Results 1 to 7 of 7
  1. #1
    Join Date
    Sep 2007
    Posts
    2

    Red face i need help in form and _post

    i was wondering if there is any one that can help me. after watching the php and mysql video ; i made this form that exactly as the video ; i just altered the code to add more inputs and create a database in corespond to those extra fields. the code runs fin but when you hit submit i get this error :

    connection successfullYou have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'where, music, host, age, dresscode, admission, contact, direction, comment, date' at line 1




    ******this is exactly how my code is on the server



    // *************code begins***************


    <?php


    require ($_SERVER ["DOCUMENT_ROOT"] . "/test/config/db_config.php");

    $connections= mysql_connect($db_host, $db_user, $db_password) or die ("error connecting");
    mysql_select_db($db_name, $connections);

    echo "connection successfull";


    $name= $_POST ["txt_name"];

    $len = strlen($name);
    if ($len >0)
    {

    $email=$_POST["txt_email"];

    $event= $_POST ["txt_event"];
    $promo= $_POST ["txt_promo"];
    $where= $_POST ["txt_where"];
    $music= $_POST ["txt_music"];
    $host= $_POST ["txt_host"];
    $age= $_POST ["txt_age"];
    $dresscode= $_POST ["txt_dresscode"];
    $admission= $_POST ["txt_admission"];
    $contact= $_POST ["txt_contact"];
    $direction= $_POST ["txt_direction"];

    $comment=$_POST["txt_comment"];
    $date= time();



    $query= " INSERT INTO guestbookss (autoid, name, email, event, promo, where, music, host, age, dresscode, admission, contact, direction, comment, date_auto) VALUES ('$name', ' $name', '$email', '$event', '$promo', '$where', '$music', '$host', '$age', '$dresscode', '$admission', '$contact', '$direction', '$comment', ' $date')";



    mysql_query($query, $connections) or die ( mysql_error());

    }



    ?>




    <html>

    <head>

    <title> Guestbook</title>
    <body>
    <center>

    <form action="<?php echo $_SERVER[PHP_SELF]; ?>" method="POST">


    <font face="arial" size="1">

    Name: <input type="text" name ="txt_name"> &nbsp;
    Email: <input type="text" name "txt_email"><br><br>



    <table align="center" background="fff000">
    Event Name:<input type="text" name ="txt_event" > <br> <br>
    Promoter/s:<input type="text" name ="txt_promo"> <br><br>
    Where :<input type="text" name ="txt_where"> <br><br>
    Music By :<input type="text" name ="txt_music"> <br><br>
    Host :<input type="text" name ="txt_host"> <br><br>
    Age Group :<input type="text" name ="txt_age"> <br><br>
    Dress code:<input type="text" name ="txt_dresscode"> <br><br>
    Admission :<input type="text" name ="txt_admission"> <br><br>
    contact :<input type="text" name ="txt_contact"> <br><br>
    Direction :<br><textarea style="50%" rows="10" name ="txt_direction"></textarea> <br><br>
    </table>



    <br>
    comment:<br>
    <textarea style="width: 75%" rows="10" name="txt_comment"></textarea>
    <center><input type="submit" value="submit"></center>
    </font>
    </form>
    <br><br>


    <table bgcolor=#AAAAAA border="0" width="75%" cellspacing="1" cellpading="2">

    <?php





    $query= "SELECT * FROM guestbookss ORDER BY event";
    $result= mysql_query($query, $connections);

    for ($i=0; $i < mysql_num_rows($result); $i++)
    {
    $name= mysql_result($result, $i, "name");

    $email= mysql_result($result, $i, "email");
    $email_len= strlen($email);

    $event= mysql_result($result, $i, "event");
    $promo= mysql_result($result, $i, "promo");
    $where= mysql_result($result, $i, "where");
    $music= mysql_result($result, $i, "music");
    $host= mysql_result($result, $i, "host");
    $age= mysql_result($result, $i, "age");
    $dresscode= mysql_result($result, $i, "dresscode");
    $admission= mysql_result($result, $i, "admission");
    $contact= mysql_result($result, $i, "contact");
    $direction= mysql_result($result, $i, "direction");
    $direction= nl2br($direction);

