Jump to content

Error/problem With My Php Code


Tanelorn

Recommended Posts

I got an error in my code and I'm not really sure of what it might be... this is the problem that I get hBqoG.png

 

I guess the problem is in the area that I will colour red in the code below.

Since that is the 8th row of sql that is initiated I moved the green one to the end of the other row and the number switched from 8 to 7 so it is that code that is red that atm is what I see is the error so if someone could help me with this I would really appreciate it.

 

 

<?php

 

include '../../php/header2.php';

echo'

<!--Mainbody-->

<div align="center"class="box">';

echo '<h2>Create a topic</h2>';

if($_SESSION['signed_in'] == false)

{

echo 'Sorry, you have to be <a href="/forum/signin.php">signed in</a> to create a topic.';

}

else

{

if($_SERVER['REQUEST_METHOD'] != 'POST')

{

$sql = "SELECT

cat_id,

cat_name,

cat_description

FROM

categories";

 

$result = mysql_query($sql);

 

if(!$result)

{

echo 'Error while selecting from database. Please try again later.';

}

else

{

if(mysql_num_rows($result) == 0)

{

if($_SESSION['user_level'] == 1)

{

echo 'You have not created categories yet.';

}

else

{

echo 'Before you can post a topic, you must wait for an admin to create some categories.';

}

}

else

{

 

echo '<form method="post" action="">

Subject: <input type="text" name="subcat_name" /><br />

Category:';

 

echo '<select name="subcat_cat">';

while($row = mysql_fetch_assoc($result))

{

echo '<option value="' . $row['cat_id'] . '">' . $row['cat_name'] . '</option>';

}

echo '</select><br />';

 

echo 'Message: <br /><textarea name="subcat_description" /></textarea><br /><br />

<input type="submit" value="Create subcategory" />

</form>';

}

}

}

else

{

$query = "BEGIN WORK;";

$result = mysql_query($query);

 

if(!$result)

{

echo 'An error occured while creating your topic. Please try again later.';

}

else

{

$sql = "INSERT INTO

subcategories (subcat_name,

subcat_cat,

subcat_description)

VALUES('" . mysql_real_escape_string($_POST['subcat_name']) . "',

NOW(),

" . mysql_real_escape_string($_POST['subcat_cat']) . "

" . mysql_real_escape_string($_POST['subcat_description']) . "

)";

 

$result = mysql_query($sql);

if(!$result)

{

echo 'An error occured while inserting your data. Please try again later.<br /><br />' . mysql_error();

$sql = "ROLLBACK;";

$result = mysql_query($sql);

}

else

{

$sql = "COMMIT;";

$result = mysql_query($sql);

echo 'You have succesfully created <a href="subcategories.php?id='. $subcat_id . '">your new subcategorie</a>.';

}

}

}

}

?>

<?php

echo '</div>

 

<!--Bottom-->

<div align="left"class="bottom">

 

</div>';

 

 

 

?>

Link to comment
Share on other sites

You do realize that no one likes visiting a web site with a dark background with dark text on it and no one here wants to try and read an error message with a dark background with dark text on it.

 

Just copy/paste the text of the output you are getting into a post in this thread so that someone could help you with it.

Link to comment
Share on other sites

in this part of your code:

$sql = "INSERT INTO
subcategories (subcat_name,
subcat_cat,
subcat_description)
VALUES('" . mysql_real_escape_string($_POST['subcat_name']) . "',
NOW(),
" . mysql_real_escape_string($_POST['subcat_cat']) . "
" . mysql_real_escape_string($_POST['subcat_description']) . "
)";

 

the error is very clear... just a matter of count elements correctly... 3 fields.... 4 Values

Edited by mikosiko
Link to comment
Share on other sites

in this part of your code:

$sql = "INSERT INTO
subcategories (subcat_name,
subcat_cat,
subcat_description)
VALUES('" . mysql_real_escape_string($_POST['subcat_name']) . "',
NOW(),
" . mysql_real_escape_string($_POST['subcat_cat']) . "
" . mysql_real_escape_string($_POST['subcat_description']) . "
)";

