cooldude832 Posted July 14, 2007 Share Posted July 14, 2007 I've tried moving stuff around changing quotes still get a whitespace escaped error here is the query <?php mysql_query("INSERT INTO `items` (`Status`,`Attack`,`Defense`,`HP`,`ItemClass`,`Version`) VALUES('0','$items['attack']','$items['defense']','$items['hp']','$item['class']','$_POST['version']')" or die(mysql_error()); ?> {/code] Quote Link to comment Share on other sites More sharing options...
hackerkts Posted July 14, 2007 Share Posted July 14, 2007 Try this, <?php mysql_query("INSERT INTO `items` (`Status`,`Attack`,`Defense`,`HP`,`ItemClass`,`Version`) VALUES('0','$items["attack"]','$items["defense"]','$items["hp"]','$item["class"]','$_POST["version"]')" or die(mysql_error()); ? Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted July 14, 2007 Author Share Posted July 14, 2007 now i get: Parse error: syntax error, unexpected '"', expecting T_STRING or T_VARIABLE or T_NUM_STRING in /hsphere/local/home/pira00/pira00.worldispnetwork.com/kash/createitem.php on line 76 line 76 is: VALUES('0','$items["attack"]','$items["defense"]','$items["hp"]','$item["class"]','$_POST["version"]')" Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted July 14, 2007 Author Share Posted July 14, 2007 i fixed the $item to $items on class, but now my server is lagging Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted July 14, 2007 Author Share Posted July 14, 2007 Its not liking my escape for the array keys any tips? Quote Link to comment Share on other sites More sharing options...
marcus Posted July 14, 2007 Share Posted July 14, 2007 Remove the double quotes in your values. Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted July 14, 2007 Author Share Posted July 14, 2007 I got it, not the way i wanted to do it take it like this <?php $values = "'0','".$item['attack']."','".$item['defense']."','".$item['hp']."','".$item['class']."','".$_POST['version']."'"; mysql_query("INSERT INTO `items` (`Status`,`Attack`,`Defense`,`HP`,`ItemClass`,`Version`) VALUES($values)")or die(mysql_error()); ?> Quote Link to comment Share on other sites More sharing options...
keeB Posted July 14, 2007 Share Posted July 14, 2007 $attack = $items['attack']; . . . . $version = $_POST['version']; <?php mysql_query("INSERT INTO `items` (`Status`,`Attack`,`Defense`,`HP`,`ItemClass`,`Version`) VALUES('0','$attack','$items['defense']','$items['hp']','$item['class']','$version')" or die(mysql_error()); ?> Just finish it up. Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted July 14, 2007 Author Share Posted July 14, 2007 Thats a waste in my eyes, i rather restructre $items to a flat var setting instead of array before i duplicate values Quote Link to comment Share on other sites More sharing options...
keeB Posted July 14, 2007 Share Posted July 14, 2007 Well I'd much rather use a OO Concept, but I'm doing the best with what you gave me. Using POST values directly in your Query string is laughable at best. It's also VERY prone to SQL Injection in it's current state. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.