    $comment= mysql_result($result, $i, "comment");
    $comment= nl2br($comment);
    $date= mysql_result($result, $i, "date_auto");
    $show_date= date("H:i:s m/d/Y", $date);

    if ($i % 2)
    {
    $bg_color="#EEEEEE";
    }
    else
    {
    $bg_color="#E0E0E0";
    }


    echo '
    <tr>
    <td width="100%" bgcolor=" ' .$bg_color. ' ">
    <font face="arial" size="2">';

    if ($email_len > 0 )
    {
    echo ' <b> Name: </b> <a href="mailto:'.$email.'">'.$name.'</a>';

    }
    else
    {
    echo ' <b> Name: </b> '.$name;
    }

    echo '
    <br>
    <b> Comment:</b> ' .$comment.'
    </font>
    <td>

    <td width="1%"valign="top" nowrap bgcolor=" ' .$bg_color. ' ">
    <font face="arial" size="2">

    <b>Date: </b> '.$show_date.'
    </font>
    </td>
    </tr>
    ';

    }



    ?>


    </table>




    </center>
    </body>
    </html>
    //********************code ends *******************


    can someone tell me if i have the mysql syntax correct:


    $query= " INSERT INTO guestbookss (autoid, name, email, event, promo, where, music, host, age, dresscode, admission, contact, direction, comment, date_auto) VALUES ('$name', ' $name', '$email', '$event', '$promo', '$where', '$music', '$host', '$age', '$dresscode', '$admission', '$contact', '$direction', '$comment', ' $date')";



    mysql_query($query, $connections) or die ( mysql_error());


    or is there some thing else wrong with my code.

  2. #2
    Join Date
    May 2005
    Posts
    124
    Hmm...

    PHP Code:
    $query "INSERT INTO guestbookss (`autoid`, `name`, `email`, `event`, `promo`, `where`, `music`, `host`, `age`, `dresscode`, `admission`, `contact`, `direction`, `comment`, `date_auto`) VALUES ('$name', '$name', '$email', '$event', '$promo', '$where', '$music', '$host', '$age', '$dresscode', '$admission', '$contact', '$direction', '$comment', '$date')"
    Try that.


    -Bechstien

  3. #3
    Join Date
    May 2004
    Location
    Sowerby Bridge, UK
    Posts
    935
    Based on the error you showed, I am guessing the issue is as follows:

    You have a database field called "where". That is probably going to really confuse mysql as WHERE is used in sql statements. Maybe rename that field to wherefrom or something?

  4. #4
    Join Date
    Dec 2003
    Location
    Tananger, Norway
    Posts
    1,461
    Quote Originally Posted by Ilera View Post
    Based on the error you showed, I am guessing the issue is as follows:

    You have a database field called "where". That is probably going to really confuse mysql as WHERE is used in sql statements. Maybe rename that field to wherefrom or something?
    That's correct. You can't use words that are reserved words in MySQL.

    Here's the list for reserved words in 5.0: http://dev.mysql.com/doc/refman/5.0/...ved-words.html

  5. #5
    Join Date
    Sep 2007
    Posts
    2
    thanks it works.

  6. #6
    Join Date
    Mar 2002
    Location
    Netherlands
    Posts
    52
    BKacae17,

    I advise you to look at "code injection". your code is currently not secure at all.
    lookup addslaches in php manual.

  7. #7
    Join Date
    Mar 2006
    Location
    South Australia
    Posts
    4,521
    Depends on the server configuration. If magic quotes is enabled you will probably end up with data that has backslashes added twice. Have a look here:

    http://au3.php.net/manual/en/security.magicquotes.php

    Ideally what you should be doing is first checking to see whether magic quotes is turned on, and then decide how you should handle the data.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •