Jump to content

Error/problem With My Php Code

Tanelorn

By Tanelorn
in PHP Coding Help

 Share

Recommended Posts

Tanelorn Newbie

Tanelorn

Posted
Posted

I got an error in my code and I'm not really sure of what it might be... this is the problem that I get hBqoG.png

 

I guess the problem is in the area that I will colour red in the code below.

Since that is the 8th row of sql that is initiated I moved the green one to the end of the other row and the number switched from 8 to 7 so it is that code that is red that atm is what I see is the error so if someone could help me with this I would really appreciate it.

 

 

<?php

 

include '../../php/header2.php';

echo'

<!--Mainbody-->

<div align="center"class="box">';

echo '<h2>Create a topic</h2>';

if($_SESSION['signed_in'] == false)

{

echo 'Sorry, you have to be <a href="/forum/signin.php">signed in</a> to create a topic.';

}

else

{

if($_SERVER['REQUEST_METHOD'] != 'POST')

{

$sql = "SELECT

cat_id,

cat_name,

cat_description

FROM

categories";

 

$result = mysql_query($sql);

 

if(!$result)

{

echo 'Error while selecting from database. Please try again later.';

}

else

{

if(mysql_num_rows($result) == 0)

{

if($_SESSION['user_level'] == 1)

{

echo 'You have not created categories yet.';

}

else

{

echo 'Before you can post a topic, you must wait for an admin to create some categories.';

}

}

else

{

 

echo '<form method="post" action="">

Subject: <input type="text" name="subcat_name" /><br />

Category:';

 

echo '<select name="subcat_cat">';

while($row = mysql_fetch_assoc($result))

{

echo '<option value="' . $row['cat_id'] . '">' . $row['cat_name'] . '</option>';

}

echo '</select><br />';

 

echo 'Message: <br /><textarea name="subcat_description" /></textarea><br /><br />

<input type="submit" value="Create subcategory" />

</form>';

}

}

}

else

{

$query = "BEGIN WORK;";

$result = mysql_query($query);

 

if(!$result)

{

echo 'An error occured while creating your topic. Please try again later.';

}

else

{

$sql = "INSERT INTO

subcategories (subcat_name,

subcat_cat,

subcat_description)

VALUES('" . mysql_real_escape_string($_POST['subcat_name']) . "',

NOW(),

" . mysql_real_escape_string($_POST['subcat_cat']) . "

" . mysql_real_escape_string($_POST['subcat_description']) . "

)";

 

$result = mysql_query($sql);

if(!$result)

{

echo 'An error occured while inserting your data. Please try again later.<br /><br />' . mysql_error();

$sql = "ROLLBACK;";

$result = mysql_query($sql);

}

else

{

$sql = "COMMIT;";

$result = mysql_query($sql);

echo 'You have succesfully created <a href="subcategories.php?id='. $subcat_id . '">your new subcategorie</a>.';

}

}

}

}

?>

<?php

echo '</div>

 

<!--Bottom-->

<div align="left"class="bottom">

 

</div>';

 

 

 

?>

Link to comment
https://forums.phpfreaks.com/topic/271671-errorproblem-with-my-php-code/
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

You do realize that no one likes visiting a web site with a dark background with dark text on it and no one here wants to try and read an error message with a dark background with dark text on it.

 

Just copy/paste the text of the output you are getting into a post in this thread so that someone could help you with it.

mikosiko Newbie

mikosiko

Posted
Posted (edited)

in this part of your code:

$sql = "INSERT INTO
subcategories (subcat_name,
subcat_cat,
subcat_description)
VALUES('" . mysql_real_escape_string($_POST['subcat_name']) . "',
NOW(),
" . mysql_real_escape_string($_POST['subcat_cat']) . "
" . mysql_real_escape_string($_POST['subcat_description']) . "
)";

 

the error is very clear... just a matter of count elements correctly... 3 fields.... 4 Values

Edited by mikosiko
Tanelorn Newbie

Tanelorn

Posted
  • Author
Posted

in this part of your code:

$sql = "INSERT INTO
subcategories (subcat_name,
subcat_cat,
subcat_description)
VALUES('" . mysql_real_escape_string($_POST['subcat_name']) . "',
NOW(),
" . mysql_real_escape_string($_POST['subcat_cat']) . "
" . mysql_real_escape_string($_POST['subcat_description']) . "
)";

