Jump to content

Recommended Posts

 

I have a drop down menu shown below

 

dropdown.png

 

as you can see it has multiple fields which i want to add to the same entry into my database (as one complete date)

this was my attempt

 

$date = $_POST['Year'] . '-' . $_POST['Month'] . '-' . $_POST['Day'];

$sql="INSERT INTO Events (Event, Genre, Date, Price, Venue, Tickets)
VALUES
('$_POST['Event']','$_POST['Genre']','$date','$_POST['Price']','$_POST['Venue']','$_POST['Tickets']')";

 

Unfortunatly this doesnt work and gives me this error ;

Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/teamrend/public_html/insert.php on line 23

 

The Full code is posted below thanks in advance for any help!im really struggling to find a way past this

 

here is my html form

 <form name="form2" method="post" action="insert.php">
      <td><table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#DBDBDB">
        <tr>
          <td colspan="3"><p align="center"><strong>Add Event </strong></p>
            <p> </p></td>
        </tr>
        <tr>
          <td width="59">Event</td>
          <td width="4">:</td>
          <td width="239"><input type="text" name="Event" /></td>
        </tr>
        <tr>
          <td>Genre</td>
          <td>:</td>
          <td><select name="genre" id="genre">
          <option selected="selected" value="none">Genre</option>
          <option value="Rock">Rock</option>
          <option value="Pop">Pop</option>
          <option value="Indie">Indie</option>
          <option value="Electro">Electro</option>
          </select>
          </td>
        </tr>
        <tr>
          <td>Date</td>
          <td>:</td>
          <td>
          <select name="Year">
              <option selected="selected">Year</option>
              <option value="2010">2010</option>
              <option value="2011">2011</option>
              <option value="2012">2012</option>
              <option value="2013">2013</option>
              <option value="2014">2014</option>
              <option value="2015">2015</option>
              <option value="2016">2016</option>
              <option value="2017">2017</option>
              <option value="2018">2018</option>
              <option value="2019">2019</option>
              <option value="2020">2020</option>
              <option value="2021">2021</option>
              <option value="2022">2022</option>
              <option value="2023">2023</option>
              <option value="2024">2024</option>
              <option value="2025">2025</option>
              <option value="2026">2026</option>
              <option value="2027">2027</option>
              <option value="2028">2028</option>
              <option value="2029">2029</option>
              <option value="2030">2030</option>
            </select>
             <select name="Month">
              <option selected="selected">Month</option>
              <option value="01">01</option>
              <option value="02">02</option>
              <option value="03">03</option>
              <option value="04">04</option>
              <option value="05">05</option>
              <option value="06">06</option>
              <option value="07">07</option>
              <option value="08">08</option>
              <option value="09">09</option>
              <option value="10">10</option>
              <option value="11">11</option>
              <option value="12">12</option>
            </select>
            <select name="Day">
            <option selected="selected">Day</option>
            <option value="01">01</option>
            <option value="02">02</option>
            <option value="03">03</option>
            <option value="04">04</option>
            <option value="05">05</option>
            <option value="06">06</option>
            <option value="07">07</option>
            <option value="08">08</option>
            <option value="09">09</option>
            <option value="10">10</option>
            <option value="11">11</option>
            <option value="12">12</option>
            <option value="13">13</option>
            <option value="14">14</option>
            <option value="15">15</option>
            <option value="16">16</option>
            <option value="17">17</option>
            <option value="18">18</option>
            <option value="19">19</option>
            <option value="20">20</option>
            <option value="21">21</option>
            <option value="22">22</option>
            <option value="23">23</option>
            <option value="24">24</option>
            <option value="25">25</option>
            <option value="26">26</option>
            <option value="27">27</option>
            <option value="28">28</option>
            <option value="29">29</option>
            <option value="30">30</option>
            <option value="31">31</option>
          </select>
                      
            </td>
        </tr>
        <tr>
          <td>Price</td>
          <td>:</td>
          <td><input type="text" name="Price" /></td>
        </tr>
        <tr>
          <td>Tickets</td>
          <td>:</td>
          <td><input type="text" name="Tickets" /></td>
        </tr>
        <tr>
          <td> </td>
          <td> </td>
          <td><input type="submit" name="Submit" value="Submit" /></td>
        </tr>
      </table></td>
    </form>

 

and this is insert.php

<?php

$date = $_POST['Year'] . '-' . $_POST['Month'] . '-' . $_POST['Day'];

$con = mysql_connect("localhost","teamrend_rwowen","291Aug89");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("teamrend_rwowen", $con);

$date = $_POST['Year'] . '-' . $_POST['Month'] . '-' . $_POST['Day'];

$sql="INSERT INTO Events (Event, Genre, Date, Price, Venue, Tickets)
VALUES
('$_POST['Event']','$_POST['Genre']','$date','$_POST['Price']','$_POST['Venue']','$_POST['Tickets']')";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
echo "Thank You, Your Event has now been added to our Records";

mysql_close($con)
?> 

You are really asking for someone to corrupt your database. You must always validate/cleanse data from the user before using it in a query. Your error is a PHP error and has nothing to do with the query. However, what is interesting is that the error message states the problem is on line 23 and there are not 23 lines in the code you posted for the page. But, I assume the problem is you don't have a semi-colon at the end of the last line.

