Jump to content

[SOLVED] error 1064, when entering data into a form.

Merdok

By Merdok
in MySQL Help

 Share

Recommended Posts

Merdok Member

Merdok

Posted
Posted

Is it possible to make a mySQL database treat information entered into forms as text? When I input

 

24' x 10' Jackleg Steel Clad Portacabin

1/2 hr Fire Rated

 

Internal: Plywood floor, Vinyl overlayed, Vinyl faced plasterboard wallboards, sink base unit, worktop and waterheater, standard electrics.

 

External: Steel Clad, Hardwood GWPP glass windows and Plywood 1/2 hr f/r door

 

into a form I made for a client I get this error:

 

Error 1064 : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'x 10' Jackleg Steel Clad Portacabin', 'Internal: Plywood floor, Vinyl o' at line 3

 

I'm assuming that the database is recognising this as a query and not simple text (which MUST be a security risk!) as if I use different text I dont get this error and everything works fine... problem is, most of the items entered into this DB will follow this same format.

 

Here is the code for the pages which seems to cause this error (its a 2 part form and a data handler)

 

<?php require_once('../../Connections/stockCONN.php'); ?>

<h1>Add new stock </h1>
<form action="databox2.php" method="post" enctype="multipart/form-data" name="form1">
  <table width="350" border="0" align="center">
    <tr>
      <td class="head">Date: </td>
      <td><input name="dateAdded" type="text" id="dateAdded" size="50" maxlength="15"></td>
    </tr>
    <tr>
      <td class="head">Item Name </td>
      <td><input name="title" type="text" id="title" size="50" maxlength="150"></td>
    </tr>
    <tr>
      <td class="head">Description</td>
      <td><textarea name="description" cols="50" rows="10" id="description"></textarea></td>
    </tr>
    <tr>
      <td class="head">Price (in £) </td>
      <td><input name="price" type="text" id="price" size="10"></td>
    </tr>
    <tr>
      <td class="head">Range:</td>
      <td><select name="cabinRange" id="cabinRange">
        <option>Jack-Leg</option>
        <option>Anti-Vandal</option>
        <option>Modular</option>
            </select></td>
    </tr>
    <tr>
      <td colspan="2"></td>
    </tr>
  </table>

    
      <div align="center">
        <input type="submit" name="Submit" value="Submit">
  </div>
      <label></label>
</form>
</body>
</html>

 

 <?php require_once('../../Connections/stockCONN.php'); ?>
<h1>PLEASE UPLOAD A CABIN IMAGE</h1>
<p>Please try to keep image sizes  to 330 pixels high and 220 pixels wide, they will be resized to this size anyway but  will look a lot better if this isn't required.</p>
<form action="datahandler.php" method="post" enctype="multipart/form-data" name="form2">
  <table width="491" height="246" border="1" align="center">
          <tr class="head">
            <td colspan="3"><div align="center"><strong>Image Upload Form </strong></div></td>
    </tr>
          <tr class="searchbox">
            <td colspan="3">Browse a File to Up Load (File must be 1MB or less) </td>
    </tr>
          <tr class="searchbox">
            <td width="374" height="63"><input name="image" type="file" size="50" id="image"></td>
      <td width="101" colspan="2" rowspan="2"></td>
      </tr>
          <tr class="searchbox">
            <td><p>
             <input name="dateAdded" type="hidden" value="<?php print $_POST[dateAdded]; ?>" />
		 <input name="title" type="hidden" value="<?php print $_POST[title]; ?>"  />
		 <input name="description" type="hidden" value="<?php print $_POST[description]; ?>" />
		 <input name="price" type="hidden" value="<?php print $_POST[price]; ?>"  />
		 <input name="cabinRange" type="hidden" value="<?php print $_POST[cabinRange]; ?>" />
              </p>      </tr>
  </table>

    
      <div align="center">
        <input type="submit" name="Submit" value="Submit">
  </div>
      <label></label>
</form>

 

<?php require_once('../../Connections/stockCONN.php'); 

// Include the error function
include('../includes/error.php'); 

   function clean($input, $maxlength)
  
{
      	$input = substr($input, 0, $maxlength);
      	$input = EscapeShellCmd($input);
      	return ($input);
  	 }
//-------------------------------------------------------- INITIALISE AN ERROR STRING -------------------------------

$errorString = "";
  
//------------------------------- GET THE POSTED VALUES, CLEAN AND TRIM --------------------------------------
   
foreach($HTTP_POST_VARS as $varname => $value)

$formVars[$varname] = trim(clean($value, 50));
//---------------------------------------------Validation for the image uploader

//------------ Description -------------------------------------------------------------------------

//The Super Global Variable $_FILES is used in PHP 4.x.x.
//$_FILES['upload']['size'] ==> Get the Size of the File in Bytes.
//$_FILES['upload']['tmp_name'] ==> Returns the Temporary Name of the File.
//$_FILES['upload']['name'] ==> Returns the Actual Name of the File.
//$_FILES['upload']['type'] ==> Returns the Type of the File.

