brad12345 Posted March 31, 2008 Share Posted March 31, 2008 hi all im getting this error Parse error: syntax error, unexpected T_VARIABLE in /home/it224/martinb/public_html/indexbk/newOwner.php on line 60 $addOwner = $_POST['addOwner']; $phoneNumber = $_POST['phoneNumber']; $address = $_POST['address']; $ownerName = $_POST['ownerName']; $title = $_POST['title']; echo("<font face='Arial'>"); $self = $_SERVER['PHP_SELF']; if (isset($_POST['addOwner']) //Insert new owner data into the database martinb //Theres something wrong with the below INSERT, can i use the variables as INPUT data from $_POST ??????? $createQuery1 = "INSERT INTO tblOwnerBK ('title', 'ownerName','address','phoneNumber') VALUES ($title,$ownerName,$address,$phoneNumber)"; Line 60 is the last line Link to comment https://forums.phpfreaks.com/topic/98788-small-code-bug-help/ Share on other sites More sharing options...
truck7758 Posted March 31, 2008 Share Posted March 31, 2008 $createQuery1 = "INSERT INTO tblOwnerBK (`title`, `ownerName`,`address`,`phoneNumber`) VALUES ('".$title."','".$ownerName."','".$address."','".$phoneNumber."')"; try that Link to comment https://forums.phpfreaks.com/topic/98788-small-code-bug-help/#findComment-505493 Share on other sites More sharing options...
dmccabe Posted March 31, 2008 Share Posted March 31, 2008 I think you need to set the variable from $_POST $title= $_POST['title'] VALUES ($title)"; You can do it straight from $_POST inside the insert statement, but it is a mess of " and ' and I never get it right Link to comment https://forums.phpfreaks.com/topic/98788-small-code-bug-help/#findComment-505495 Share on other sites More sharing options...
kenrbnsn Posted March 31, 2008 Share Posted March 31, 2008 Never trust user input. Always validate or at least use mysql_real_escape_string(). <?php $addOwner = mysql_real_escape_string(stripslashes($_POST['addOwner'])); $phoneNumber = mysql_real_escape_string(stripslashes($_POST['phoneNumber'])); $address = mysql_real_escape_string(stripslashes($_POST['address'])); $ownerName = mysql_real_escape_string(stripslashes($_POST['ownerName'])); $title = mysql_real_escape_string(stripslashes($_POST['title'])); echo "<font face='Arial'>"; $self = $_SERVER['PHP_SELF']; if (isset($_POST['addOwner'])) // <--- This was your original problem -- you left off the ending parenthesis //Insert new owner data into the database martinb //Theres something wrong with the below INSERT, can i use the variables as INPUT data from $_POST ??????? $createQuery1 = "INSERT INTO tblOwnerBK (title, ownerName, address, phoneNumber) VALUES ('$title','$ownerName','$address','$phoneNumber')"; ?> Field names should not be in quotes, field values need to be quoted. Use backticks ( ` ) around field names if they are reserved words in MySQL. Ken Link to comment https://forums.phpfreaks.com/topic/98788-small-code-bug-help/#findComment-505503 Share on other sites More sharing options...
brad12345 Posted March 31, 2008 Author Share Posted March 31, 2008 $createQuery1 = "INSERT INTO tblOwnerBK (`title`, `ownerName`,`address`,`phoneNumber`) VALUES ('".$title."','".$ownerName."','".$address."','".$phoneNumber."')"; didnt work ??? hmm im confuzzeled as bout this one gah!@ Link to comment https://forums.phpfreaks.com/topic/98788-small-code-bug-help/#findComment-505507 Share on other sites More sharing options...
kenrbnsn Posted March 31, 2008 Share Posted March 31, 2008 Please tell us what why it didn't work. Ken Link to comment https://forums.phpfreaks.com/topic/98788-small-code-bug-help/#findComment-505511 Share on other sites More sharing options...
brad12345 Posted March 31, 2008 Author Share Posted March 31, 2008 Thanks ken that fixed it and ill take your advice and not trust user input haha such a small typo gah soo stupid Link to comment https://forums.phpfreaks.com/topic/98788-small-code-bug-help/#findComment-505513 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.