Prog Posted June 10, 2010 Share Posted June 10, 2010 $query="INSERT INTO c$p ('id', 'Date', 'Name', 'Email', 'Entry') VALUES (NULL, NULL, '{$_POST[fname]}', '{$_POST[femail]}', '{$_POST[fentry]}')"; if(!mysql_query($query)) { die('Error: ' . mysql_error()); } The error report is: Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''id', 'Date', 'Name', 'Email', 'Entry') VALUES (NULL, NULL, 'sample name', 'samp' at line 1 Help? Quote Link to comment Share on other sites More sharing options...
mrMarcus Posted June 10, 2010 Share Posted June 10, 2010 use backticks instead of single quotes when stating a table column. try this: $query="INSERT INTO c$p (`id`, `Date`, `Name`, `Email`, `Entry`) VALUES (NULL, NULL, '{$_POST[fname]}', '{$_POST[femail]}', '{$_POST[fentry]}')"; if(!mysql_query($query)) { die('Error: ' . mysql_error()); } Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted June 10, 2010 Share Posted June 10, 2010 Remove the quotes around the field names. <?php $query="INSERT INTO c$p (id, Date, Name, Email, Entry) VALUES (NULL, NULL, '{$_POST[fname]}', '{$_POST[femail]}', '{$_POST[fentry]}')"; ?> BTW, it's very unwise to use any data directly from the $_POST or $_GET arrays directly in a query. At the very least use the function mysql_real_escape_string on the data. <?php $query="INSERT INTO c$p (id, `Date`, Name, Email, Entry) VALUES (NULL, NULL, '" , mysql_real_escape_string($_POST['fname']) . "', '" . mysql_real_escape_string($_POST['femail']) . "', '" . mysql_real_escape_string($_POST['fentry']) . "')"; ?> Ken Quote Link to comment Share on other sites More sharing options...
Prog Posted June 10, 2010 Author Share Posted June 10, 2010 Thanks, you guys are awesome! Quote Link to comment Share on other sites More sharing options...
Prog Posted June 10, 2010 Author Share Posted June 10, 2010 Could you guys try to hack around with the commenting system? http://recipitosblog.hostoi.com/a.php?p=1 I think I've cut off all the loose ends. Quote Link to comment Share on other sites More sharing options...
Psycho Posted June 10, 2010 Share Posted June 10, 2010 Warning: include(scripts/posts/1 OR 1=1.php) [function.include]: failed to open stream: No such file or directory in /home/a8646192/public_html/a.php on line 58 You are using the URL value to define a file to include! Quote Link to comment Share on other sites More sharing options...
Prog Posted June 10, 2010 Author Share Posted June 10, 2010 Warning: include(scripts/posts/1 OR 1=1.php) [function.include]: failed to open stream: No such file or directory in /home/a8646192/public_html/a.php on line 58 You are using the URL value to define a file to include! I fixed that with gettype($p)=="integer". Would that completely fix that loose end? Quote Link to comment Share on other sites More sharing options...
Prog Posted June 10, 2010 Author Share Posted June 10, 2010 Warning: include(scripts/posts/1 OR 1=1.php) [function.include]: failed to open stream: No such file or directory in /home/a8646192/public_html/a.php on line 58 You are using the URL value to define a file to include! I fixed that with gettype($p)=="integer". Would that completely fix that loose end? Never mind. I used $p=intval($p); Anything else to fix? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.