//So if I filetoupload the file 'test.doc', the $_FILES['upload']['name']
//would be 'phptut.doc' and $_FILES['upload']['type'] would be 'application/msword'.

//------------------------------------------------------------------------------------------------------

// this is the upload dir where files will go.
//Don't remove the /
//Chmod it (777)

//---------------------- Change to whatever you want.---------------------------------------------------

$upload_dir = "../images/";   

//----------------------- Files less than 1MB -------------------------------------------------------------

$size_bytes = 1048576; //bytes  will be uploaded

//-------------------------Check if the directory exists or not --------------------------------------------


if (!is_dir("$upload_dir"))
{
die ("The directory <b>($upload_dir)</b> doesn't exist");
}
// ------------------ Check if the directory is writable. ---------------------------------------------------


if (!is_writeable("$upload_dir"))
{
        die ("The directory <b>($upload_dir)</b> is NOT writable, Please Chmod (777)");
}

//------------------------- Check first if a file has been selected
//------------------------- is_filetoupload_file('filename') returns true if
//------------------------- a file was filetoupload via HTTP POST. Returns false otherwise.



if (is_uploaded_file($_FILES['image']['tmp_name']))
{

//------------------------------- Get the Size of the File -------------------------------------------------

$size = $_FILES['image']['size'];

//----------------Make sure that $size is less than 1MB (1000000 bytes)--------------------------------------

if ($size > $size_bytes)

	{
	echo "File Too Large. Please try again.";
	exit();
	}

//-------------- $filename will hold the value of the file name submitted from the form.----------------------

$filename =  $_FILES['image']['name'];

//--------------------- Check if file is Already EXISTS.------------------------------------------------------

if(file_exists($upload_dir.$filename))
{
   	echo "The file named <b>$filename </b>already exists";
   	exit();
}

//------------- Move the File to the Directory of your choice -----------------------------------------------
//--------------Move_filetoupload_file('filename','destination') Moves an filetoupload file to a new location.

if (move_uploaded_file($_FILES['image']['tmp_name'],$upload_dir.$filename))
{

// puts the filename in the image variable for use later

$formVars["image"] = $_FILES['image']['name'];

//-------------- Tell the user that the file has been filetoupload ---------------------------------------------
//
echo "File (<a href=$upload_dir$filename>$filename</a>) uploaded!";
//	
//	exit();
}
//
else
{
//
//----------------------------Print error -----------------------------------------------------------------------
echo "There was a problem moving your file";
exit();

}
}

//----------------- VALIDATION NOW FINISHED. CHECK IF THERE WERE ANY ERRORS ---------------------
// 
if (!empty($errorString))
  
{

?>

<!-------------------------------------------------------------- SHOW THE USER ERRORS -------------------------------------->

<h1>Data Validation error!</h1>

<?=$errorString?>

<br>

<!-------------------------------------------------- RETURN THE USER BACK TO THE FORM ---------------------------->  

<a href="index.php">Add Another Cabin</a> or
<a href="../index.php">Return to the Stocklist</a>

<!--------------------------------EXIT IF THERE IS AN ERROR IN THE CUSTOMER FORM --------------------------> 

<?php   
   
      exit;
  }
else {
//--------------------------------------------------------------------- DATA IS VALID -------------------------------------------------
   
//--------------------------------- INSERT DATA FROM USER QUERY ------------------------------------------

$dateAdded = $formVars["dateAdded"];
$title = $formVars["title"];
$description = $formVars["description"];
$price = $formVars["price"];
$cabinRange = $formVars["cabinRange"];
$image = $formVars["image"];

$query = "INSERT INTO stocklist(dateAdded, title, description, price, cabinRange, image)
			 VALUES ('$dateAdded',
				   '$title',
				   '$description',
				   '$price',
				   '$cabinRange',
				   '$image')";								 
      
//------------------------------------------------- RUN THE QUERY ----------------------------------------------------------------

  if (!(@ mysql_query ($query, $dbh))) showerror();   

//---------------------------------------------------------- CLOSE THE CONNECTION --------------------------------------------


mysql_close($dbh);

//----------------------------------------------------------- CONFIRM CUSTOMER QUERY --------------------------------------

if($query)

{

echo "<br /><br /><h2>Thank you!</h2> <br /><br />$title has been entered into the stocklist.<br /><br />\n";

}
}

?>
<a href="index.php">Add Another Cabin</a> or
<a href="../index.php">Return to the stocklist</a>

Link to comment
Share on other sites
neugi Member

neugi

Posted
Posted

Hi,

 

i think the problem is in your clean function:

 

try to use is this:

function clean($input, $maxlength){
      	$input = substr($input, 0, $maxlength);
      	$input = addslashes($input);
      	return ($input);
}

 

best

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.