NewbieBryan Posted July 9, 2009 Share Posted July 9, 2009 I have created a simple form to "learn" as I progress with Php. So far I have been able to insert data (text and numbers) from a form to the db but last night for the first time I tried entering dates. ??? My input form code is this: <html> <body> <form action="dbinsert.php" method="post"> Event :<input type="text" name="Event" /> <P> Description :<input type="text" name="Description" /> <P> Priority :<input type="text" name="Priority" /> <P> DateAdded :<input type="text" name="DateAdded" /> <P> DateDue :<input type="text" name="DateDue" /> <P> Spare <input type="text" name="Spare" /> <P> <input type="submit" /> </form> <P><P> <a href="http://www.mysite/dbview.php">View Database</a> <P> </body> </html> Now all the text value transmit ok but when I add dates in the relevant fields I get the following error Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''20090709','','')))' at line 3 The (typed) syntax I have tried when entering my dates is 20090709 and 2009-007-09 and 2009/07/09 with no luck. The insertpage is this <?php $con = mysql_connect("server","uname","pass"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("playdb", $con); $sql="INSERT INTO todo (Event, Description, Priority, DateAdded, DateDue,Spare) VALUES ('$_POST[Event]','$_POST[Description]','$_POST[Priority]'),'$_POST[DateAdded]','$_POST[DateDue]','$_POST[spare]')))"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "1 record added"; echo "</b>"; mysql_close($con) ?> Please could you let me know where I am going wrong. Tx Link to comment https://forums.phpfreaks.com/topic/165309-error-when-passing-a-date-field-from-a-form/ Share on other sites More sharing options...
Q Posted July 9, 2009 Share Posted July 9, 2009 Hi Dates are always a sucker to work with. I find it best do be working with unix timestamps. What I would do is to convert the user entered date to timestamp with the function mktime(); There's more about that function over at php.net/mktime Link to comment https://forums.phpfreaks.com/topic/165309-error-when-passing-a-date-field-from-a-form/#findComment-871770 Share on other sites More sharing options...
NewbieBryan Posted July 9, 2009 Author Share Posted July 9, 2009 Ok, Let me reply to my own post: Reason was user stupidity..... I was just revieving my code and saw that good old copy and paste had caught me out. ('$_POST[Event]','$_POST[Description]','$_POST[Priority]'),'$_POST[DateAdded]','$_POST[DateDue]','$_POST[spare]')))"; Way to many brackets in there )))))) But, still, in the interests of "good coding" Is the syntax in the code above [adding records to a Database] the most efficient way one would do this? Also, to prevent Code injections how would I apply the mysql_real_escape_string($abc) most effectivly? w Link to comment https://forums.phpfreaks.com/topic/165309-error-when-passing-a-date-field-from-a-form/#findComment-871782 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.