I am trying to make a form post into a table.
However I am only getting "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'P','4','PD','DIS','Q','Recon','PP','SIV','Retail' )' at line 1"
PHP Code; - <form action="addstockdata.php" method="post">
-
<input class="textField" name="regNum" type="text" dir="ltr" value="Reg Number" onfocus="this.value=''" size="7" maxlength="7" onblur="this.value=this.value.toUpperCase()" />
-
<input name="pp" class="textField" type="text" dir="ltr" value="PP" onfocus="this.value=''" size="7" maxlength="7" />
-
<input name="siv" type="text" class="textField" dir="ltr" value="SIV" onfocus="this.value=''" size="7" maxlength="7" />
-
<input name="rp" type="text" dir="ltr" class="textField" value="Retail" onfocus="this.value=''" size="7" maxlength="7" /> <br />
-
<input name="make" type="text" dir="ltr" value="Make" class="textField" onfocus="this.value=''" size="15" maxlength="15" onblur="this.value=this.value.toUpperCase()" />
-
<input name="model" type="text" dir="ltr" value="Model" class="textField" onfocus="this.value=''" size="15" maxlength="15" onblur="this.value=this.value.toUpperCase()" />
-
<input name="engineSize" type="text" dir="ltr" value="Engine Size" class="textField" onfocus="this.value=''" size="4" maxlength="4" />
-
<input name="colour" type="text" dir="ltr" value="Colour" onfocus="this.value=''" class="textField" size="15" maxlength="15" onblur="this.value=this.value.toUpperCase()" />
-
<input name="year" type="text" dir="ltr" value="Year" onfocus="this.value=''" size="4" maxlength="4" class="textField" />
-
<input name="dis" type="text" dir="ltr" value="DIS" onfocus="this.value=''" size="4" maxlength="4" class="textField" />
-
<input name="recon" type="text" dir="ltr" value="Recon" onfocus="this.value=''" size="6" maxlength="6" class="textField" />
-
<input name="pd" type="text" dir="ltr" value="PD" onfocus="this.value=''" size="6" maxlength="6" class="textField" />
-
<select name="doors">
-
<option value="2">2 Doors</option>
-
<option value="3">3 Doors</option>
-
<option value="4">4 Doors</option>
-
<option value="5">5 Doors</option>
-
<option value="E">Estate</option>
-
</select>
-
<select name="gearbox">
-
<option value="4">4 Gears</option>
-
<option value="5">5 Gears</option>
-
<option value="6">6 Gears</option>
-
<option value="A">Automatic</option>
-
<option value="S">Semi-Automatic</option>
-
</select>
-
<select name="fuel">
-
<option value="P">Petrol</option>
-
<option value="D">Diesel</option>
-
</select>
-
<select name="vat">
-
<option value="Q">Qualify</option>
-
<option value="M">Margin</option>
-
</select>
-
<input name="spec" type="text" size="20" maxlength="20" value="Spec" onfocus="this.value=''" />
-
<input type="submit" />
-
</form>
Post Code; - <?php
-
-
mysql_connect("localhost:3306","root","") or die ("Unable to connect to MySQL server.");
-
$db = mysql_select_db("test") or die ("Unable to select requested database.");
-
$make=$_POST['make'];
-
$model=$_POST['model'];
-
$reg=$_POST['regNum'];
-
$pp=$_POST['pp'];
-
$siv=$_POST['siv'];
-
$cc=$_POST['engineSize'];
-
$colour=$_POST['colour'];
-
$year=$_POST['spec'];
-
$door=$_POST['doors'];
-
$fuel=$_POST['fuel'];
-
$gearbox=$_POST['gearbox'];
-
$pd=$_POST['pd'];
-
$dis=$_POST['dis'];
-
$vat=$_POST['vat'];
-
$recon=$_POST['recon'];
-
$rp=$_POST['rp'];
-
$spec=$_POST['spec'];
-
-
mysql_query( "INSERT INTO stock( reg, year, make, model, spec, cc, colour, door, fuel, gearbox, pd, dis, vat, recon, pp, siv, rp) VALUES ('$reg','$year','$make','$model','$spec','$cc','$colour','$door,'$fuel','$gearbox','$pd','$dis','$vat','$recon','$pp','$siv','$rp')");
-
echo mysql_error();
-
mysql_close()
-
?>
Please Help
Thanks in Advance
4 1792
You're missing a quote after your $door variable.
-
mysql_query("INSERT INTO stock(reg,year,make,model,spec,cc,colour,door,fuel,gearbox,pd,dis,vat,recon,pp,siv,rp) VALUES ('$reg','$year','$make','$model','$spec','$cc','$colour','$door','$fuel','$gearbox','$pd','$dis','$vat','$recon','$pp','$siv','$rp')");
-
You should consider to sanitize the input.
