colleyboy Posted September 16, 2010 Share Posted September 16, 2010 Just trying to do a basic query... not working and don't know why: here is inserts.php: <?php $username="wormste1_barry"; $password="barry"; $database="wormste1_barry"; $CarName=$_POST['CarName']; $CarTitle=$_POST['CarTitle']; $CarPrice=$_POST['CarPrice']; $CarMiles=$_POST['CarMiles']; $CarDescription=$_POST['CarDescription']; mysql_connect(localhost,$username,$password); @mysql_select_db($database) or die( "Unable to select database"); $query = "INSERT INTO tablename VALUES ('','$CarName','$CarTitle','$CarPrice','$CarMiles','$CarDescription'); mysql_query($query); mysql_close(); ?> That parses the simple form of : form.html: <HTML> <HEAD> </HEAD> <BODY> <form action="inserts.php" method="post"> car Name: <input type="text" name="CarName"><br> Car Title: <input type="text" name="CarTitle"><br> Car Price: <input type="text" name="CarPrice"><br> Car Miles: <input type="text" name="CarMiles"><br> Car Description: <input type="text" name="CarDescription"><br> <input type="Submit"> </form> </BODY> </HTML> I get the error: Parse error: syntax error, unexpected $end in /home/wormste1/public_html/tilburywebdesign/shop/FTPServers/barryottley/showroom/inserts.php on line 23 Don't know whats wrong? Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted September 16, 2010 Share Posted September 16, 2010 Unclosed double-quote in the query string. Quote Link to comment Share on other sites More sharing options...
colleyboy Posted September 16, 2010 Author Share Posted September 16, 2010 That has got rid of that problem but now I get: Parse error: syntax error, unexpected '(' in /home/wormste1/public_html/tilburywebdesign/shop/FTPServers/barryottley/showroom/inserts.php on line 17 <?php $username="wormste1_barry"; $password="barry"; $database="wormste1_barry"; $CarName=$_POST['CarName']; $CarTitle=$_POST['CarTitle']; $CarPrice=$_POST['CarPrice']; $CarMiles=$_POST['CarMiles']; $CarDescription=$_POST['CarDescription']; mysql_connect(localhost,$username,$password); @mysql_select_db($database) or die( "Unable to select database"); $query = "INSERT INTO tablename VALUES" ('','$CarName','$CarTitle','$CarPrice','$CarMiles','$CarDescription'); mysql_query($query); mysql_close(); ?> Quote Link to comment Share on other sites More sharing options...
Psycho Posted September 16, 2010 Share Posted September 16, 2010 The query string is malformed. The values aren't in the string. Your script is also open to sql injection attacks. Quote Link to comment Share on other sites More sharing options...
Psycho Posted September 16, 2010 Share Posted September 16, 2010 <?php $username="wormste1_barry"; $password="barry"; $database="wormste1_barry"; $CarName = mysql_real_escape_string(trim($_POST['CarName'])); $CarTitle = mysql_real_escape_string(trim($_POST['CarTitle'])); $CarPrice = mysql_real_escape_string(trim($_POST['CarPrice'])); $CarMiles = mysql_real_escape_string(trim($_POST['CarMiles'])); $CarDescription = mysql_real_escape_string(trim($_POST['CarDescription'])); mysql_connect(localhost,$username,$password); @mysql_select_db($database) or die( "Unable to select database"); $query = "INSERT INTO tablename VALUES ('','{$CarName}','{$CarTitle}','{$CarPrice}','{$CarMiles}','{$CarDescription}')"; mysql_query($query); mysql_close(); ?> Note: moved the variable creation for the field values to after the database connection since mysql_real_escape_string() requires a db connection and it makes no sense defining the variables if the db connection would fail. Quote Link to comment Share on other sites More sharing options...
colleyboy Posted September 16, 2010 Author Share Posted September 16, 2010 <?php $username="wormste1_barry"; $password="barry"; $database="wormste1_barry"; $CarName=$_POST['CarName']; $CarTitle=$_POST['CarTitle']; $CarPrice=$_POST['CarPrice']; $CarMiles=$_POST['CarMiles']; $CarDescription=$_POST['CarDescription']; mysql_connect(localhost,$username,$password); @mysql_select_db($database) or die( "Unable to select database"); $query = "INSERT INTO cars VALUES" ('','$CarName','$CarTitle','$CarPrice','$CarMiles','$CarDescription'); mysql_query($query); mysql_close(); php?> Basically I created a database called "wormste1_barry" I have made a table called "cars" and I have 5 fields: CarName CarTitle CarPrice CarMiles CarDescription all are varchar (15) except CarTitle which is varchar (50) have I got the correct query then?? :S Quote Link to comment Share on other sites More sharing options...
