473,386 Members | 1,621 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > php and mysql

Join Bytes to post your question to a community of 473,386 software developers and data experts.

PHP and MYSQL

I am trying to make a form post into a table.

However I am only getting "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'P','4','PD','DIS','Q','Recon','PP','SIV','Retail' )' at line 1"

PHP Code;
Expand|Select|Wrap|Line Numbers
  1. <form action="addstockdata.php" method="post">
  2.          <input class="textField" name="regNum" type="text" dir="ltr" value="Reg Number"  onfocus="this.value=''" size="7" maxlength="7" onblur="this.value=this.value.toUpperCase()" />
  3.          <input name="pp" class="textField" type="text" dir="ltr" value="PP"  onfocus="this.value=''" size="7" maxlength="7" />
  4.          <input name="siv" type="text" class="textField" dir="ltr" value="SIV"  onfocus="this.value=''" size="7" maxlength="7" />
  5.          <input name="rp" type="text" dir="ltr" class="textField" value="Retail"  onfocus="this.value=''" size="7" maxlength="7" /> <br />
  6.          <input name="make" type="text" dir="ltr" value="Make" class="textField" onfocus="this.value=''" size="15" maxlength="15" onblur="this.value=this.value.toUpperCase()" />
  7.          <input name="model" type="text" dir="ltr" value="Model" class="textField" onfocus="this.value=''" size="15" maxlength="15" onblur="this.value=this.value.toUpperCase()" />
  8.          <input name="engineSize" type="text" dir="ltr" value="Engine Size" class="textField" onfocus="this.value=''" size="4" maxlength="4" />
  9.          <input name="colour" type="text" dir="ltr" value="Colour"  onfocus="this.value=''" class="textField" size="15" maxlength="15" onblur="this.value=this.value.toUpperCase()"  /> 
  10.          <input name="year" type="text" dir="ltr" value="Year"  onfocus="this.value=''" size="4" maxlength="4" class="textField" />
  11.          <input name="dis" type="text" dir="ltr" value="DIS"  onfocus="this.value=''" size="4" maxlength="4" class="textField" />
  12.          <input name="recon" type="text" dir="ltr" value="Recon"  onfocus="this.value=''" size="6" maxlength="6" class="textField" />
  13.          <input name="pd" type="text" dir="ltr" value="PD"  onfocus="this.value=''" size="6" maxlength="6" class="textField" />
  14.          <select name="doors">
  15.          <option value="2">2 Doors</option>
  16.          <option value="3">3 Doors</option>
  17.          <option value="4">4 Doors</option>
  18.          <option value="5">5 Doors</option>
  19.          <option value="E">Estate</option>
  20.          </select>
  21.          <select name="gearbox">
  22.          <option value="4">4 Gears</option>
  23.          <option value="5">5 Gears</option>
  24.          <option value="6">6 Gears</option>
  25.          <option value="A">Automatic</option>
  26.          <option value="S">Semi-Automatic</option>
  27.          </select>
  28.          <select name="fuel">
  29.          <option value="P">Petrol</option>
  30.          <option value="D">Diesel</option>
  31.          </select>
  32.          <select name="vat">
  33.          <option value="Q">Qualify</option>
  34.          <option value="M">Margin</option>
  35.          </select>
  36.          <input name="spec" type="text" size="20" maxlength="20" value="Spec"  onfocus="this.value=''" />
  37.          <input type="submit" />
  38.          </form>
Post Code;
Expand|Select|Wrap|Line Numbers
  1. <?php
  2.  
  3. mysql_connect("localhost:3306","root","") or die ("Unable to connect to MySQL server."); 
  4. $db = mysql_select_db("test") or die ("Unable to select requested database."); 
  5.  $make=$_POST['make']; 
  6.  $model=$_POST['model']; 
  7.  $reg=$_POST['regNum']; 
  8.  $pp=$_POST['pp']; 
  9.  $siv=$_POST['siv']; 
  10.  $cc=$_POST['engineSize']; 
  11.  $colour=$_POST['colour'];  
  12.  $year=$_POST['spec']; 
  13.  $door=$_POST['doors']; 
  14.  $fuel=$_POST['fuel']; 
  15.  $gearbox=$_POST['gearbox']; 
  16.  $pd=$_POST['pd']; 
  17.  $dis=$_POST['dis']; 
  18.  $vat=$_POST['vat']; 
  19.  $recon=$_POST['recon']; 
  20.  $rp=$_POST['rp'];   
  21.  $spec=$_POST['spec'];
  22.  
  23.  mysql_query( "INSERT INTO stock( reg, year, make, model, spec, cc, colour, door, fuel, gearbox, pd, dis, vat, recon, pp, siv, rp) VALUES ('$reg','$year','$make','$model','$spec','$cc','$colour','$door,'$fuel','$gearbox','$pd','$dis','$vat','$recon','$pp','$siv','$rp')"); 
  24.  echo mysql_error();
  25.  mysql_close()
  26.  ?> 
Please Help

Thanks in Advance
Dec 11 '11 #1
4 1792
Rabbit
12,516 Expert Mod 8TB
You're missing a quote after your $door variable.
Dec 11 '11 #2
Ammu
78
Expand|Select|Wrap|Line Numbers
  1. mysql_query("INSERT INTO stock(reg,year,make,model,spec,cc,colour,door,fuel,gearbox,pd,dis,vat,recon,pp,siv,rp) VALUES ('$reg','$year','$make','$model','$spec','$cc','$colour','$door','$fuel','$gearbox','$pd','$dis','$vat','$recon','$pp','$siv','$rp')");
  2.  
Dec 12 '11 #3
You should consider to sanitize the input.

