Having Difficulty with a POST

Firestorm3d · February 8, 2008

im having issues with this code that is supposed to post into a mysql database.

my error

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

my code

<?php 
$guild = $_POST['guild'];
$guildid = $_POST['guildid'];
$playername = $_POST['playername'];
$playerid = $_POST['playerid'];
$coords = $_POST['coords'];
$cc = $_POST['cc'];
$defense01 = $_POST['defense01'];
$defense02 = $_POST['defense02'];
$defense03 = $_POST['defense03'];
$defense04 = $_POST['defense04'];
$defense05 = $_POST['defense05'];
$defense06 = $_POST['defense06'];
$defense07 = $_POST['defense07'];
$defense08 = $_POST['defense08'];
$defense09 = $_POST['defense09'];
$defense10 = $_POST['defense10'];
function connect(){


$con = mysql_connect("localhost","root","sin3169");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }
mysql_select_db("data", $con);
}

function closecon(){
mysql_close($con);
}

function playercheck(){
connect();
$result = mysql_query("SELECT * FROM astro_players WHERE player_id=$playerid") or die (mysql_error());
$row = mysql_fetch_array($result);
if($row['player_id'] != $playerid){
mysql_query("INSERT INTO astro_players (Guild_Title, Guild_ID, Player_Name, Fleet, player_id) 
VALUES ('$guild', '$guildid', '$playername', '0', '$playerid')") or die (mysql_error());
}
}
function basecheck(){
$result = mysql_query("SELECT * FROM astro_bases WHERE coord=$coords") or die (mysql_error());
$row = mysql_fetch_array($result);
if($row['coord'] != $coords){
base();
}
}
function base(){
mysql_query("INSERT INTO astro_bases (coord , cc , Defense01 , Defense02 , Defense03 , Defense04 , Defense05 , Defense06 , Defense07 , Defense08 , Defense09 , Defense10, player_id) VALUES ('$coords' , '$cc' , '$defense01', '$defense02', '$defense03', '$defense04', '$defense05', '$defense06', '$defense07', '$defense08', '$defense09', '$defense10','$playerid')") or die (mysql_error()); 
}
connect();
playercheck();
basecheck();
closecon();

header('Location : http://localhost/inputastro.php');
?>

PHP Monkeh · February 8, 2008

You don't happen to know which insert is generating the error do you? You could try commenting out the first insert and seeing if the error still occurs etc. Anyway there's 2 things which I think you should change:

mysql_query("INSERT INTO astro_players (Guild_Title, Guild_ID, Player_Name, Fleet, player_id) 
VALUES ('$guild', '$guildid', '$playername', '0', '$playerid')") or die (mysql_error());

The 0 there I'm going to assume you wish to be an integer, so you can remove the ' ' around it.

Also, if any of the inputs include a " or ' you're going to get errors. So you should either start using mysql_real_escape_string around your inputs or addslashes(). Example:

$guild = addslashes($_POST['guild']);

linuxlord · February 8, 2008

use the following function to avoid this prob while using text input

function escape($string)
{
    if(!get_magic_quotes_gpc())
     {
return addslashes($string);
     }
return $string;
}

like this

$playername = escape($_POST['playername']);

also, the ' ' around a numeric is not a problem.

aschk · February 8, 2008

I recommend you build your SQL statement as a variable outside of the mysql_query function, e.g.

$sql = "SELECT * FROM <table> WHERE <field> = '{$variable}' ";

Then you can do "echo $sql;" to see what is actually being sent to the database. And you can also show us what it is too

Sign In

Having Difficulty with a POST

Recommended Posts

Firestorm3d

Link to comment

Share on other sites

PHP Monkeh

Link to comment

Share on other sites

linuxlord

Link to comment

Share on other sites

aschk

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information