I use something like this:
Funktion to clean input: - function form ($data) { // Prevents SQL Injection
-
global $db_connect;
-
$data = ereg_replace("[\'\")(;|`,<>]", "", $data);
-
$data = mysql_real_escape_string(trim($data), $db_connect);
-
return stripslashes($data);
-
}
Handling the input: - $first_name = form ($_POST['first_name']);
-
$last_name = form ($_POST['last_name']);
-
$title = form ($_POST['title']);
-
$email = form ($_POST['email']);
-
$phone = form ($_POST['phone']);
-
$username = form ($_POST['username']);
-
$password = form ($_POST['password']);
Saving it to the db: - $q = "INSERT INTO user";
-
$q .= " SET USER_ID = ''";
-
$q .= ", FIRST_NAME = '".$first_name."'";
-
$q .= ", LAST_NAME = '".$last_name."'";
-
$q .= ", TITLE = '".$title."'";
-
$q .= ", EMAIL = '".$email."'";
-
$q .= ", PHONE = '".$phone."'";
-
$q .= ", USER_NAME = '".$username."'";
-
$q .= ", PASSWORD = '".md5 ($password)."'";
-
mysql_query($q);
-
print mysql_error();
By using this syntax it is a little easyer to exclude empty variables. E.g.: - if (!empty ($phone)) $q .= ", PHONE = '".$phone."'";
to make the submit as short as possible.
Funktion to clean input: - function form ($data) { // Prevents SQL Injection
-
global $db_connect;
-
$data = ereg_replace("[\'\")(;|`,<>]", "", $data);
-
$data = mysql_real_escape_string(trim($data), $db_connect);
-
return stripslashes($data);
-
}
highly susceptible to SQL injection! stripslashes() is just removing the slashes you added in mysql_real_escape_string()!
besides that:
- mysql functions are outdated, use PDO or MySQLi instead
- globals are always a bad idea
- $db_connect ain't used
- ereg functions are deprecated (use preg functions instead)
note: Prepared Statements (via PDO/MySQLi) are absolutely immune to SQL injections
Sign in to post your reply or Sign up for a free account.
Similar topics
by: mikey |
last post by:
Hi all,
I'm having great problems trying to install the latest MySQl RPM
package onto my Red Hat Linux OS.
There is already MySQL v 3.0 pre-installed with the RH Linux
distribution disk but I...
|
by: Yun Guan |
last post by:
Hello mysql gurus,
I am trying to run perl on mysql database on Red Hat box. I want to install
DBI and DBD:mysql using CPAN:
perl -MCPAN -e shell
cpan>install DBI
The above succeeded, but...
|
by: Mike Chirico |
last post by:
Interesting Things to Know about MySQL
Mike Chirico (mchirico@users.sourceforge.net)
Copyright (GPU Free Documentation License) 2004
Last Updated: Mon Jun 7 10:37:28 EDT 2004
The latest...
|
by: Saqib Ali |
last post by:
I installed mySQL and have it running.... but I think I made a
mistake somewhere along the line...... I believe I did follow the
instructions that were provided with the distribution at:...
|
by: Alex Hunsley |
last post by:
I am trying to install the DBD::mysql perl module. However, it claims I
need mysql.h:
cpan> install DBD::mysql
CPAN: Storable loaded ok
Going to read /home/alex/.cpan/Metadata
Database was...
|
by: ./Rob & |
last post by:
Hi gang:
I'm experiencing a problem with MySQL -- I updated MySQL from version 4.1.0
to 4.1.10 and now when I login as root it doesn't show all the databases I
should have access to, nor it...
|
by: trihanhcie |
last post by:
I m currently working on a Unix server with a fedora 3 as an os
My current version of mysql is 3.23.58. I'd like to upgrade the version
to 5.0.18.
After downloading from MYSQL.COM the package on...
|
by: manish deshpande |
last post by:
Hi,
When i'm installing MySQL-server-standard-5.0.24a-0.rhel3.i386.rpm by the following command:
rpm -i MySQL-server-standard-5.0.24a-0.rhel3.i386.rpm the following error is being shown:
...
|
by: menzies |
last post by:
Hi, I"m new to this forum, but I have been trying all day to install DBD::mysql onto my Intel MacBook. I've read lots of forums pages and none have gotten me to a successful 'make test' or a...
|
by: Atli |
last post by:
This is an easy to digest 12 step guide on basics of using MySQL. It's a great refresher for those who need it and it work's great for first time MySQL users.
Anyone should be able to get...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
| |