Re: Strange MySQL Problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Thank you, everyone. All fixed.
"metastable" <listpit@xxxxxxxxxxxxxxxxxxxxxxx> wrote in message 
news:4B260641.80308@xxxxxxxxxxxxxxxxxxxxxxxxxx
> Parham Doustdar wrote:
>> Hi there,
>> Does it differ? I thought when in quotations, variables like that would 
>> be
>> automatically interpreted?
>> Also, the MySQL is meant to connect to localhost. I had emptied it for
>> testing purposes. With or without it, I get the same error.
>> "Jochen Schultz" <jschultz@xxxxxxxxxxxxxx> wrote in message
>> news:4B25FB8E.3040907@xxxxxxxxxxxxxxxxx
>>
>>> Hello Parham,
>>>
>>> i think you should change this:
>>>
>>> $sql = "INSERT INTO BOOK(bookname, authorsname, ISBN) VALUES
>>>  ('$_POST[bookname]', '$_POST[authorsname]', $_POST[ISBN]')";
>>>
>>> to this:
>>>
>>> $sql = "INSERT INTO BOOK(bookname, authorsname, ISBN) VALUES
>>> ('".$_POST[bookname]."', '".$_POST[authorsname]."', 
>>> '".$_POST[ISBN]."')";
>>>
>>>
>>> best regards
>>> Jochen
>>>
>>>
>>> Parham Doustdar schrieb:
>>>
>>>> Hello there,
>>>> Here's a short PHP script a friend has written, and given to me to 
>>>> test.
>>>> However, I am getting a MySQL error saying that the syntax error, on 
>>>> the
>>>> line that contains mysql_connect(); is wrong, near '')'
>>>> (note that it is not a PHP error, but a MySQL error.)
>>>> Here's the code:
>>>>
>>>> [code]
>>>> <?php
>>>> $username = "root";
>>>> $password = "abc";
>>>> $con = mysql_connect("", $username, $password);
>>>> mysql_select_db ("test", $con);
>>>> $sql = "INSERT INTO BOOK(bookname, authorsname, ISBN) VALUES
>>>> ('$_POST[bookname]', '$_POST[authorsname]', $_POST[ISBN]')";
>>>> if (!mysql_query($sql, $con))
>>>>  {
>>>> die( 'error: ' . mysql_error());
>>>>   }
>>>> echo "1 record added";
>>>> mysql_close($con)
>>>> ?>
>>>> [/code]
>>>>
>>>>
>>>>
>>>>
>>
>>
>>
> Exactly the opposite. Use double quotes for interpolation.
> Moreover, you would still get an error, as mysql requires text columns
> to be escaped. Use Jochens code.
> Also: SQL injection ! --> http://en.wikipedia.org/wiki/SQL_injection
>
>
> HTH,
>
> Stijn 



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux