Cetanu Posted September 2, 2009 Share Posted September 2, 2009 For some reason, it's telling me that this is wrong: <?php if($_SESSION['username']=="Admin" || $_SESSION['user_id']=="Chris P" || $_SESSION['user_id']=="Cetanu"){ echo "<br/><br/><form action='shop.php' method='post'> <strong>Adding an Item</strong><br/><br/> Name: <input type='text' maxlength='30' name='name'/><br/> Description:<br/> <textarea rows='5' cols='50' name='description'>Be sure to remember the +attack, -attack, etc.</textarea><br/> Quantity: <input type='text' name='quant'/><br/> Price: <input type='text' name='price'/> <br/> <select name='species'> <option value='Predator'>Predator</option> <option value='Alien'>Alien</option> <option value='Marine'>Marine</option> </select><br/> <input type='submit' name='add' value='Confirm Add'/> | <input type='reset' value='Reset'/> </form> "; if(isset($_POST['add'])){ if(!$_POST['name'] || !$_POST['description'] || !$_POST['price'] || !$_POST['quant'] || !$_POST['species']){ echo "<script>alert('Try Again, and fill in all fields.'); location='shop.php';</script>"; } include "db.php"; mysql_query("INSERT INTO shop (item_name, item_description, price, quantity, species) VALUES(`'{$_POST['name']}'` , `'{$_POST['description']}'` , `'{$_POST['price']}'` , `'{$_POST['quant']}'` , `'{$_POST['species']}'`") or die(mysql_error()); echo "<script>alert('Item Added');</script>"; } } else{ echo ""; } ?> When I enter my information it tells me there is an error in my syntax, but I've done this before and it usually works fine. Quote Link to comment https://forums.phpfreaks.com/topic/172841-solved-mysql_query-error/ Share on other sites More sharing options...
trq Posted September 2, 2009 Share Posted September 2, 2009 You have both ` and ' around your values. Remove the `backticks`. and ps: You should seriously take a look at mysql_real_escape_string, your database is begging to be broken into. Quote Link to comment https://forums.phpfreaks.com/topic/172841-solved-mysql_query-error/#findComment-910940 Share on other sites More sharing options...
Cetanu Posted September 2, 2009 Author Share Posted September 2, 2009 It tells me there's an error anyway after I take out the ````` I dunno how to USE mysql_real_escape_string() what goes in the () part? Quote Link to comment https://forums.phpfreaks.com/topic/172841-solved-mysql_query-error/#findComment-910954 Share on other sites More sharing options...
trq Posted September 2, 2009 Share Posted September 2, 2009 Post your actual error. I dunno how to USE mysql_real_escape_string() what goes in the () part? All user inputted data needs to be sanitized (and should also be validated) before going into a query. $price = mysql_real_escape_string($_POST['price']); // now use $price in your query. Quote Link to comment https://forums.phpfreaks.com/topic/172841-solved-mysql_query-error/#findComment-910956 Share on other sites More sharing options...
Cetanu Posted September 2, 2009 Author Share Posted September 2, 2009 Oh, simple enough, then. I'll do that. You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 2 Quote Link to comment https://forums.phpfreaks.com/topic/172841-solved-mysql_query-error/#findComment-910958 Share on other sites More sharing options...
trq Posted September 2, 2009 Share Posted September 2, 2009 Put your query into a variable end echo it so we can see the results. Quote Link to comment https://forums.phpfreaks.com/topic/172841-solved-mysql_query-error/#findComment-910960 Share on other sites More sharing options...
