Quick Diagnosis

[aznjay]

$msg = $_POST['message'];
$date = $_POST['date'];
$time = $_POST['time'];
$head = $_POST['title'];
$descri = $_POST['desp'];
$whbase = $_POST['base'];

$query = "INSERT INTO '$whbase' (title, time, date, desp, article) VALUES ('$head', '$time', '$date', '$descri', '$msg')";
mysql_query($query) or die('Error, insert query failed');

 

Is there something wrong with this?

[genericnumber1]

change 'Error, insert query failed' to mysql_error()

 

I spot your error! do you?

 

edit: I'll play nice, try removing the quotes around the table name.

Also, your script is vulnerable to sql injection

[Garethp]

Looks alright, is it giving you any trouble?

[aznjay]

This is what i got 'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' (title, time, date, desp, article) VALUES ('', '', '', '', '')' at line 1'

 

I don't know how to fix it

[genericnumber1]

but backticks around your field names, because ones like date and time are mysql functions.

 

INSERT INTO $whbase (`title`, `time`, `date`, `desp`, `article`) VALUES ('$head', '$time', '$date', '$descri', '$msg')

[aznjay]

<?
include 'database.php';
$msg = $_POST['message'];
$date = $_POST['date'];
$time = $_POST['time'];
$head = $_POST['title'];
$descri = $_POST['desp'];
$whbase = $_POST['base'];

$query = "INSERT INTO "'$whbase'" (title, time, date, desp, article) VALUES ('$head', '$time', '$date', '$descri', '$msg')";
mysql_query($query) or die(mysql_error());

?>



Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING in /home/jayjay/public_html/phpentrytut.php on line 10

 

 

That is what i got...can somebody fix this please..i'm a noob..

[Garethp]

I dunno if this will help, but use this instead

 

mysql_query("INSERT INTO $whbase (title, time, date, desp, article)

VALUES ('$head', '$time', '$date', '$descri', '$msg')") or die('Error, insert query failed');

[aznjay]

but backticks around your field names, because ones like date and time are mysql functions.

 

INSERT INTO $whbase (`title`, `time`, `date`, `desp`, `article`) VALUES ('$head', '$time', '$date', '$descri', '$msg')

 

 

THERE is no problem with that I can gaurantee you that..the one i'm having problem to is the $whbase

[genericnumber1]

but backticks around your field names, because ones like date and time are mysql functions.

 

INSERT INTO $whbase (`title`, `time`, `date`, `desp`, `article`) VALUES ('$head', '$time', '$date', '$descri', '$msg')

 

 

THERE is no problem with that I can gaurantee you that..the one i'm having problem to is the $whbase

 

I guarantee you.

do

$query = "INSERT INTO $whbase (`title`, `time`, `date`, `desp`, `article`) VALUES ('$head', '$time', '$date', '$descri', '$msg')";

[aznjay]

I dunno if this will help, but use this instead

 

mysql_query("INSERT INTO $whbase (title, time, date, desp, article)

VALUES ('$head', '$time', '$date', '$descri', '$msg')") or die('Error, insert query failed');

 

I did do that

[aznjay]

I still get that You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '(title, time, date, desp, article) VALUES ('', '', '', '', '')' at line 1

[genericnumber1]

From that error, I can see that you did not do

 

$query = "INSERT INTO $whbase (`title`, `time`, `date`, `desp`, `article`) VALUES ('$head', '$time', '$date', '$descri', '$msg')";

 

 

let me explain, you must remove the quotes from the database because that's not good syntax. You must put backticks around the time and date fields because they are mysql functions (DATE() AND TIME()) and they confuse the parser. The other backticks are for consistency.

[aznjay]

nvm figured it out...i jst seperated it into two pages thnx