FRSH Posted July 10, 2010 Share Posted July 10, 2010 I created a table in my database CREATE TABLE `information` ( `ID` int(11) AUTO_INCREAMENT, `name` varchar(50) NOT NULL, `email` varchar(50) NOT NULL, PRIMARY KEY (`ID`) ) Note: I added the auto_increament thing later on this is the code for add.php <?php $name = $_POST['name']; $email = $_POST['email']; $con = mysql_connect("localhost","fafsd","ffasdfr"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("DB_2", $con); $sql="INSERT INTO information(name, email) VALUES ('.$name.','.$email.')"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "added!"; mysql_close($con) ?> Problem: When I add anything to the database it shows up as two dots Uploaded with ImageShack.us Quote Link to comment Share on other sites More sharing options...
Jragon Posted July 10, 2010 Share Posted July 10, 2010 Where you went wong: $sql="INSERT INTO information(name, email) VALUES ('.$name.','.$email.')"; Fixed: $sql="INSERT INTO information(name, email) VALUES ($name, $email)"; If you have the '' around it it will tern the vars in to normal strings. Thanks Jragon Edit: You should also use this: mysql_query($sql, $con) or die(mysql_error()) instead of that if statment cos its faster Quote Link to comment Share on other sites More sharing options...
FRSH Posted July 10, 2010 Author Share Posted July 10, 2010 Where you went wong: $sql="INSERT INTO information(name, email) VALUES ('.$name.','.$email.')"; Fixed: $sql="INSERT INTO information(name, email) VALUES ($name, $email)"; If you have the '' around it it will tern the vars in to normal strings. Thanks Jragon Edit: You should also use this: mysql_query($sql, $con) or die(mysql_error()) instead of that if statment cos its faster Hi, Thanks for your quick reply, but im now getting the following error Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' )' at line 3 what should I do? Quote Link to comment Share on other sites More sharing options...
Mchl Posted July 10, 2010 Share Posted July 10, 2010 instead of that if statment cos its faster How much faster? FRSH: name and email are strings, so you need to put quotes ' around them $sql="INSERT INTO information(name, email) VALUES ('$name', '$email')"; Also, the way you do it, there's a risk of SQL injection. You need to use mysql_real_escape_string to mitigate it, like this: $con = mysql_connect("localhost","fafsd","ffasdfr"); if (!$con) { die('Could not connect: ' . mysql_error()); } $name = mysql_real_escape_string($_POST['name']); $email = mysql_real_escape_string($_POST['email']); Quote Link to comment Share on other sites More sharing options...
FRSH Posted July 10, 2010 Author Share Posted July 10, 2010 instead of that if statment cos its faster How much faster? FRSH: name and email are strings, so you need to put quotes ' around them $sql="INSERT INTO information(name, email) VALUES ('$name', '$email')"; Also, the way you do it, there's a risk of SQL injection. You need to use mysql_real_escape_string to mitigate it, like this: $con = mysql_connect("localhost","fafsd","ffasdfr"); if (!$con) { die('Could not connect: ' . mysql_error()); } $name = mysql_real_escape_string($_POST['name']); $email = mysql_real_escape_string($_POST['email']); Thanks for your reply. Im still getting new records added but with no information in them Quote Link to comment Share on other sites More sharing options...
FRSH Posted July 10, 2010 Author Share Posted July 10, 2010 Oops never mind guys, I found what I was doing wrong haha Thanks for your help Solved! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.