Hmm, PHP code not working

[uramagget]

I'm currently using this PHP Code for my form:

 

<?
include "../config.inc.php";

// Connect to server and select database.
$tbl_name = "pokemon";
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("$username can't connect to mySQL database...");

// POST Data retrieved from form
$id=$_POST['id'];
$name=$_POST['name'];
$num=$_POST['num'];
$type1=$_POST['type1'];
$type2=$_POST['type2'];
$class=$_POST['class'];
$height=$_POST['height'];
$weight=$_POST['weight'];
$malerat=$_POST['malerat'];
$femalerat=$_POST['femalerat'];
$ability=$_POST['ability'];
$abilitydesc=$_POST['type1'];
$gen=$_POST['gen'];
$genlocation=$_POST['genlocation'];
$attack=$_POST['attack'];
$defense=$_POST['defense'];
$speed=$_POST['speed'];
$spattack=$_POST['spattack'];
$spdefense=$_POST['spdefense'];
$rbyloc=$_POST['rubyloc'];
$gscloc=$_POST['gscloc'];
$rseloc=$_POST['rseloc'];
$frlgloc=$_POST['frlgloc'];
$dploc=$_POST['dploc'];

$sql = "INSERT INTO $tbl_name(`id`, `name`, `num`, `type1`, `type2`, `class`, `height`, `weight`, `malerat`, `femalerat`, `ability`, `abilitydesc`, `gen`, `genlocation`, `hp`, `attack`, `defense`, `speed`, `spattack`, `spdefense`) VALUES (`$id`, `$name`, `$num`, `$type1`, `$type2' , '$class' , '$height' , '$weight' , '$malerat' , '$femalerat' , '$ability' , '$abilitydesc' , '$gen' , '$rbyloc' , '$gscloc' , '$rseloc' , '$frlgloc' , '$dploc' , '$hp' , '$attack' , '$defense', '$speed', '$spattack', '$spdefense')";
$result=mysql_query($sql);

if($result){
echo "<a href=\"http://www.pokeuniverse.info/pokemon/$id/\">$name</a> was added to the Pokedex!";
echo "<a href=\"valid.php\">Modify/Add Another Pokemon</a>";
}
else {
echo "Mistake while adding Pokemon. Go <a href=\"valid.php\">back</a> and try again.";
}
mysql_close();
?>

 

 

Then, after I submitted via the form, it gives me the error "Mistake while adding Pokemon". Is this some sort of syntax error with the SQL code? I can't seem to find the error.... Please help..

[pocobueno1388]

Change this line:

$result=mysql_query($sql);

 

to this one:

$result=mysql_query($sql) or die(mysql_error());

 

so you can catch any errors, since the problem is obviously in your $result query.

[uramagget]

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

 

And line is is <?, so what in the world is going on?

[kenrbnsn]

You're using the wrong type of quotes to surround the values in this line:

<?php
$sql = "INSERT INTO $tbl_name(`id`, `name`, `num`, `type1`, `type2`, `class`, `height`, `weight`, `malerat`, `femalerat`, `ability`, `abilitydesc`, `gen`, `genlocation`, `hp`, `attack`, `defense`, `speed`, `spattack`, `spdefense`) VALUES (`$id`, `$name`, `$num`, `$type1`, `$type2' , '$class' , '$height' , '$weight' , '$malerat' , '$femalerat' , '$ability' , '$abilitydesc' , '$gen' , '$rbyloc' , '$gscloc' , '$rseloc' , '$frlgloc' , '$dploc' , '$hp' , '$attack' , '$defense', '$speed', '$spattack', '$spdefense')";
?>

They should be regular single quotes, not backticks.

 

Ken

[pocobueno1388]

EDIT: Ah, Ken probably got the answer...I didn't catch that. Although you should probably take the advice on the mysql_real_escape_strings part of my post.

 

First off, check your spelling for ALL your field names for the table. When it says line 1 they are talking about the query, not the entire script...so don't worry about that.

 

Also you should use mysql_real_escape_string on ALL your $_POST values.

http://php.net/mysql_real_escape_string

 

<?php

// POST Data retrieved from form

$id=mysql_real_escape_string($_POST['id']);
$name=mysql_real_escape_string($_POST['name']);
$num=mysql_real_escape_string($_POST['num']);

//....and so on
?>

 

That will make sure that you have no illegal characters going into the database that can cause errors in your query.

 

 

[uramagget]

$sql = "INSERT INTO $tbl_name('id' , 'name' , 'num' , 'type1' , 'type2' , 'class' , 'height' , 'weight' , 'malerat' , 'femalerat' , 'ability' , 'abilitydesc' , 'gen' , 'genlocation' , 'hp' , 'attack' , 'defense' , 'speed' , 'spattack' , 'spdefense') VALUES ('$id' , '$name' , '$num' , '$type1' , '$type2' , '$class' , '$height' , '$weight' , '$malerat' , '$femalerat' , '$ability' , '$abilitydesc' , '$gen' , '$rbyloc' , '$gscloc' , '$rseloc' , '$frlgloc' , '$dploc' , '$hp' , '$attack' , '$defense' , '$speed' , '$spattack' , '$spdefense')";

 

 

:/; Still not working. I'll try mysql_real_escape, then.

[AndyB]

:/; Still not working. I'll try mysql_real_escape, then.

 

Did you add the recommended error display to the query execution?  Surely that explains the problem? If you didn't, try this:

 

$result=mysql_query($sql) or die("Error: ". mysql_error(). " with query ". $sql);

[uramagget]

I've certainly tried this, and it does not change the error message. :/;

[uramagget]

Oh, wait:

 

INSERT INTO pokemon('id' , 'name' , 'num' , 'type1' , 'type2' , 'class' , 'height' , 'weight' , 'malerat' , 'femalerat' , 'ability' , 'abilitydesc' , 'gen' , 'genlocation' , 'hp' , 'attack' , 'defense' , 'speed' , 'spattack' , 'spdefense') VALUES ('dude' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude' , '' , '' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude')

 

http://dex.pokeuniverse.info/admin/valid.php The form.

 

[eric1235711]

you got to use the backquotes or no quotes for the fields name...

[eric1235711]

and you have to use single quotes or double quotes for the values

 

such:

 

<?php

$SQL = "INSET INTO table (`field1`, `field2`) VALUES ('value1' , 'value2') ";

?>

[uramagget]

Finally! It actually works@! Thanks everybody for the help! :