 

the error is very clear... just a matter of count elements correctly... 3 fields.... 4 Values

 

Could you explain it more clear since english inst my main language and I'm still learning php and thanks this is actually the first problem I've gotten so far

Love2c0de Regular Member

Love2c0de

Posted
Posted (edited)

Here you are selecting 3 fields:

$sql = "INSERT INTO
subcategories (subcat_name,//1
subcat_cat,//2
subcat_description)//3

 

In this part:

 

VALUES('" . mysql_real_escape_string($_POST['subcat_name']) . "',//1
NOW(),//2
" . mysql_real_escape_string($_POST['subcat_cat']) . "//3
" . mysql_real_escape_string($_POST['subcat_description']) . "//4
)";

 

You are attempting to insert 4 values.

Edited by AoTBuNgLe
Christian F. Member

Christian F.

Posted
Posted (edited)

Count the number of fields you've specified (subcat_name, subcat_cat and subcat_description), and compare that against the number of values you're trying to insert (subcat_name, now(), subcat_cat, and subcat_description).

 

BTW: It's quite redundant to repeat the table name in the fields, at least for fields that aren't foreign keys. You're always specifying the table anyway, so there is really no need to do so twice.

 

AutoBungle: Formatting doesn't really work inside code tags. :P

Edited by Christian F.
Tanelorn Newbie

Tanelorn

Posted
  • Author
Posted

Count the number of fields you've specified (subcat_name, subcat_cat and subcat_description), and compare that against the number of values you're trying to insert (subcat_name, now(), subcat_cat, and subcat_description).

 

BTW: It's quite redundant to repeat the table name in the fields, at least for fields that aren't foreign keys. You're always specifying the table anyway, so there is really no need to do so twice.

 

AutoBungle: Formatting doesn't really work inside code tags. :P

 

I tried to fix this by deleting the now() and I still get the same error...

And thanks all for the help I really do appreciate it.

mrMarcus Member

mrMarcus

Posted
Posted (edited) 

$sql = "INSERT INTO
subcategories (subcat_name,
subcat_cat,
subcat_description)
VALUES('" . mysql_real_escape_string($_POST['subcat_name']) . "',
NOW(),
" . mysql_real_escape_string($_POST['subcat_cat']) . "
" . mysql_real_escape_string($_POST['subcat_description']) . "
)";

 

Your original error message is related to not having $_POST['subcat_cat'] and/or $_POST['subcat_description'] wrapped with single-quotes.

 

Since I don't know the field type of each, I can only assume that `subcat_description` is string while `subcat_cat` may or may not be numeric.  TO be on the safe side, I'm going to assume it's string, too.

 

Try this:

 

$sql = "INSERT INTO subcategories (
   `subcat_name`,
   `subcat_cat`,
   `subcat_description`
)
VALUES(
   '" . mysql_real_escape_string($_POST['subcat_name']) . "',
   '" . mysql_real_escape_string($_POST['subcat_cat']) . "',
   '" . mysql_real_escape_string($_POST['subcat_description']) . "'
)";

Edited by mrMarcus
Christian F. Member

Christian F.

Posted
Posted

As mentioned above, there are/were several errors with your query. I gave you a hint to the remaining one, which is what you got an error message about.

In fact, if you had sorted it out first, then you'd get an error message about the problem you just fixed.

Love2c0de Regular Member

Love2c0de

Posted
Posted

AutoBungle: Formatting doesn't really work inside code tags. :P

 

I am lazy sometimes :P

 

I had to edit about 6 times, it kept automatically putting the color there even after I copied and pasted from his original post with no tags :P

 

Also, shouldn't he really be escaping the data JUST before the query? Because then he can do

 

//insert table blah blah

VALUES ("{$_POST['subcat_name']}","{$_POST['subcat_cat']}","$_POST['subcat_description']");

 

And for the timestamp, I've read to read it in the php like so:

 

$date = date("Y-m-d H:i:s", time());

 

Then put that into the query where his field is (which should be DATETIME type)?

 

Kind regards.

 

AoTB.

Tanelorn Newbie

Tanelorn

Posted
  • Author
Posted 

$sql = "INSERT INTO
subcategories (subcat_name,
subcat_cat,
subcat_description)
VALUES('" . mysql_real_escape_string($_POST['subcat_name']) . "',
NOW(),
" . mysql_real_escape_string($_POST['subcat_cat']) . "
" . mysql_real_escape_string($_POST['subcat_description']) . "
)";

 

Your original error message is related to not having $_POST['subcat_cat'] and/or $_POST['subcat_description'] wrapped with single-quotes.

