insert not working with list of variables

Codes here !

Moderators: macek, egami, gesf

azw
New php-forum User
New php-forum User
Posts: 41
Joined: Fri Oct 11, 2002 9:13 pm
Contact:

insert not working with list of variables

Postby azw » Thu Oct 17, 2002 6:48 am

Whew. I've tried a bazillion variations but must be missing something obvious. Can someone please take a look at this and see what I'm doing wrong?

If I create the query with raw data instead of variables, it works:
_________

$Query="INSERT into $TableName values (
'0',
Now(),
'0',
'Tom',
'Tom@mail.com',
'Art',
'azw@mail.com',
'no title tomorrow',
'no message today',
'cedarCreekSavannah',
'cedar creek creep'
)";
_________

When I try to use variables, the query prints out to the screen okay, but the mail() function returns false and the record isn't in the table.
_________

$Query="INSERT into $TableName values (
'0',
Now(),
'0',
' " . $_SESSION['rName'] . " ',
' " . $_SESSION['rEmail'] . " ',
' " . $_SESSION['sName'] . " ',
' " . $_SESSION['sEmail'] . " ',
' " . $_SESSION['msgTitle'] . " ',
' " . $_SESSION['msg'] . " ',
' " . $imgSrc . " ',
' " . $imgTitle . " '
)";
_________

I wondered if it was impossible to use SESSION variables, so I made new variables. That did the same thing.
_________

// create non-session variables for insert
$rN=$_SESSION['rName'];
$rE=$_SESSION['rEmail'];
$sN=$_SESSION['sName'];
$sE=$_SESSION['sEmail'];
$mT=$_SESSION['msgTitle'];
$ms=$_SESSION['msg'];

$Query="INSERT into $TableName values (
'0',
Now(),
'0',
' ".$rN." ',
' ".$rE." ',
' ".$sN." ',
' ".$sE." ',
' ".$mT." ',
' ".$ms." ',
' ".$imgSrc." ',
' ".$imgTitle." '
)";
_________

Here's the rest of the code I'm using for the insert
_________

// for testing only
print ("query: <br>$Query<p />\n");

// add data to db
if (mysql_db_query($DBName, $Query, $Link)){ // if successful, send notification to recipient
_________

When I print the query to the screen it reads:
_________

INSERT into artCard values ( '0', Now(), '0', ''azw', 'azw@mail.com', 'art', 'azw@mail.com', 'test6', 'test6', 'filename.jpg', 'Winter Flood Plain III' )

Any hints? I'm having way too much fun with this all by myself....
Thanks!

DoppyNL

Postby DoppyNL » Thu Oct 17, 2002 7:24 am

you're query has got one ' to much:

Code: Select all

INSERT into artCard values ( '0', Now(), '0', ''azw', 'azw@mail.com', 'art', 'azw@mail.com', 'test6', 'test6', 'filename.jpg', 'Winter Flood Plain III' )

see the fourth field.

This is probably due to the fact it is in the variable itsself ($sE).
You can use the function addslashes to escape any characters that should be escaped when used in a query (see manual for more details).

Greetz Daan

azw
New php-forum User
New php-forum User
Posts: 41
Joined: Fri Oct 11, 2002 9:13 pm
Contact:

Postby azw » Thu Oct 17, 2002 7:37 am

oops. I corrected that in the code, but forgot to update the output.

BUT...I added addslashes() to the jpg file name and the darn thing worked! So you did solve the problem.

Should I use addslashes with every individual entry or do you just use it in some instances?

Thanks!

DoppyNL

Postby DoppyNL » Thu Oct 17, 2002 8:52 am

Best thing is to add it to all fields, because then the chance is bigger that you're query will work.
You're depending on the input from users, allways asume there really stupid!

Greetz Daan

azw
New php-forum User
New php-forum User
Posts: 41
Joined: Fri Oct 11, 2002 9:13 pm
Contact:

Postby azw » Thu Oct 17, 2002 6:30 pm

Thanks, that part of the script seems to be okay now....on with the rest!

Do you also use addslashes() for data elements your script adds to the database? In my case there are identifiers for images the user selects from several options. The user can't change those bits of data and I have total control over the form of that data, so it doesn't seem necessary to do the extra step.

I appreciate being able to consult with someone with experience!

DoppyNL

Postby DoppyNL » Thu Oct 17, 2002 10:47 pm

addslashes only needs to be used when there is a possibility that something in a string has to be escaped because otherwise you're query doesn't work.

If you're script generates some values you want to enter, there should be no need to use addslashes.

remember that ANY value that comes from the user could be different than you expect, users can edit you're form!
don't get too paranoid though :)

You can check from field to field if it is necesary to use addslashes, allthough using it on all of them won't do any harm to you're query.

Greetz Daan

azw
New php-forum User
New php-forum User
Posts: 41
Joined: Fri Oct 11, 2002 9:13 pm
Contact:

Postby azw » Fri Oct 18, 2002 6:13 am

Thanks, that helps!


Return to “mySQL & php coding”

Who is online

Users browsing this forum: Exabot [Bot] and 1 guest

cron