NewbieBryan Posted July 9, 2009 Share Posted July 9, 2009 I have created a simple form to "learn" as I progress with Php. So far I have been able to insert data (text and numbers) from a form to the db but last night for the first time I tried entering dates. ??? My input form code is this: <html> <body> <form action="dbinsert.php" method="post"> Event :<input type="text" name="Event" /> <P> Description :<input type="text" name="Description" /> <P> Priority :<input type="text" name="Priority" /> <P> DateAdded :<input type="text" name="DateAdded" /> <P> DateDue :<input type="text" name="DateDue" /> <P> Spare <input type="text" name="Spare" /> <P> <input type="submit" /> </form> <P><P> <a href="http://www.mysite/dbview.php">View Database</a> <P> </body> </html> Now all the text value transmit ok but when I add dates in the relevant fields I get the following error Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''20090709','','')))' at line 3 The (typed) syntax I have tried when entering my dates is 20090709 and 2009-007-09 and 2009/07/09 with no luck. The insertpage is this <?php $con = mysql_connect("server","uname","pass"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("playdb", $con); $sql="INSERT INTO todo (Event, Description, Priority, DateAdded, DateDue,Spare) VALUES ('$_POST[Event]','$_POST[Description]','$_POST[Priority]'),'$_POST[DateAdded]','$_POST[DateDue]','$_POST[spare]')))"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "1 record added"; echo "</b>"; mysql_close($con) ?> Please could you let me know where I am going wrong. Tx Quote Link to comment Share on other sites More sharing options...
Q Posted July 9, 2009 Share Posted July 9, 2009 Hi Dates are always a sucker to work with. I find it best do be working with unix timestamps. What I would do is to convert the user entered date to timestamp with the function mktime(); There's more about that function over at php.net/mktime Quote Link to comment Share on other sites More sharing options...
NewbieBryan Posted July 9, 2009 Author Share Posted July 9, 2009 Ok, Let me reply to my own post: Reason was user stupidity..... I was just revieving my code and saw that good old copy and paste had caught me out. ('$_POST[Event]','$_POST[Description]','$_POST[Priority]'),'$_POST[DateAdded]','$_POST[DateDue]','$_POST[spare]')))"; Way to many brackets in there )))))) But, still, in the interests of "good coding" Is the syntax in the code above [adding records to a Database] the most efficient way one would do this? Also, to prevent Code injections how would I apply the mysql_real_escape_string($abc) most effectivly? w Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.