uramagget Posted May 28, 2007 Share Posted May 28, 2007 I'm currently using this PHP Code for my form: <? include "../config.inc.php"; // Connect to server and select database. $tbl_name = "pokemon"; mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("$username can't connect to mySQL database..."); // POST Data retrieved from form $id=$_POST['id']; $name=$_POST['name']; $num=$_POST['num']; $type1=$_POST['type1']; $type2=$_POST['type2']; $class=$_POST['class']; $height=$_POST['height']; $weight=$_POST['weight']; $malerat=$_POST['malerat']; $femalerat=$_POST['femalerat']; $ability=$_POST['ability']; $abilitydesc=$_POST['type1']; $gen=$_POST['gen']; $genlocation=$_POST['genlocation']; $attack=$_POST['attack']; $defense=$_POST['defense']; $speed=$_POST['speed']; $spattack=$_POST['spattack']; $spdefense=$_POST['spdefense']; $rbyloc=$_POST['rubyloc']; $gscloc=$_POST['gscloc']; $rseloc=$_POST['rseloc']; $frlgloc=$_POST['frlgloc']; $dploc=$_POST['dploc']; $sql = "INSERT INTO $tbl_name(`id`, `name`, `num`, `type1`, `type2`, `class`, `height`, `weight`, `malerat`, `femalerat`, `ability`, `abilitydesc`, `gen`, `genlocation`, `hp`, `attack`, `defense`, `speed`, `spattack`, `spdefense`) VALUES (`$id`, `$name`, `$num`, `$type1`, `$type2' , '$class' , '$height' , '$weight' , '$malerat' , '$femalerat' , '$ability' , '$abilitydesc' , '$gen' , '$rbyloc' , '$gscloc' , '$rseloc' , '$frlgloc' , '$dploc' , '$hp' , '$attack' , '$defense', '$speed', '$spattack', '$spdefense')"; $result=mysql_query($sql); if($result){ echo "<a href=\"http://www.pokeuniverse.info/pokemon/$id/\">$name</a> was added to the Pokedex!"; echo "<a href=\"valid.php\">Modify/Add Another Pokemon</a>"; } else { echo "Mistake while adding Pokemon. Go <a href=\"valid.php\">back</a> and try again."; } mysql_close(); ?> Then, after I submitted via the form, it gives me the error "Mistake while adding Pokemon". Is this some sort of syntax error with the SQL code? I can't seem to find the error.... Please help.. Link to comment https://forums.phpfreaks.com/topic/53331-hmm-php-code-not-working/ Share on other sites More sharing options...
pocobueno1388 Posted May 28, 2007 Share Posted May 28, 2007 Change this line: $result=mysql_query($sql); to this one: $result=mysql_query($sql) or die(mysql_error()); so you can catch any errors, since the problem is obviously in your $result query. Link to comment https://forums.phpfreaks.com/topic/53331-hmm-php-code-not-working/#findComment-263562 Share on other sites More sharing options...
uramagget Posted May 29, 2007 Author Share Posted May 29, 2007 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 And line is is <?, so what in the world is going on? Link to comment https://forums.phpfreaks.com/topic/53331-hmm-php-code-not-working/#findComment-263566 Share on other sites More sharing options...
kenrbnsn Posted May 29, 2007 Share Posted May 29, 2007 You're using the wrong type of quotes to surround the values in this line: <?php $sql = "INSERT INTO $tbl_name(`id`, `name`, `num`, `type1`, `type2`, `class`, `height`, `weight`, `malerat`, `femalerat`, `ability`, `abilitydesc`, `gen`, `genlocation`, `hp`, `attack`, `defense`, `speed`, `spattack`, `spdefense`) VALUES (`$id`, `$name`, `$num`, `$type1`, `$type2' , '$class' , '$height' , '$weight' , '$malerat' , '$femalerat' , '$ability' , '$abilitydesc' , '$gen' , '$rbyloc' , '$gscloc' , '$rseloc' , '$frlgloc' , '$dploc' , '$hp' , '$attack' , '$defense', '$speed', '$spattack', '$spdefense')"; ?> They should be regular single quotes, not backticks. Ken Link to comment https://forums.phpfreaks.com/topic/53331-hmm-php-code-not-working/#findComment-263568 Share on other sites More sharing options...
