Jump to content

[SOLVED] mysql_query Error

Cetanu

By Cetanu
in PHP Coding Help

 Share

Recommended Posts

Cetanu Regular Member

Cetanu

Posted
Posted

For some reason, it's telling me that this is wrong:

 

<?php

if($_SESSION['username']=="Admin" || $_SESSION['user_id']=="Chris P" || $_SESSION['user_id']=="Cetanu"){ 
echo "<br/><br/><form action='shop.php' method='post'> 
<strong>Adding an Item</strong><br/><br/> 
Name: <input type='text' maxlength='30' name='name'/><br/> 
Description:<br/> <textarea rows='5' cols='50' name='description'>Be sure to remember the +attack, -attack, etc.</textarea><br/>
Quantity: <input type='text' name='quant'/><br/>
Price: <input type='text' name='price'/> <br/>
<select name='species'> 
<option value='Predator'>Predator</option>
<option value='Alien'>Alien</option> 
<option value='Marine'>Marine</option> 
</select><br/> 
<input type='submit' name='add' value='Confirm Add'/> | <input type='reset' value='Reset'/>
</form> ";
  

if(isset($_POST['add'])){ 
if(!$_POST['name'] || !$_POST['description'] || !$_POST['price'] || !$_POST['quant'] || !$_POST['species']){
   echo "<script>alert('Try Again, and fill in all fields.'); location='shop.php';</script>"; 
} 
   include "db.php"; 
   mysql_query("INSERT INTO shop (item_name, item_description, price, quantity, species) 
   VALUES(`'{$_POST['name']}'` , `'{$_POST['description']}'` , `'{$_POST['price']}'` , `'{$_POST['quant']}'` , `'{$_POST['species']}'`") or die(mysql_error()); 
  echo "<script>alert('Item Added');</script>"; 
  } 
} 
else{ 
echo ""; 
} 
?>

 

When I enter my information it tells me there is an error in my syntax, but I've done this before and it usually works fine.

Link to comment
Share on other sites
trq Prolific Member

trq

Posted
Posted

Post your actual error.

 

I dunno how to USE mysql_real_escape_string() what goes in the () part?

 

All user inputted data needs to be sanitized (and should also be validated) before going into a query.

 

$price = mysql_real_escape_string($_POST['price']); // now use $price in your query.

Link to comment
Share on other sites
Cetanu Regular Member

Cetanu

Posted
  • Author
Posted

Okay.

 

 

By the way, new error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'A ranged weapon that ensnares and kills enemies in a metal net. Attack +5 Honor ' at line 2

 

>_> I'll go echo it into a variable.

 

UPDATE:

 

$query = mysql_query("INSERT INTO shop (item_name, item_description, price, quantity, species) 
   VALUES('{$name}' , '{$description}' , '{$price}' , '{$quant}' , '{$species}'") or die(mysql_error()); 
echo $query;

 

 

Yields nothing, just the error, which has changed back to the first one.

Link to comment
Share on other sites
mikesta707 Member

mikesta707

Posted
Posted

Put the query string in a variable, not the query action itself. all that will do is either return a mysql resource, or return false.

 

$query = "INSERT INTO shop (item_name, item_description, price, quantity, species)
   VALUES('{$name}' , '{$description}' , '{$price}' , '{$quant}' , '{$species}'";

echo $query;

 

But I don't think you need to wrap your variables with curly brackets ("{}") unless they are arrays. try getting rid of those curly brackets

Link to comment
Share on other sites
Cetanu Regular Member

Cetanu

Posted
  • Author
Posted

After removing the {} it echoed my query back to me (because I removed mysql_query() )

 

But then, when I put the mysql_query back on, it gives me an error again.

 

This is the query when it's echoed

INSERT INTO shop (item_name, item_description, price, quantity, species) VALUES('Netgun' , 'A ranged weapon that ensnares and kills enemies in its metal net. Attack +5 Honor -10 ' , '1800' , '1 ' , 'Predator'

 

Link to comment
Share on other sites
mikesta707 Member

mikesta707

Posted
Posted

are you price and quantity columns integers? if so remove the quotes surrounding $price and $quant variables.

 

Also, you may want to do a trim on your $quant variable because there is whitespace after it, and I'm not sure if you want that (although that may be due to incorrect placement of your single quotes

Link to comment
Share on other sites
Cetanu Regular Member

Cetanu

Posted
  • Author
Posted

Same error.  :'(

 

 

I FEEL LIKE A RETARD. :(

 

mysql_query("INSERT INTO shop (item_name, item_description, price, quantity, species)

  VALUES('$name', '$description', $price, $quant, '$species'") or die(mysql_error());

 

 

That was was what threw the error. I dunno HOW we didn't notice that there wasn't the required first ) to end the VALUES part. The correct syntax is:

mysql_query("INSERT INTO shop (item_name, item_description, price, quantity, species)

  VALUES('$name', '$description', $price, $quant, '$species')") or die(mysql_error());

 

 

 

:sweat:

Thanks for your help. :)

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.