 

the error is very clear... just a matter of count elements correctly... 3 fields.... 4 Values

 

Could you explain it more clear since english inst my main language and I'm still learning php and thanks this is actually the first problem I've gotten so far

Link to comment
Share on other sites

Here you are selecting 3 fields:

$sql = "INSERT INTO
subcategories (subcat_name,//1
subcat_cat,//2
subcat_description)//3

 

In this part:

 

VALUES('" . mysql_real_escape_string($_POST['subcat_name']) . "',//1
NOW(),//2
" . mysql_real_escape_string($_POST['subcat_cat']) . "//3
" . mysql_real_escape_string($_POST['subcat_description']) . "//4
)";

 

You are attempting to insert 4 values.

Edited by AoTBuNgLe
Link to comment
Share on other sites

Count the number of fields you've specified (subcat_name, subcat_cat and subcat_description), and compare that against the number of values you're trying to insert (subcat_name, now(), subcat_cat, and subcat_description).

 

BTW: It's quite redundant to repeat the table name in the fields, at least for fields that aren't foreign keys. You're always specifying the table anyway, so there is really no need to do so twice.

 

AutoBungle: Formatting doesn't really work inside code tags. :P

Edited by Christian F.
Link to comment
Share on other sites

Count the number of fields you've specified (subcat_name, subcat_cat and subcat_description), and compare that against the number of values you're trying to insert (subcat_name, now(), subcat_cat, and subcat_description).

 

BTW: It's quite redundant to repeat the table name in the fields, at least for fields that aren't foreign keys. You're always specifying the table anyway, so there is really no need to do so twice.

 

AutoBungle: Formatting doesn't really work inside code tags. :P

 

I tried to fix this by deleting the now() and I still get the same error...

And thanks all for the help I really do appreciate it.

Link to comment
Share on other sites

$sql = "INSERT INTO
subcategories (subcat_name,
subcat_cat,
subcat_description)
VALUES('" . mysql_real_escape_string($_POST['subcat_name']) . "',
NOW(),
" . mysql_real_escape_string($_POST['subcat_cat']) . "
" . mysql_real_escape_string($_POST['subcat_description']) . "
)";

 

Your original error message is related to not having $_POST['subcat_cat'] and/or $_POST['subcat_description'] wrapped with single-quotes.

 

Since I don't know the field type of each, I can only assume that `subcat_description` is string while `subcat_cat` may or may not be numeric.  TO be on the safe side, I'm going to assume it's string, too.

 

Try this:

 

$sql = "INSERT INTO subcategories (
   `subcat_name`,
   `subcat_cat`,
   `subcat_description`
)
VALUES(
   '" . mysql_real_escape_string($_POST['subcat_name']) . "',
   '" . mysql_real_escape_string($_POST['subcat_cat']) . "',
   '" . mysql_real_escape_string($_POST['subcat_description']) . "'
)";

Edited by mrMarcus
Link to comment
Share on other sites

AutoBungle: Formatting doesn't really work inside code tags. :P

 

I am lazy sometimes :P

 

I had to edit about 6 times, it kept automatically putting the color there even after I copied and pasted from his original post with no tags :P

 

Also, shouldn't he really be escaping the data JUST before the query? Because then he can do

 

//insert table blah blah

VALUES ("{$_POST['subcat_name']}","{$_POST['subcat_cat']}","$_POST['subcat_description']");

 

And for the timestamp, I've read to read it in the php like so:

 

$date = date("Y-m-d H:i:s", time());

 

Then put that into the query where his field is (which should be DATETIME type)?

 

Kind regards.

 

AoTB.

Link to comment
Share on other sites

$sql = "INSERT INTO
subcategories (subcat_name,
subcat_cat,
subcat_description)
VALUES('" . mysql_real_escape_string($_POST['subcat_name']) . "',
NOW(),
" . mysql_real_escape_string($_POST['subcat_cat']) . "
" . mysql_real_escape_string($_POST['subcat_description']) . "
)";

 

Your original error message is related to not having $_POST['subcat_cat'] and/or $_POST['subcat_description'] wrapped with single-quotes.

