sebatm Posted May 24, 2010 Share Posted May 24, 2010 hi, i'm trying to add some data to an mysql table with multiple $_POST objects in the query. and keep getting an error: Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ',,,62)' at line 1 here is my code: function adaugare_contor(){ defined( '_JEXEC' ) or die( 'Restricted access' ); $db=& JFactory::getDBO(); $user =& JFactory::getUser(); $con=mysql_connect("localhost", "root", ""); if(!$con){ die("Could not connect: " . mysql_error()); } mysql_select_db($db->baza,$con); echo " <table width='500'> <tr><form method='post'> <td>Alegeti tipul contorului:</td> <td><select name='util'> <option name='util' value='contor_apa_calda'> Contor apa calda</option> <option name='util' value='contor_apa_rece'>Contor Apa Rece</option> <option name='util' value='contor_gaze'>Contor Gaze Naturale</option> <option name='util' value='contor_curent'>Contor Curent Electric</option> </select><br/></td></tr> <tr> <td>Introduceti indexul:</td> <td><input type='text' name='ind' width='40'></td></tr> <tr> <td>Introduceti denumirea contorului:</td> <td><input type='text' name='den_contor' width='40'></td></tr> <tr> <td>Introduceti data cand doritit sa dati citirea(aaaa-ll-zz):</td> <td><input type='text' name='data_citire' width='40'></td></tr> <tr><td> <input type='submit' value='Adauga'></td></tr> </form> </table> "; $insert= "INSERT INTO detalii_contor(tip_contor, ultima_citire, den_contor, data_citire, user_id) VALUES (" . $_POST['util'] . "," .$_POST['ind'] .",".$_POST['den_contor'].",".$_POST['data_citire']. ",".$user->id. ")"; if (!mysql_query($insert,$con)){ die('Error: ' . mysql_error()); } echo "<br>Inregistrare adaugata!"; } can someone help? i really can't figure it out Link to comment https://forums.phpfreaks.com/topic/202688-multiple-_post-problem/ Share on other sites More sharing options...
kenrbnsn Posted May 24, 2010 Share Posted May 24, 2010 If those are text fields the values need to surrounded by quotes: <?php $insert= "INSERT INTO detalii_contor(tip_contor, ultima_citire, den_contor, data_citire, user_id) VALUES ("'{$_POST['util']}','{$_POST['ind']}' ,'{$_POST['den_contor']}','{$_POST['data_citire']}',$user->id)"; ?> You are inviting trouble here, since you are not sanitizing the data coming in from your form. Ken Link to comment https://forums.phpfreaks.com/topic/202688-multiple-_post-problem/#findComment-1062400 Share on other sites More sharing options...
sebatm Posted May 24, 2010 Author Share Posted May 24, 2010 thanks a lot Ken. you're a life saver! in romania it's 4 AM and still haven't found anything... till now! i'll take care of that a bit later, just needed it to get it working. thanks Link to comment https://forums.phpfreaks.com/topic/202688-multiple-_post-problem/#findComment-1062408 Share on other sites More sharing options...
sebatm Posted May 24, 2010 Author Share Posted May 24, 2010 an other problem... it's adding 00.00 for pret (price) and 0000-00-00 for data ( date ) thanks Link to comment https://forums.phpfreaks.com/topic/202688-multiple-_post-problem/#findComment-1062413 Share on other sites More sharing options...
-Karl- Posted May 24, 2010 Share Posted May 24, 2010 There is no input for the Price, or for the Date, unless the Date is data_citire. If so, then the format being given is incorrect. Link to comment https://forums.phpfreaks.com/topic/202688-multiple-_post-problem/#findComment-1062416 Share on other sites More sharing options...
jkewlo Posted May 24, 2010 Share Posted May 24, 2010 how come you dont do them as variables?? <?php $tip = $_POST['util']; $ultima = $_POST['ind']; $den = $_POST['den_contor']; $data = $_POST['data_citire']; $insert= "INSERT INTO detalii_contor(tip_contor, ultima_citire, den_contor, data_citire, user_id) VALUES ("'. $tip ."','". $ultima ."' ,'". $den ."','". $data ."', '". $user->id ."'")"; ?> Link to comment https://forums.phpfreaks.com/topic/202688-multiple-_post-problem/#findComment-1062420 Share on other sites More sharing options...
-Karl- Posted May 24, 2010 Share Posted May 24, 2010 If they are variables, it'd be better to make them safe for database entry. <?php $tip = mysql_real_escape_string($_POST['util']); $ultima = mysql_real_escape_string($_POST['ind']); $den = mysql_real_escape_string($_POST['den_contor']); $data = mysql_real_escape_string($_POST['data_citire']); $insert= "INSERT INTO detalii_contor(tip_contor, ultima_citire, den_contor, data_citire, user_id) VALUES ("'. $tip ."','". $ultima ."' ,'". $den ."','". $data ."', '". $user->id ."'")"; ?> Link to comment https://forums.phpfreaks.com/topic/202688-multiple-_post-problem/#findComment-1062422 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.