Jump to content

Recommended Posts

For some reason, it's telling me that this is wrong:

 

<?php

if($_SESSION['username']=="Admin" || $_SESSION['user_id']=="Chris P" || $_SESSION['user_id']=="Cetanu"){ 
echo "<br/><br/><form action='shop.php' method='post'> 
<strong>Adding an Item</strong><br/><br/> 
Name: <input type='text' maxlength='30' name='name'/><br/> 
Description:<br/> <textarea rows='5' cols='50' name='description'>Be sure to remember the +attack, -attack, etc.</textarea><br/>
Quantity: <input type='text' name='quant'/><br/>
Price: <input type='text' name='price'/> <br/>
<select name='species'> 
<option value='Predator'>Predator</option>
<option value='Alien'>Alien</option> 
<option value='Marine'>Marine</option> 
</select><br/> 
<input type='submit' name='add' value='Confirm Add'/> | <input type='reset' value='Reset'/>
</form> ";
  

if(isset($_POST['add'])){ 
if(!$_POST['name'] || !$_POST['description'] || !$_POST['price'] || !$_POST['quant'] || !$_POST['species']){
   echo "<script>alert('Try Again, and fill in all fields.'); location='shop.php';</script>"; 
} 
   include "db.php"; 
   mysql_query("INSERT INTO shop (item_name, item_description, price, quantity, species) 
   VALUES(`'{$_POST['name']}'` , `'{$_POST['description']}'` , `'{$_POST['price']}'` , `'{$_POST['quant']}'` , `'{$_POST['species']}'`") or die(mysql_error()); 
  echo "<script>alert('Item Added');</script>"; 
  } 
} 
else{ 
echo ""; 
} 
?>

 

When I enter my information it tells me there is an error in my syntax, but I've done this before and it usually works fine.

Link to comment
https://forums.phpfreaks.com/topic/172841-solved-mysql_query-error/
Share on other sites

Post your actual error.

 

I dunno how to USE mysql_real_escape_string() what goes in the () part?

 

All user inputted data needs to be sanitized (and should also be validated) before going into a query.

 

$price = mysql_real_escape_string($_POST['price']); // now use $price in your query.

Okay.

 

 

By the way, new error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'A ranged weapon that ensnares and kills enemies in a metal net. Attack +5 Honor ' at line 2

 

>_> I'll go echo it into a variable.

 

UPDATE:

 

$query = mysql_query("INSERT INTO shop (item_name, item_description, price, quantity, species) 
   VALUES('{$name}' , '{$description}' , '{$price}' , '{$quant}' , '{$species}'") or die(mysql_error()); 
echo $query; 

 

 

Yields nothing, just the error, which has changed back to the first one.

Put the query string in a variable, not the query action itself. all that will do is either return a mysql resource, or return false.

 

$query = "INSERT INTO shop (item_name, item_description, price, quantity, species)
   VALUES('{$name}' , '{$description}' , '{$price}' , '{$quant}' , '{$species}'";

echo $query;

 

But I don't think you need to wrap your variables with curly brackets ("{}") unless they are arrays. try getting rid of those curly brackets

After removing the {} it echoed my query back to me (because I removed mysql_query() )

 

But then, when I put the mysql_query back on, it gives me an error again.

 

This is the query when it's echoed

INSERT INTO shop (item_name, item_description, price, quantity, species) VALUES('Netgun' , 'A ranged weapon that ensnares and kills enemies in its metal net. Attack +5 Honor -10 ' , '1800' , '1 ' , 'Predator'

 

are you price and quantity columns integers? if so remove the quotes surrounding $price and $quant variables.

 

Also, you may want to do a trim on your $quant variable because there is whitespace after it, and I'm not sure if you want that (although that may be due to incorrect placement of your single quotes

Same error.  :'(

 

 

I FEEL LIKE A RETARD. :(

 

mysql_query("INSERT INTO shop (item_name, item_description, price, quantity, species)

  VALUES('$name', '$description', $price, $quant, '$species'") or die(mysql_error());

 

 

That was was what threw the error. I dunno HOW we didn't notice that there wasn't the required first ) to end the VALUES part. The correct syntax is:

mysql_query("INSERT INTO shop (item_name, item_description, price, quantity, species)

  VALUES('$name', '$description', $price, $quant, '$species')") or die(mysql_error());

 

 

 

:sweat:

Thanks for your help. :)

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.