Hi, I seem to be having a problem inserting data into a database -
// check to make sure fields are entered
-
if ($name == '' || $address1== '' || $address2 == '' || $town == '' || $county == '' || $postcode == '' || $info == '' || $price == '')
-
{
-
// generate error message
-
$error = 'ERROR: Please fill in all required fields!';
-
-
// if either field is blank, display the form again
-
renderForm($name, $address1, $address2, $address1, $town, $county, $postcode, $info, $price, $error);
-
}
-
else
-
{
-
// save the data to the database
-
mysql_query("INSERT houses SET name='$name', address1='$address1',
-
address2='$address2', town='$town', county='$county', postcode='$postcode', info='$info', price='$price' WHERE id='$id'")
-
or die(mysql_error());
-
-
// once saved, redirect back to the view page
-
header("Location: admin.php");
-
}
-
}
-
else
-
// if the form hasn't been submitted, display the form
-
{
-
renderForm('','','','','','','','','');
-
}
-
?>
-
-
The error i'm getting is
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE id=''' at line 2
As from what i see in your code (which is not escaping anything - may the good SQL Injections be with you) your $id variable is simply empty.
That's what the SQL Error tells you.
ALWAYS sanitize ANY Userinput and verifyt the where clause has valid and filled variables (as in any other usecase where you handle external user-input which is always possibly filtrated with potential exploit code)
2 1460
1. Read Insert Query structure again(If you read before) from the documentation.
2. read about sql injection from wiki
3. read about mysq_real_escape_string from php.net
As from what i see in your code (which is not escaping anything - may the good SQL Injections be with you) your $id variable is simply empty.
That's what the SQL Error tells you.
ALWAYS sanitize ANY Userinput and verifyt the where clause has valid and filled variables (as in any other usecase where you handle external user-input which is always possibly filtrated with potential exploit code)
Sign in to post your reply or Sign up for a free account.
Similar topics
by: Manuel |
last post by:
I'm trying to compile glut 3.7.6 (dowbloaded from official site)using
devc++.
So I've imported the glut32.dsp into devc++, included manually some
headers, and start to compile.
It return a very...
|
by: Wescotte |
last post by:
The error message Parse error: syntax error, unexpected $end in FILE on
line X is one I run into frequently and I know the cause is I missed an
ending quote.
Is there an easy way to determine...
|
by: rhys |
last post by:
My Gurus and Angels --
Please pardon this old-school programmer, only recently enlightened to open-source, having been trapped in the convenience of proprietary lingos for way too long. My...
|
by: SilvaZodiac |
last post by:
Hi everyone,
I'm still rather new to PHP code, and I have a syntax error. I've tried several different solutions, but it won't fix. It seems to suggest that I need a new bracket somewhere in the...
|
by: paulrajj |
last post by:
hi to all,
i am getting syntax error on my code..
Parse error: syntax error, unexpected T_STRING, expecting ',' or ';' in D:\xampp\htdocs\Dummy\paulraj\matrim\exam.php on line 62
...
|
by: benicio |
last post by:
Parse error: syntax error, unexpected T_STRING, expecting '(' in C:\wamp\www\study_group\includes\functions.php on line 19
I got this error and this syntax is from 8 to 19th line.
<?php
...
|
by: brkseven |
last post by:
Looking for help with this Contact Form.
The error is on line 1, but that' doesn't mean a lot, I think. In fact, a php syntax check passed it, but I was hoping for an easy syntax error, it looks...
|
by: CYNTHIA CUTRER |
last post by:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
...
|
by: Vicki Hendra |
last post by:
Hi
I am new to php fullstop
I and colleagues have setup wordpress blogs for our local towns, giving the local businesses free advertisment.
Part of the problem started when using wordpress...
|
by: Adam Pelling |
last post by:
I'm getting this error
Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING, expecting ')' in /home/neblncbt/public_html/forum/includes/acp/acp_board.php on line 69
Here is the...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
| |