5 Replies - 480 Views - Last Post: 22 September 2012 - 07:25 PM Rate Topic: -----

#1 rjclancy  Icon User is offline

  • D.I.C Head

Reputation: 1
  • View blog
  • Posts: 56
  • Joined: 18-March 11

Insert Form Data Into Database

Posted 21 September 2012 - 04:01 PM

hi guys....i have around ten different forms working on my website....but the code for one of them will not work...iv been looking at this code and even striped it down to the bear essentials but no joy, i even stopped looking at it for around 5 hours, came back and still i cant see the problem....
<?php
    include 'init.php';
	if(isset($_POST['commentText'], $_POST['user_id'], $_POST['poll_id'])){
        $commText=$_POST['commentText'];
	$userid=$_POST['user_id'];
	$pollID=$_POST['poll_id'];
	
	$sql = "INSERT INTO `comment` (`commentText`, `user_id`, `poll_id`) VALUES ('$commText,'$userid','$pollID')";
	
	
	$result = mysql_query($sql);
	if(!$result)
	{
		echo("unable to insert comment");
	}
	else
	{
	    echo("insert complete");
	}
	}
?>



help me before i put my head trought the computer screen!!!!:)

This post has been edited by macosxnerd101: 21 September 2012 - 04:17 PM
Reason for edit:: Please use a descriptive title


Is This A Good Question/Topic? 0
  • +

Replies To: Insert Form Data Into Database

#2 RudiVisser  Icon User is offline

  • .. does not guess solutions
  • member icon

Reputation: 1004
  • View blog
  • Posts: 3,562
  • Joined: 05-June 09

Re: Insert Form Data Into Database

Posted 21 September 2012 - 04:17 PM

.. what's the error?

You can get the error using mysql_error(), like this:
echo "unable to insert comment, error: " . mysql_error();


My best guess would be that you're trying to insert a ' in a comment field, which means that your strings are becoming unescaped, look into some basic error handling. But if this is the issue to fix it is simple, before the PDO/MySQLi Nazis come along you can use mysql_real_escape_string to escape all of your values before trying to insert them into the database.

Once you're done there, look into PDO/MySQLi, specifically prepared statements. They'll help you greatly reduce errors like this in the future.

EDIT: Note also that echo isn't a function, it's a language construct, and so doesn't need/shouldn't have parenthesis around it's "arguments".

This post has been edited by RudiVisser: 21 September 2012 - 04:19 PM

Was This Post Helpful? 3
  • +
  • -

#3 rjclancy  Icon User is offline

  • D.I.C Head

Reputation: 1
  • View blog
  • Posts: 56
  • Joined: 18-March 11

Re: Insert Form Data Into Database

Posted 21 September 2012 - 04:32 PM

View PostRudiVisser, on 21 September 2012 - 04:17 PM, said:

.. what's the error?

You can get the error using mysql_error(), like this:
echo "unable to insert comment, error: " . mysql_error();


My best guess would be that you're trying to insert a ' in a comment field, which means that your strings are becoming unescaped, look into some basic error handling. But if this is the issue to fix it is simple, before the PDO/MySQLi Nazis come along you can use mysql_real_escape_string to escape all of your values before trying to insert them into the database.

Once you're done there, look into PDO/MySQLi, specifically prepared statements. They'll help you greatly reduce errors like this in the future.

EDIT: Note also that echo isn't a function, it's a language construct, and so doesn't need/shouldn't have parenthesis around it's "arguments".


Hey RudiVisser...

Big thanks for the reply...

i used
echo "unable to insert comment, error: " . mysql_error();
and found the problem...
i had '' around my ints in my insert statment!!!!

Big Big thanks for the tips, ill defenitly look into PDO/MySQLi...

again big thanks:)
Was This Post Helpful? 0
  • +
  • -

#4 Atli  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 3719
  • View blog
  • Posts: 5,991
  • Joined: 08-June 10

Re: Insert Form Data Into Database

Posted 21 September 2012 - 05:00 PM

View Postrjclancy, on 21 September 2012 - 11:32 PM, said:

i used
echo "unable to insert comment, error: " . mysql_error();
and found the problem...
i had '' around my ints in my insert statment!!!!

Odd. That's usually not a fatal error for MySQL. It usually just silently casts them to integers.

Just out of curiosity, do you remember what the error message was?
Was This Post Helpful? 0
  • +
  • -

#5 rjclancy  Icon User is offline

  • D.I.C Head

Reputation: 1
  • View blog
  • Posts: 56
  • Joined: 18-March 11

Re: Insert Form Data Into Database

Posted 22 September 2012 - 06:38 AM

View PostAtli, on 21 September 2012 - 05:00 PM, said:

View Postrjclancy, on 21 September 2012 - 11:32 PM, said:

i used
echo "unable to insert comment, error: " . mysql_error();
and found the problem...
i had '' around my ints in my insert statment!!!!

Odd. That's usually not a fatal error for MySQL. It usually just silently casts them to integers.

Just out of curiosity, do you remember what the error message was?


Hi Atli....

Here is the error i got...
unable to insert comment, error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1', '3')' at line 1 


Was This Post Helpful? 0
  • +
  • -

#6 Atli  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 3719
  • View blog
  • Posts: 5,991
  • Joined: 08-June 10

Re: Insert Form Data Into Database

Posted 22 September 2012 - 07:25 PM

Ahh OK, I see it now. Look closer at the $commText value in your original query:
('$commText,'$userid','$pollID')


The end quote is missing.

MySQL would have allowed the ints to be quoted if not for that error, although you are right not to quote numbers. That can lead to other complications.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1