colleyboy Posted September 16, 2010 Author Share Posted September 16, 2010 Tried the code you have written: I get the following errors appear: Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'wormste1'@'localhost' (using password: NO) in /home/wormste1/public_html/tilburywebdesign/shop/FTPServers/barryottley/showroom/inserts.php on line 7 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/wormste1/public_html/tilburywebdesign/shop/FTPServers/barryottley/showroom/inserts.php on line 7 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'wormste1'@'localhost' (using password: NO) in /home/wormste1/public_html/tilburywebdesign/shop/FTPServers/barryottley/showroom/inserts.php on line 8 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/wormste1/public_html/tilburywebdesign/shop/FTPServers/barryottley/showroom/inserts.php on line 8 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'wormste1'@'localhost' (using password: NO) in /home/wormste1/public_html/tilburywebdesign/shop/FTPServers/barryottley/showroom/inserts.php on line 9 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/wormste1/public_html/tilburywebdesign/shop/FTPServers/barryottley/showroom/inserts.php on line 9 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'wormste1'@'localhost' (using password: NO) in /home/wormste1/public_html/tilburywebdesign/shop/FTPServers/barryottley/showroom/inserts.php on line 10 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/wormste1/public_html/tilburywebdesign/shop/FTPServers/barryottley/showroom/inserts.php on line 10 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'wormste1'@'localhost' (using password: NO) in /home/wormste1/public_html/tilburywebdesign/shop/FTPServers/barryottley/showroom/inserts.php on line 11 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/wormste1/public_html/tilburywebdesign/shop/FTPServers/barryottley/showroom/inserts.php on line 11 Quote Link to comment Share on other sites More sharing options...
Psycho Posted September 16, 2010 Share Posted September 16, 2010 have I got the correct query then?? :S As I stated, the string variable $query is malformed. $query = "INSERT INTO cars VALUES" ('','$CarName','$CarTitle','$CarPrice','$CarMiles','$CarDescription'); The value of $query is "INSERT INTO cars VALUES" because you end the query with the double quote at the end of that line. The second line with the values is not in the string and is what is causing the error. I provided a properly created sting in my sample code above. But, now you are stating that the table only has five fields. I assumed tha the first field was an ID field because in the values you have 6 different values, the first being an empty string. Personally, I prefer to explicitly state the fields to insert the values into. $query = "INSERT INTO cars (`CarName`, `CarTitle`, `CarPrice`, `CarMiles`, `CarDescription`) VALUES"('{$CarName}','{$CarTitle}','{$CarPrice}','{$CarMiles}','{$CarDescription}'); EDIT: Regarding the erros you are getting, most likely your database connection is not being made. Change the connection lines to the following: mysql_connect(localhost,$username,$password) or die(mysql_error()); mysql_select_db($database) or die(mysql_error()); Quote Link to comment Share on other sites More sharing options...
colleyboy Posted September 16, 2010 Author Share Posted September 16, 2010 Dude, your gonna hate me I still get the error: Parse error: syntax error, unexpected '(' in /home/wormste1/public_html/tilburywebdesign/shop/FTPServers/barryottley/showroom/inserts.php on line 16 I will just run over the details exactly as they stand. I have a database called: wormste1_barry the table in it is called: cars it has 5 fields: CarName CarTitle CarPrice CarMiles CarDescription theres no id tag... the html file called addcar.html looks as follows: <HTML> <HEAD> </HEAD> <BODY> <form action="inserts.php" method="post"> car Name: <input type="text" name="CarName"><br> Car Title: <input type="text" name="CarTitle"><br> Car Price: <input type="text" name="CarPrice"><br> Car Miles: <input type="text" name="CarMiles"><br> Car Description: <input type="text" name="CarDescription"><br> <input type="Submit"> </form> </BODY> </HTML> the php file looks as follows: inserts.php: <?php $username="wormste1_barry"; $password="barry"; $database="wormste1_barry"; $CarName = mysql_real_escape_string(trim($_POST['CarName'])); $CarTitle = mysql_real_escape_string(trim($_POST['CarTitle'])); $CarPrice = mysql_real_escape_string(trim($_POST['CarPrice'])); $CarMiles = mysql_real_escape_string(trim($_POST['CarMiles'])); $CarDescription = mysql_real_escape_string(trim($_POST['CarDescription'])); mysql_connect(localhost,$username,$password) or die(mysql_error()); mysql_select_db($database) or die(mysql_error()); $query = "INSERT INTO cars (`CarName`, `CarTitle`, `CarPrice`, `CarMiles`, `CarDescription`) VALUES"('{$CarName}','{$CarTitle}','{$CarPrice}','{$CarMiles}','{$CarDescription}'); mysql_query($query); mysql_close(); ?> I am well confused but cant see why it keeps sending an error back many thanks for the help... much appreciated!!! Quote Link to comment Share on other sites More sharing options...
Psycho Posted September 16, 2010 Share Posted September 16, 2010 Ah, it looks like I added the error in the last edit I did. Ending double quote was in wrong place. Use this: $query = "INSERT INTO cars (`CarName`, `CarTitle`, `CarPrice`, `CarMiles`, `CarDescription`) VALUES('{$CarName}','{$CarTitle}','{$CarPrice}','{$CarMiles}','{$CarDescription}')"; Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.