 

Since I don't know the field type of each, I can only assume that `subcat_description` is string while `subcat_cat` may or may not be numeric. TO be on the safe side, I'm going to assume it's string, too.

 

Try this:

 

$sql = "INSERT INTO subcategories (
`subcat_name`,
`subcat_cat`,
`subcat_description`
)
VALUES(
'" . mysql_real_escape_string($_POST['subcat_name']) . "',
'" . mysql_real_escape_string($_POST['subcat_cat']) . "',
'" . mysql_real_escape_string($_POST['subcat_description']) . "'
)";

 

Yeah I just fixed that but I still get the same error but on line 7 atm not 8 but that is just because the "now()" was erased.

And just to let everyone know this is for my school project so please don't expect me to understand everything that easy so I be real happy if you explain it thoroughly

Love2c0de Regular Member

Love2c0de

Posted
Posted (edited)

Edit: dont mind me, completely wrong. :o

 

Ok, what is the actual error which is displaying to you? I think it's either your double quotes or I don't know.

 

Kind regards,

 

AotB.

Edited by AoTBuNgLe
Tanelorn Newbie

Tanelorn

Posted
  • Author
Posted (edited)

Edit: dont mind me, completely wrong. :o

 

Ok, what is the actual error which is displaying to you? I think it's either your double quotes or I don't know.

 

Kind regards,

 

AotB.

 

An error occured while inserting your data. Please try again later.

 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'test )' at line 7

 

and it's the same code except that the now() is deleted from there since the other two is actually the values I need.

And double quotes where are they? (in my code)

Sorry for not seeing this mostlikely simple problem

Edited by Tanelorn
Love2c0de Regular Member

Love2c0de

Posted
Posted (edited)

I'm very new to php dude so I'm just trying to think what it could be.

 

Change this part of your code:

$sql = "INSERT INTO
subcategories (subcat_name,
subcat_cat,
subcat_description)
VALUES('" . mysql_real_escape_string($_POST['subcat_name']) . "',
NOW(),
" . mysql_real_escape_string($_POST['subcat_cat']) . "
" . mysql_real_escape_string($_POST['subcat_description']) . "
)";

 

To this:


$_POST['subcat_name'] = mysql_real_escape_string($_POST['subcat_name']);
$_POST['subcat_cat'] = mysql_real_escape_string($_POST['subcat_cat']);
$_POST['subcat_description'] = mysql_real_escape_string($_POST['subcat_description']);

$sql = "INSERT INTO
subcategories
(subcat_name,
subcat_cat,
subcat_description)
VALUES ('{$_POST['subcat_name']}','{$_POST['subcat_cat']}','{$_POST['subcat_description']}')";

 

Let me know if it works

 

I use prepared statements now but when I did use the normal mysql type functions I always escaped it like this before inserting.

 

Edit: the error message you posted, which line is line 7 because I looked at your code at the top and I can't see a problem at line 7?

 

Regards,

 

AotB.

Edited by AoTBuNgLe
Tanelorn Newbie

Tanelorn

Posted
  • Author
Posted

I'm very new to php dude so I'm just trying to think what it could be.

 

Change this part of your code:

$sql = "INSERT INTO
subcategories (subcat_name,
subcat_cat,
subcat_description)
VALUES('" . mysql_real_escape_string($_POST['subcat_name']) . "',
NOW(),
" . mysql_real_escape_string($_POST['subcat_cat']) . "
" . mysql_real_escape_string($_POST['subcat_description']) . "
)";

 

To this:


$_POST['subcat_name'] = mysql_real_escape_string($_POST['subcat_name']);
$_POST['subcat_cat'] = mysql_real_escape_string($_POST['subcat_cat']);
$_POST['subcat_description'] = mysql_real_escape_string($_POST['subcat_description']);

$sql = "INSERT INTO
subcategories
(subcat_name,
subcat_cat,
subcat_description)
VALUES ('{$_POST['subcat_name']}','{$_POST['subcat_cat']}','{$_POST['subcat_description']}')";

 

Let me know if it works

 

I use prepared statements now but when I did use the normal mysql type functions I always escaped it like this before inserting.

 

Regards,

 

AotB.

 

Well after that this actually happend

http://i.imgur.com/ISl0m.png

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.