 

Since I don't know the field type of each, I can only assume that `subcat_description` is string while `subcat_cat` may or may not be numeric. TO be on the safe side, I'm going to assume it's string, too.

 

Try this:

 

$sql = "INSERT INTO subcategories (
`subcat_name`,
`subcat_cat`,
`subcat_description`
)
VALUES(
'" . mysql_real_escape_string($_POST['subcat_name']) . "',
'" . mysql_real_escape_string($_POST['subcat_cat']) . "',
'" . mysql_real_escape_string($_POST['subcat_description']) . "'
)";

 

Yeah I just fixed that but I still get the same error but on line 7 atm not 8 but that is just because the "now()" was erased.

And just to let everyone know this is for my school project so please don't expect me to understand everything that easy so I be real happy if you explain it thoroughly

Link to comment
Share on other sites

Edit: dont mind me, completely wrong. :o

 

Ok, what is the actual error which is displaying to you? I think it's either your double quotes or I don't know.

 

Kind regards,

 

AotB.

 

An error occured while inserting your data. Please try again later.

 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'test )' at line 7

 

and it's the same code except that the now() is deleted from there since the other two is actually the values I need.

And double quotes where are they? (in my code)

Sorry for not seeing this mostlikely simple problem

Edited by Tanelorn
Link to comment
Share on other sites

I'm very new to php dude so I'm just trying to think what it could be.

 

Change this part of your code:

$sql = "INSERT INTO
subcategories (subcat_name,
subcat_cat,
subcat_description)
VALUES('" . mysql_real_escape_string($_POST['subcat_name']) . "',
NOW(),
" . mysql_real_escape_string($_POST['subcat_cat']) . "
" . mysql_real_escape_string($_POST['subcat_description']) . "
)";

 

To this:


$_POST['subcat_name'] = mysql_real_escape_string($_POST['subcat_name']);
$_POST['subcat_cat'] = mysql_real_escape_string($_POST['subcat_cat']);
$_POST['subcat_description'] = mysql_real_escape_string($_POST['subcat_description']);

$sql = "INSERT INTO
subcategories
(subcat_name,
subcat_cat,
subcat_description)
VALUES ('{$_POST['subcat_name']}','{$_POST['subcat_cat']}','{$_POST['subcat_description']}')";

 

Let me know if it works

 

I use prepared statements now but when I did use the normal mysql type functions I always escaped it like this before inserting.

 

Edit: the error message you posted, which line is line 7 because I looked at your code at the top and I can't see a problem at line 7?

 

Regards,

 

AotB.

Edited by AoTBuNgLe
Link to comment
Share on other sites

I'm very new to php dude so I'm just trying to think what it could be.

 

Change this part of your code:

$sql = "INSERT INTO
subcategories (subcat_name,
subcat_cat,
subcat_description)
VALUES('" . mysql_real_escape_string($_POST['subcat_name']) . "',
NOW(),
" . mysql_real_escape_string($_POST['subcat_cat']) . "
" . mysql_real_escape_string($_POST['subcat_description']) . "
)";

 

To this:


$_POST['subcat_name'] = mysql_real_escape_string($_POST['subcat_name']);
$_POST['subcat_cat'] = mysql_real_escape_string($_POST['subcat_cat']);
$_POST['subcat_description'] = mysql_real_escape_string($_POST['subcat_description']);

$sql = "INSERT INTO
subcategories
(subcat_name,
subcat_cat,
subcat_description)
VALUES ('{$_POST['subcat_name']}','{$_POST['subcat_cat']}','{$_POST['subcat_description']}')";

 

Let me know if it works

 

I use prepared statements now but when I did use the normal mysql type functions I always escaped it like this before inserting.

 

Regards,

 

AotB.

 

Well after that this actually happend

http://i.imgur.com/ISl0m.png

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.