Howdy,
I'm a but of a newbie and I'd appreciate some help with a MySQL issue
I'm having. I'm trying to insert some data into MySQL from a POST form
but the query breaks whenever a user fails to fill out a value. Here's
the PHP code that breaks when the $_POST[opus] variable is left blank:
mysql_query("INSERT INTO piece VALUES (NULL, '$_POST[composer]',
$_POST[opus], $_POST[year], '$_POST[name]' , '$_POST[work_type]',
$_COOKIE[user_cookie])") or die(mysql_error());
Here's my error message:
"You have an error in your SQL syntax. Check the manual that
corresponds to your MySQL server version for the right syntax to use
near '1865,'Symphony No. 2 in B-flat Major','1',15)' at line 1"
And lastly, here's the settings of the mySQL field:
opus is a mediumint of length nine. NULL = yes. Default = NULL.
Thanks,
Jacob
3  6870 
Looks like you're not escaping the POST'd data, which is very
dangerous, unless you are automagically escaping incoming data.
Anyway, I'd suggest storing your query in a string, then echoing it
before it is executed so you can see the entire query, Then you might
be able to see where the problem is. Nothing jumps out at me after a
cursory glance at your code.
>I'm a but of a newbie and I'd appreciate some help with a MySQL issue I'm having. I'm trying to insert some data into MySQL from a POST form
but the query breaks whenever a user fails to fill out a value. Here's
Then don't submit the query if the user fails to fill in a value.
Give the user an error message. Or if it's legitimate and you
want to insert a null value, replace the unset value with the
word null (for integers where you're not enclosing the value in
quotes).
You're also begging for a SQL injection attack here. And
happens if $_POST['name'] is:
Beethoven's 5th symphony
which will also cause SQL errors?
If you take input from the browser (which includes anything from
$_GET, $_POST, $_REQUEST, or $_COOKIE) and put it into SQL
without at a minimum quoting it first (e.g. with addslashes()
or mysql_escape_string()), you're in trouble. If user input
(especially a single or double quote as part of the input)
can cause SQL errors, you're in trouble.
the PHP code that breaks when the $_POST[opus] variable is left blank:
mysql_query("INSERT INTO piece VALUES (NULL, '$_POST[composer]',
$_POST[opus], $_POST[year], '$_POST[name]' , '$_POST[work_type]',
$_COOKIE[user_cookie])") or die(mysql_error());
Here's my error message:
"You have an error in your SQL syntax. Check the manual that
corresponds to your MySQL server version for the right syntax to use
near '1865,'Symphony No. 2 in B-flat Major','1',15)' at line 1"
Gordon L. Burditt This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Lenz Grimmer |
last post by:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
MySQL 4.0.14, a new version of the popular Open Source/Free Software
Database, has been released. It is now available in source and binary...
|
by: Kenneth Illingsworth |
last post by:
--=_603E7359.5B3A569C
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
I suspect that this is some kind of issue with...
|
by: Mike Chirico |
last post by:
Interesting Things to Know about MySQL
Mike Chirico (mchirico@users.sourceforge.net)
Copyright (GPU Free Documentation License) 2004
Last Updated: Mon Jun 7 10:37:28 EDT 2004
The latest...
|
by: jlee |
last post by:
I'm pretty much a newbie on mysql, and I need some help.
I am running mysql Ver 12.22 Distrib 4.0.24, for portbld-freebsd5.4
(i386) on a server hosting an active website.
The site's developer...
|
by: speralta |
last post by:
My tired old eyes may be failing me, but the following insert
statements look correct to me, but I can't seem to get a clean insert
from a fairly large text file database into mysql. I was...
|
by: Ike |
last post by:
Recently, I began using a different MySQL verver (i.e. different machine as
well as different version#, going from 4.12a to 4.1.9 max).
The following query used to work:
select firstname,...
|
by: Boujii |
last post by:
Greetings, I have been attempting to make a drop down menu of countries. From this menu I wish to create a variable in order to INPUT into mysql database. I have no trouble making the drop down menu,...
|
by: josie23 |
last post by:
Egad,
I'm not a coder/programmer by nature or occupation but understand things like html and css and a small amount of perl. So, basically, I'm a perl/mysql imbecile.
But, I've been trying to...
|
by: Atli |
last post by:
You may be wondering why you would want to put your files “into” the database, rather than just onto the file-system. Well, most of the time, you wouldn’t.
In situations where your PHP application...
|
by: ssnaik84 |
last post by:
Hi Guys,
Last year I got a chance to work with R&D team, which was working on DB scripts conversion..
Though there is migration tool available, it converts only tables and constraints..
Rest of...
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
| |
