Jump to content

Archived

This topic is now archived and is closed to further replies.

Doomflame

It won't insert user input!

Recommended Posts

The code below enters the values $title, $id, and $value into the database, not their values. All of them are set.

 


$sql = \'INSERT INTO `stocks` (`Title`, `ID`, `Value`) VALUES (\'$title\', \'$id\', \'$value\');\'; 

$query = mysql_query($sql);

if ($query) {

echo "Success!";

} else {

echo "ERROR!";

}

 

Can anyone help me?

Share this post


Link to post
Share on other sites

WHen you start a string with a single tic it\'s interpreted to be a string literal by php. Use a double quote around the assignment instead, and php will do the variable replacement you expect.

 

[php:1:501ca3e94d]<?php

$sql = \"INSERT INTO `stocks` (`Title`, `ID`, `Value`) VALUES (\'$title\', \'$id\', \'$value\');\";

$query = mysql_query($sql);

if ($query) {

echo \"Success!\";

} else {

echo \"ERROR!\";

}

?>[/php:1:501ca3e94d]

Share this post


Link to post
Share on other sites

Do the strip slash when u initally get the variable

 

$sql = "INSERT INTO `stocks` (`Title`, `ID`, `Value`) VALUES ($title, $id, $value)"; 

Share this post


Link to post
Share on other sites

I got it to work, I remembered that mysql_error() shows error info, and I just did stripslashes and took the slashes out of that mysql code.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.