Re: going blind for looking...need eyes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Daniel Brown schreef:
> On Fri, Feb 6, 2009 at 12:44, Terion Miller <webdev.terion@xxxxxxxxx> wrote:
>> ---------------------
>> $sql = "INSERT INTO admin (UserName, Password, Name, Email, Property,
>> Department, AddWorkOrder, ";
>>        $sql .= "ViewAllWorkOrders, ViewNewOrders, ViewNewArt,
>> ViewPendingWorkOrders, ViewPendingArtwork, ViewCompletedArt, ";
>>        $sql .= "ViewCompletedWorkOrders, SearchWorkOrder, EditWorkOrder,
>> DelWorkOrder, ChangeStatus, AddEditAdmin";
>>        $sql .= ") VALUES(  '$UserName', '$Password', '$Name', '$Email',
			   ^-- does the lack of space here screw things up?

>> '$Property', '$Department', '$AddWorkOrder', ";
>>        $sql .= "'$ViewAllWorkOrders', '$ViewNewOrders', '$ViewNewArt',
>> '$ViewPendingWorkOrders', '$ViewPendingArtwork', ";
>>        $sql .= "'$ViewCompletedArt', '$ViewCompletedWorkOrders',
>> '$SearchWorkOrder', '$EditWorkOrder', '$DelWorkOrder',  ";
>>        $sql .= "'$ChangeStatus', '$AddEditAdmin', '$ViewMyOrders')";
>>        $result = mysql_query($sql);
> 
>     1.) You have 19 columns named, but 20 values given.
>     2.) Make sure you use mysql_real_escape_string() or otherwise
> sanitize the data.
>     3.) When you run into similar issues, use <?php mysql_query($sql)
> or die(mysql_error()); ?>

good points from Dan, I suggest additionally something a little more
vague and possibly not to your taste ... but ... try making your
query a little more readable:

$sql = "INSERT INTO admin (
		 UserName, Password, Name, Email, Property, Department,
	 	 AddWorkOrder, ViewAllWorkOrders, ViewNewOrders, ViewNewArt,
         	 ViewPendingWorkOrders, ViewPendingArtwork, ViewCompletedArt,
	 	 ViewCompletedWorkOrders, SearchWorkOrder, EditWorkOrder,
	 	 DelWorkOrder, ChangeStatus, AddEditAdmin
	) VALUES (
		 '$UserName', '$Password', '$Name', '$Email', '$Property', '$Department',
		 '$AddWorkOrder', '$ViewAllWorkOrders', '$ViewNewOrders', '$ViewNewArt',
		 '$ViewPendingWorkOrders', '$ViewPendingArtwork', '$ViewCompletedArt',
		 '$ViewCompletedWorkOrders', '$SearchWorkOrder', '$EditWorkOrder',
		 '$DelWorkOrder', '$ChangeStatus', '$AddEditAdmin', '$ViewMyOrders'
	)";

there are a zillion variations on this theme (e.g. using HEREDOC syntax and/or putting each field & value
on a single line, which is sometimes helpful in counting whether no. of fields matches no. of values)

> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux