uramagget Posted May 28, 2007 Share Posted May 28, 2007 I'm currently using this PHP Code for my form: <? include "../config.inc.php"; // Connect to server and select database. $tbl_name = "pokemon"; mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("$username can't connect to mySQL database..."); // POST Data retrieved from form $id=$_POST['id']; $name=$_POST['name']; $num=$_POST['num']; $type1=$_POST['type1']; $type2=$_POST['type2']; $class=$_POST['class']; $height=$_POST['height']; $weight=$_POST['weight']; $malerat=$_POST['malerat']; $femalerat=$_POST['femalerat']; $ability=$_POST['ability']; $abilitydesc=$_POST['type1']; $gen=$_POST['gen']; $genlocation=$_POST['genlocation']; $attack=$_POST['attack']; $defense=$_POST['defense']; $speed=$_POST['speed']; $spattack=$_POST['spattack']; $spdefense=$_POST['spdefense']; $rbyloc=$_POST['rubyloc']; $gscloc=$_POST['gscloc']; $rseloc=$_POST['rseloc']; $frlgloc=$_POST['frlgloc']; $dploc=$_POST['dploc']; $sql = "INSERT INTO $tbl_name(`id`, `name`, `num`, `type1`, `type2`, `class`, `height`, `weight`, `malerat`, `femalerat`, `ability`, `abilitydesc`, `gen`, `genlocation`, `hp`, `attack`, `defense`, `speed`, `spattack`, `spdefense`) VALUES (`$id`, `$name`, `$num`, `$type1`, `$type2' , '$class' , '$height' , '$weight' , '$malerat' , '$femalerat' , '$ability' , '$abilitydesc' , '$gen' , '$rbyloc' , '$gscloc' , '$rseloc' , '$frlgloc' , '$dploc' , '$hp' , '$attack' , '$defense', '$speed', '$spattack', '$spdefense')"; $result=mysql_query($sql); if($result){ echo "<a href=\"http://www.pokeuniverse.info/pokemon/$id/\">$name</a> was added to the Pokedex!"; echo "<a href=\"valid.php\">Modify/Add Another Pokemon</a>"; } else { echo "Mistake while adding Pokemon. Go <a href=\"valid.php\">back</a> and try again."; } mysql_close(); ?> Then, after I submitted via the form, it gives me the error "Mistake while adding Pokemon". Is this some sort of syntax error with the SQL code? I can't seem to find the error.... Please help.. Quote Link to comment Share on other sites More sharing options...
pocobueno1388 Posted May 28, 2007 Share Posted May 28, 2007 Change this line: $result=mysql_query($sql); to this one: $result=mysql_query($sql) or die(mysql_error()); so you can catch any errors, since the problem is obviously in your $result query. Quote Link to comment Share on other sites More sharing options...
uramagget Posted May 29, 2007 Author Share Posted May 29, 2007 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 And line is is <?, so what in the world is going on? Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted May 29, 2007 Share Posted May 29, 2007 You're using the wrong type of quotes to surround the values in this line: <?php $sql = "INSERT INTO $tbl_name(`id`, `name`, `num`, `type1`, `type2`, `class`, `height`, `weight`, `malerat`, `femalerat`, `ability`, `abilitydesc`, `gen`, `genlocation`, `hp`, `attack`, `defense`, `speed`, `spattack`, `spdefense`) VALUES (`$id`, `$name`, `$num`, `$type1`, `$type2' , '$class' , '$height' , '$weight' , '$malerat' , '$femalerat' , '$ability' , '$abilitydesc' , '$gen' , '$rbyloc' , '$gscloc' , '$rseloc' , '$frlgloc' , '$dploc' , '$hp' , '$attack' , '$defense', '$speed', '$spattack', '$spdefense')"; ?> They should be regular single quotes, not backticks. Ken Quote Link to comment Share on other sites More sharing options...
pocobueno1388 Posted May 29, 2007 Share Posted May 29, 2007 EDIT: Ah, Ken probably got the answer...I didn't catch that. Although you should probably take the advice on the mysql_real_escape_strings part of my post. First off, check your spelling for ALL your field names for the table. When it says line 1 they are talking about the query, not the entire script...so don't worry about that. Also you should use mysql_real_escape_string on ALL your $_POST values. http://php.net/mysql_real_escape_string <?php // POST Data retrieved from form $id=mysql_real_escape_string($_POST['id']); $name=mysql_real_escape_string($_POST['name']); $num=mysql_real_escape_string($_POST['num']); //....and so on ?> That will make sure that you have no illegal characters going into the database that can cause errors in your query. Quote Link to comment Share on other sites More sharing options...
uramagget Posted May 29, 2007 Author Share Posted May 29, 2007 $sql = "INSERT INTO $tbl_name('id' , 'name' , 'num' , 'type1' , 'type2' , 'class' , 'height' , 'weight' , 'malerat' , 'femalerat' , 'ability' , 'abilitydesc' , 'gen' , 'genlocation' , 'hp' , 'attack' , 'defense' , 'speed' , 'spattack' , 'spdefense') VALUES ('$id' , '$name' , '$num' , '$type1' , '$type2' , '$class' , '$height' , '$weight' , '$malerat' , '$femalerat' , '$ability' , '$abilitydesc' , '$gen' , '$rbyloc' , '$gscloc' , '$rseloc' , '$frlgloc' , '$dploc' , '$hp' , '$attack' , '$defense' , '$speed' , '$spattack' , '$spdefense')"; :/; Still not working. I'll try mysql_real_escape, then. Quote Link to comment Share on other sites More sharing options...
AndyB Posted May 29, 2007 Share Posted May 29, 2007 :/; Still not working. I'll try mysql_real_escape, then. Did you add the recommended error display to the query execution? Surely that explains the problem? If you didn't, try this: $result=mysql_query($sql) or die("Error: ". mysql_error(). " with query ". $sql); Quote Link to comment Share on other sites More sharing options...
uramagget Posted May 29, 2007 Author Share Posted May 29, 2007 I've certainly tried this, and it does not change the error message. :/; Quote Link to comment Share on other sites More sharing options...
uramagget Posted May 29, 2007 Author Share Posted May 29, 2007 Oh, wait: INSERT INTO pokemon('id' , 'name' , 'num' , 'type1' , 'type2' , 'class' , 'height' , 'weight' , 'malerat' , 'femalerat' , 'ability' , 'abilitydesc' , 'gen' , 'genlocation' , 'hp' , 'attack' , 'defense' , 'speed' , 'spattack' , 'spdefense') VALUES ('dude' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude' , '' , '' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude' , 'dude') http://dex.pokeuniverse.info/admin/valid.php The form. Quote Link to comment Share on other sites More sharing options...
eric1235711 Posted May 29, 2007 Share Posted May 29, 2007 you got to use the backquotes or no quotes for the fields name... Quote Link to comment Share on other sites More sharing options...
eric1235711 Posted May 29, 2007 Share Posted May 29, 2007 and you have to use single quotes or double quotes for the values such: <?php $SQL = "INSET INTO table (`field1`, `field2`) VALUES ('value1' , 'value2') "; ?> Quote Link to comment Share on other sites More sharing options...
uramagget Posted May 29, 2007 Author Share Posted May 29, 2007 Finally! It actually works@! Thanks everybody for the help! : Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.