, 2008 Share Posted August 23, 2008 I am not too sure what the other members are saying, but in a mysql insert query it should look like this: <?php $firstname = $_POST['firstname']; $lastname = $_POST['lastname']; $query = "INSERT INTO `table` (firstname, lastname) VALUES (''$firstname', $'lastname')"; mysql_query($query); ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.