[SOLVED] the answer is simple but i can not seem to find it and its driving me crazy!

[midgley]

im trying to get html form data into mysql. i am new to php so wanted to write something that i understand, so i have not copied anything but have now become stuck. see below:

 

$name=mysql_real_escape_string($_POST['name']); 

$from=mysql_real_escape_string($_POST['from']);

$comment=mysql_real_escape_string($_POST['comment']);

$date = date (Y.M.D);

echo $name . $from . $comment . $date; //working so far

 

 

mysql_connect("localhost","root","") or die(mysql_error());

mysql_select_db("blog") or die(mysql_error());

mysql_query("INSERT INTO bloggers(name,from) VALUES('$name','$from')") or die(mysql_error()); //no errors but nothing in database

 

think the problem might be with mysql_query("   

 

please help

[PFMaBiSmAd]

Add the following two lines of code immediately after your first opening <?php tag -

 

ini_set ("display_errors", "1");
error_reporting(E_ALL);

 

Among other possibilities, mysql_real_escape_string() can only be used after you have a connection to the mysql server.

[midgley]

cheers for the error reporting code, will come in handy

ini_set ("display_errors", "1");

error_reporting(E_ALL);

 

now connected to the database before using the escape_string.

 

the error message is now

"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'from) VALUES('james','leeds')' at line 1"

[midgley]

now works

 

$sql=("INSERT INTO bloggers VALUES('$name','$from','$comment','$date')") or die(mysql_error());

 

mysql($sql);

[fenway]

now works

 

$sql=("INSERT INTO bloggers VALUES('$name','$from','$comment','$date')") or die(mysql_error());

 

mysql($sql);

NO!

 

It might work, but you've dropped the column list... BAD IDEA.

 

The reason you had the problem was that "from" is a reserved keyword, so you needed to enclose it in backticks (`from`).  However, I'd recommend changing the name of the column instead.

 

And I hope you're still escaping those data!!!!