Cetanu Posted September 2, 2009 Author Share Posted September 2, 2009 Okay. By the way, new error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'A ranged weapon that ensnares and kills enemies in a metal net. Attack +5 Honor ' at line 2 >_> I'll go echo it into a variable. UPDATE: $query = mysql_query("INSERT INTO shop (item_name, item_description, price, quantity, species) VALUES('{$name}' , '{$description}' , '{$price}' , '{$quant}' , '{$species}'") or die(mysql_error()); echo $query; Yields nothing, just the error, which has changed back to the first one. Quote Link to comment https://forums.phpfreaks.com/topic/172841-solved-mysql_query-error/#findComment-910964 Share on other sites More sharing options...
mikesta707 Posted September 2, 2009 Share Posted September 2, 2009 Put the query string in a variable, not the query action itself. all that will do is either return a mysql resource, or return false. $query = "INSERT INTO shop (item_name, item_description, price, quantity, species) VALUES('{$name}' , '{$description}' , '{$price}' , '{$quant}' , '{$species}'"; echo $query; But I don't think you need to wrap your variables with curly brackets ("{}") unless they are arrays. try getting rid of those curly brackets Quote Link to comment https://forums.phpfreaks.com/topic/172841-solved-mysql_query-error/#findComment-910980 Share on other sites More sharing options...
Cetanu Posted September 2, 2009 Author Share Posted September 2, 2009 After removing the {} it echoed my query back to me (because I removed mysql_query() ) But then, when I put the mysql_query back on, it gives me an error again. This is the query when it's echoed INSERT INTO shop (item_name, item_description, price, quantity, species) VALUES('Netgun' , 'A ranged weapon that ensnares and kills enemies in its metal net. Attack +5 Honor -10 ' , '1800' , '1 ' , 'Predator' Quote Link to comment https://forums.phpfreaks.com/topic/172841-solved-mysql_query-error/#findComment-910989 Share on other sites More sharing options...
mikesta707 Posted September 2, 2009 Share Posted September 2, 2009 are you price and quantity columns integers? if so remove the quotes surrounding $price and $quant variables. Also, you may want to do a trim on your $quant variable because there is whitespace after it, and I'm not sure if you want that (although that may be due to incorrect placement of your single quotes Quote Link to comment https://forums.phpfreaks.com/topic/172841-solved-mysql_query-error/#findComment-910991 Share on other sites More sharing options...
Cetanu Posted September 2, 2009 Author Share Posted September 2, 2009 Oooooh yeah, I'm such an idiot! I forgot all about the integers not needing '. I've removed them, but still get an error message. Quote Link to comment https://forums.phpfreaks.com/topic/172841-solved-mysql_query-error/#findComment-911002 Share on other sites More sharing options...
mikesta707 Posted September 2, 2009 Share Posted September 2, 2009 echo the query again. what does it look like Quote Link to comment https://forums.phpfreaks.com/topic/172841-solved-mysql_query-error/#findComment-911053 Share on other sites More sharing options...
Cetanu Posted September 2, 2009 Author Share Posted September 2, 2009 INSERT INTO shop (item_name, item_description, price, quantity, species) VALUES('Netgun' , 'A ranged weapon that ensnares and kills enemies in its metal net. Attack +5 Honor -10 ' , 1800 , 1 , 'Predator' Quote Link to comment https://forums.phpfreaks.com/topic/172841-solved-mysql_query-error/#findComment-911055 Share on other sites More sharing options...
mikesta707 Posted September 2, 2009 Share Posted September 2, 2009 perhaps delete the space between the numbers and the commas, IE it should look like , 1800, 1, Quote Link to comment https://forums.phpfreaks.com/topic/172841-solved-mysql_query-error/#findComment-911062 Share on other sites More sharing options...
Cetanu Posted September 2, 2009 Author Share Posted September 2, 2009 Same error. :'( I FEEL LIKE A RETARD. mysql_query("INSERT INTO shop (item_name, item_description, price, quantity, species) VALUES('$name', '$description', $price, $quant, '$species'") or die(mysql_error()); That was was what threw the error. I dunno HOW we didn't notice that there wasn't the required first ) to end the VALUES part. The correct syntax is: mysql_query("INSERT INTO shop (item_name, item_description, price, quantity, species) VALUES('$name', '$description', $price, $quant, '$species')") or die(mysql_error()); Thanks for your help. Quote Link to comment https://forums.phpfreaks.com/topic/172841-solved-mysql_query-error/#findComment-911071 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.