I use something like this:

Funktion to clean input:
Expand|Select|Wrap|Line Numbers
  1. function form ($data) { // Prevents SQL Injection
  2.    global $db_connect;
  3.    $data = ereg_replace("[\'\")(;|`,<>]", "", $data);
  4.    $data = mysql_real_escape_string(trim($data), $db_connect);
  5.    return stripslashes($data);
  6. }
Handling the input:
Expand|Select|Wrap|Line Numbers
  1. $first_name    = form ($_POST['first_name']);
  2. $last_name     = form ($_POST['last_name']);
  3. $title         = form ($_POST['title']);
  4. $email        = form ($_POST['email']);
  5. $phone         = form ($_POST['phone']);
  6. $username     = form ($_POST['username']);
  7. $password     = form ($_POST['password']);
Saving it to the db:
Expand|Select|Wrap|Line Numbers
  1. $q =     "INSERT INTO user";
  2. $q .= " SET USER_ID    = ''";    
  3. $q .= ", FIRST_NAME     = '".$first_name."'";    
  4. $q .= ", LAST_NAME     = '".$last_name."'";    
  5. $q .= ", TITLE        = '".$title."'";
  6. $q .= ", EMAIL         = '".$email."'";    
  7. $q .= ", PHONE        = '".$phone."'";    
  8. $q .= ", USER_NAME    = '".$username."'";    
  9. $q .= ", PASSWORD     = '".md5 ($password)."'";    
  10. mysql_query($q);
  11. print mysql_error();
By using this syntax it is a little easyer to exclude empty variables. E.g.:
Expand|Select|Wrap|Line Numbers
  1. if (!empty ($phone)) $q .= ", PHONE        = '".$phone."'";
to make the submit as short as possible.
Dec 15 '11 #4
Dormilich
8,658 Expert Mod 8TB
Funktion to clean input:
Expand|Select|Wrap|Line Numbers
  1. function form ($data) { // Prevents SQL Injection
  2.    global $db_connect;
  3.    $data = ereg_replace("[\'\")(;|`,<>]", "", $data);
  4.    $data = mysql_real_escape_string(trim($data), $db_connect);
  5.    return stripslashes($data);
  6. }
highly susceptible to SQL injection! stripslashes() is just removing the slashes you added in mysql_real_escape_string()!

besides that:
- mysql functions are outdated, use PDO or MySQLi instead
- globals are always a bad idea
- $db_connect ain't used
- ereg functions are deprecated (use preg functions instead)

note: Prepared Statements (via PDO/MySQLi) are absolutely immune to SQL injections
Dec 15 '11 #5

Sign in to post your reply or Sign up for a free account.

Similar topics

0
MySQL v4.0 -> Red Hat Linux 9
by: mikey | last post by:
Hi all, I'm having great problems trying to install the latest MySQl RPM package onto my Red Hat Linux OS. There is already MySQL v 3.0 pre-installed with the RH Linux distribution disk but I...
MySQL Database
0
Install DBD::mysql failed
by: Yun Guan | last post by:
Hello mysql gurus, I am trying to run perl on mysql database on Red Hat box. I want to install DBI and DBD:mysql using CPAN: perl -MCPAN -e shell cpan>install DBI The above succeeded, but...
MySQL Database
0
MySQL tips that I have come across
by: Mike Chirico | last post by:
Interesting Things to Know about MySQL Mike Chirico (mchirico@users.sourceforge.net) Copyright (GPU Free Documentation License) 2004 Last Updated: Mon Jun 7 10:37:28 EDT 2004 The latest...
MySQL Database
2
MySQL Database improperly setup?
by: Saqib Ali | last post by:
I installed mySQL and have it running.... but I think I made a mistake somewhere along the line...... I believe I did follow the instructions that were provided with the distribution at:...
MySQL Database
1
Installing DBD::mysql - missing mysql.h - how to get it known tocygwin/perl?
by: Alex Hunsley | last post by:
I am trying to install the DBD::mysql perl module. However, it claims I need mysql.h: cpan> install DBD::mysql CPAN: Storable loaded ok Going to read /home/alex/.cpan/Metadata Database was...
MySQL Database
0
login as user 'root' but do not have root privlages and mysql doesn't recognize root logged in
by: ./Rob & | last post by:
Hi gang: I'm experiencing a problem with MySQL -- I updated MySQL from version 4.1.0 to 4.1.10 and now when I login as root it doesn't show all the databases I should have access to, nor it...
MySQL Database
2
Please Help : upgrade to MySQL 5.0
by: trihanhcie | last post by:
I m currently working on a Unix server with a fedora 3 as an os My current version of mysql is 3.23.58. I'd like to upgrade the version to 5.0.18. After downloading from MYSQL.COM the package on...
MySQL Database
1
Problem during installing MySQL-server-standard-5.0.24a-0.rhel3.i386.rpm on Redhat 9
by: manish deshpande | last post by:
Hi, When i'm installing MySQL-server-standard-5.0.24a-0.rhel3.i386.rpm by the following command: rpm -i MySQL-server-standard-5.0.24a-0.rhel3.i386.rpm the following error is being shown: ...
MySQL Database
3
Installing DBD::mysql in Mac OSX 10.4.10
by: menzies | last post by:
Hi, I"m new to this forum, but I have been trying all day to install DBD::mysql onto my Intel MacBook. I've read lots of forums pages and none have gotten me to a successful 'make test' or a...
Perl
6
Atli
MySQL Basic Tutorial
by: Atli | last post by:
This is an easy to digest 12 step guide on basics of using MySQL. It's a great refresher for those who need it and it work's great for first time MySQL users. Anyone should be able to get...
MySQL Database
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!