pocobueno1388 Posted May 29, 2007 Share Posted May 29, 2007 EDIT: Ah, Ken probably got the answer...I didn't catch that. Although you should probably take the advice on the mysql_real_escape_strings part of my post. First off, check your spelling for ALL your field names for the table. When it says line 1 they are talking about the query, not the entire script...so don't worry about that. Also you should use mysql_real_escape_string on ALL your $_POST values. http://php.net/mysql_real_escape_string <?php // POST Data retrieved from form $id=mysql_real_escape_string($_POST['id']); $name=mysql_real_escape_string($_POST['name']); $num=mysql_real_escape_string($_POST['num']); //....and so on ?> That will make sure that you have no illegal characters going into the database that can cause errors in your query. Link to comment https://forums.phpfreaks.com/topic/53331-hmm-php-code-not-working/#findComment-263573 Share on other sites More sharing options...
uramagget Posted May 29, 2007 Author Share Posted May 29, 2007 $sql = "INSERT INTO $tbl_name('id' , 'name' , 'num' , 'type1' , 'type2' , 'class' , 'height' , 'weight' , 'malerat' , 'femalerat' , 'ability' , 'abilitydesc' , 'gen' , 'genlocation' , 'hp' , 'attack' , 'defense' , 'speed' , 'spattack' , 'spdefense') VALUES ('$id' , '$name' , '$num' , '$type1' , '$type2' , '$class' , '$height' , '$weight' , '$malerat' , '$femalerat' , '$ability' , '$abilitydesc' , '$gen' , '$rbyloc' , '$gscloc' , '$rseloc' , '$frlgloc' , '$dploc' , '$hp' , '$attack' , '$defense' , '$speed' , '$spattack' , '$spdefense')"; :/; Still not working. I'll try mysql_real_escape, then. Link to comment https://forums.phpfreaks.com/topic/53331-hmm-php-code-not-working/#findComment-263601 Share on other sites More sharing options...
AndyB Posted May 29, 2007 Share Posted May 29, 2007 :/; Still not working. I'll try mysql_real_escape, then. Did you add the recommended error display to the query execution? Surely that explains the problem? If you didn't, try this: $result=mysql_query($sql) or die("Error: ". mysql_error(). " with query ". $sql); Link to comment https://forums.phpfreaks.com/topic/53331-hmm-php-code-not-working/#findComment-263604 Share on other sites More sharing options...
uramagget Posted May 29, 2007 Author Share Posted May 29, 2007 I've certainly tried this, and it does not change the error message. :/; Link to comment https://forums.phpfreaks.com/topic/53331-hmm-php-code-not-working/#findComment-264190 Share on other sites More sharing options...
uramagget Posted May 29, 2007 Author Share Posted May 29, 2007 Oh, wait: INSERT INTO pokemon('id' , 'name' , 'num' , 'type1' , 'type2' , 'class' , 'height' , 'weight' , 'malerat' , 'femalerat' , 'ability' , 'abilitydesc' , 'gen' , 'genlocation' , 'hp' , 'attack' , 'defense' , 'speed' , 'spattack' , 'spdefense') VALUES ('dude' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude' , '' , '' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude') http://dex.pokeuniverse.info/admin/valid.php The form. Link to comment https://forums.phpfreaks.com/topic/53331-hmm-php-code-not-working/#findComment-264198 Share on other sites More sharing options...
eric1235711 Posted May 29, 2007 Share Posted May 29, 2007 you got to use the backquotes or no quotes for the fields name... Link to comment https://forums.phpfreaks.com/topic/53331-hmm-php-code-not-working/#findComment-264208 Share on other sites More sharing options...
eric1235711 Posted May 29, 2007 Share Posted May 29, 2007 and you have to use single quotes or double quotes for the values such: <?php $SQL = "INSET INTO table (`field1`, `field2`) VALUES ('value1' , 'value2') "; ?> Link to comment https://forums.phpfreaks.com/topic/53331-hmm-php-code-not-working/#findComment-264213 Share on other sites More sharing options...
uramagget Posted May 29, 2007 Author Share Posted May 29, 2007 Finally! It actually works@! Thanks everybody for the help! : Link to comment https://forums.phpfreaks.com/topic/53331-hmm-php-code-not-working/#findComment-264216 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.