eddy556 Posted February 22, 2009 Share Posted February 22, 2009 I have the following line: mysql_query("INSERT INTO results (user, movie, input, prediction, error) VALUES('" . $_POST['email'] '" , "' . $Movies[$m]['title'] . '","' . $Movies[$m]["rating"] . '","' . $result . '","' . $err . "' ) ") or die(mysql_error()); However I'm getting mixed up with the opening and closing of "'", can you please have a look? Quote Link to comment Share on other sites More sharing options...
redarrow Posted February 22, 2009 Share Posted February 22, 2009 You missed a dot that all mate. . $_POST['email'] // . << was missing ok '" <?php mysql_query("INSERT INTO results(user, movie, input, prediction, error) VALUES('" . $_POST['email'] .'" , "' . $Movies[$m]['title'] . '","' . $Movies[$m]["rating"] . '","' . $result . '","' . $err . "' ) ") or die(mysql_error()); ?> Quote Link to comment Share on other sites More sharing options...
only one Posted February 22, 2009 Share Posted February 22, 2009 mysql_query("INSERT INTO `results` (`user`, `movie`, `input`, `prediction`, `error`) VALUES('" . $_POST['email'] ."' , '" . $Movies[$m]['title'] . "','" . $Movies[$m]["rating"] . "','" . $result . "','" . $err . "' )") or die(mysql_error()); Quote Link to comment Share on other sites More sharing options...
redarrow Posted February 22, 2009 Share Posted February 22, 2009 Here a safer code for you, with database protection in place. <?php mysql_query("INSERT INTO results(user, movie, input, prediction, error) VALUES('" . mysql_real_escape_string($_POST['email']) .'" , "' .mysql_real_escape_string($Movies[$m]['title']) . '","' . mysql_real_escape_string($Movies[$m]["rating"]) . '","' . mysql_real_escape_string($result) . '","' . mysql_real_escape_string($err) . "' ) ") or die("Database insert error\n".mysql_error()); ?> Quote Link to comment Share on other sites More sharing options...
Cal Posted February 22, 2009 Share Posted February 22, 2009 Redarrow, yours still have a little mistake (the single quote is in a wrong place): Fixed here: <?php mysql_query("INSERT INTO results(user, movie, input, prediction, error) VALUES('" . mysql_real_escape_string($_POST['email']) ."' , '" .mysql_real_esape_string($Movies[$m]['title']) . "','" . mysql_real_esape_string($Movies[$m]["rating"]) . "','" . mysql_real_escape_string($result) . "','" . mysql_real_esape_string($err) . "' ) ") or die(mysql_error()); ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.