 

Try this, which is more secure:

 

<?php

$date = (int) $_POST['Year'] . '-' . (int) $_POST['Month'] . '-' . (int) $_POST['Day'];
$event   = mysql_real_escape_string($_POST['Event']);
$genre   = mysql_real_escape_string($_POST['Genre']);
$price   = mysql_real_escape_string($_POST['Price']);
$venue   = mysql_real_escape_string($_POST['Venue']);
$tickets = mysql_real_escape_string($_POST['Tickets']);

$con = mysql_connect("localhost","teamrend_rwowen","291Aug89");
if (!$con)
{
  die('Could not connect: ' . mysql_error());
}
mysql_select_db("teamrend_rwowen", $con);

$sql="INSERT INTO Events (Event, Genre, Date, Price, Venue, Tickets)
      VALUES ('$event','$genre','$date','$price','$venue','$tickets')";
$result = mysql_query($sql, $con);

if ($result)
{
    echo "Error :" . mysql_error();
}
else
{
    echo "Thank You, Your Event has now been added to our Records";
}

mysql_close($con);
?>

You are really asking for someone to corrupt your database. You must always validate/cleanse data from the user before using it in a query. Your error is a PHP error and has nothing to do with the query. However, what is interesting is that the error message states the problem is on line 23 and there are not 23 lines in the code you posted for the page. But, I assume the problem is you don't have a semi-colon at the end of the last line.

 

Try this, which is more secure:

 

<?php

$date = (int) $_POST['Year'] . '-' . (int) $_POST['Month'] . '-' . (int) $_POST['Day'];
$event   = mysql_real_escape_string($_POST['Event']);
$genre   = mysql_real_escape_string($_POST['Genre']);
$price   = mysql_real_escape_string($_POST['Price']);
$venue   = mysql_real_escape_string($_POST['Venue']);
$tickets = mysql_real_escape_string($_POST['Tickets']);

$con = mysql_connect("localhost","teamrend_rwowen","291Aug89");
if (!$con)
{
  die('Could not connect: ' . mysql_error());
}
mysql_select_db("teamrend_rwowen", $con);

$sql="INSERT INTO Events (Event, Genre, Date, Price, Venue, Tickets)
      VALUES ('$event','$genre','$date','$price','$venue','$tickets')";
$result = mysql_query($sql, $con);

if ($result)
{
    echo "Error :" . mysql_error();
}
else
{
    echo "Thank You, Your Event has now been added to our Records";
}

mysql_close($con);
?>

 

Fantastic, ive been wondering how to use the real_escape_string properly for ages

 

unfortunatly tho when i fill out the form and hit submit i get this error

 

 

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'teamrend'@'localhost' (using password: NO) in /home/teamrend/public_html/insert.php on line 4

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/teamrend/public_html/insert.php on line 4

 

i get both of these errors for lines 4-8 which are where $event-$genre are defined

 

 

Sorry, put the db connection info before you use that.

 

<?php
$con = mysql_connect("localhost","teamrend_rwowen","291Aug89");
if (!$con)
{
  die('Could not connect: ' . mysql_error());
}
mysql_select_db("teamrend_rwowen", $con);

$date = (int) $_POST['Year'] . '-' . (int) $_POST['Month'] . '-' . (int) $_POST['Day'];
$event   = mysql_real_escape_string($_POST['Event']);
$genre   = mysql_real_escape_string($_POST['Genre']);
$price   = mysql_real_escape_string($_POST['Price']);
$venue   = mysql_real_escape_string($_POST['Venue']);
$tickets = mysql_real_escape_string($_POST['Tickets']);

$sql="INSERT INTO Events (Event, Genre, Date, Price, Venue, Tickets)
      VALUES ('$event','$genre','$date','$price','$venue','$tickets')";
$result = mysql_query($sql, $con);

if ($result)
{
    echo "Error :" . mysql_error();
}
else
{
    echo "Thank You, Your Event has now been added to our Records";
}

mysql_close($con);
?>

Sorry, put the db connection info before you use that.

 

<?php
$con = mysql_connect("localhost","teamrend_rwowen","291Aug89");
if (!$con)
{
  die('Could not connect: ' . mysql_error());
}
mysql_select_db("teamrend_rwowen", $con);

$date = (int) $_POST['Year'] . '-' . (int) $_POST['Month'] . '-' . (int) $_POST['Day'];
$event   = mysql_real_escape_string($_POST['Event']);
$genre   = mysql_real_escape_string($_POST['Genre']);
$price   = mysql_real_escape_string($_POST['Price']);
$venue   = mysql_real_escape_string($_POST['Venue']);
$tickets = mysql_real_escape_string($_POST['Tickets']);

$sql="INSERT INTO Events (Event, Genre, Date, Price, Venue, Tickets)
      VALUES ('$event','$genre','$date','$price','$venue','$tickets')";
$result = mysql_query($sql, $con);

if ($result)
{
    echo "Error :" . mysql_error();
}
else
{
    echo "Thank You, Your Event has now been added to our Records";
}

mysql_close($con);
?>

 

 

 

I honestly could kiss you, the genre still doesnt insert but the date works fine (i think theres a problem in my form which is why genre isnt inserting will take a look now, thank you thank you thank you thank you

 

 

you sir

 

are

 

a

 

legend

 

@@@@@@@@@@@@@@@@@

I honestly could kiss you,

Unless you are a girl, no thanks. A "thank you" will suffice.

 

sometimes when i click submit it comes up error: then i hit back and hit submit again and it works? why the loss in data anyone know?

 

What is the error?

I honestly could kiss you,

Unless you are a girl, no thanks. A "thank you" will suffice.

 

sometimes when i click submit it comes up error: then i hit back and hit submit again and it works? why the loss in data anyone know?

 

What is the error?

 

if ($result)

{

    echo "Error :" . mysql_error();

 

 

it echo's "Error :" so i presume its mysql_error but i dont know much about that

You need

 

if(!$error)

 

Good catch, but not quite. The query results are being assigned to $result, not $error. So it should be

if(!$result)

 

And is 18+ we would want to keep this legal here :)

 

As far as I know there's no law against kissing minors.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.