Smart questions
Smart answers
Smart people
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Member Login
Remember Me
Forgot Password?
Join Us!

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips now!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
Join Tek-Tips
*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

LINK TO THIS FORUM!

Add Stickiness To Your Site By Linking To This Professionally Managed Technical Forum.
Just copy and paste the
code below into your site.

Tek-Tips LinkedIn® Group

Partner With Us!

"Best Of Breed" Forums Add Stickiness To Your Site
Partner Button
(Download This Button Today!)

Feedback

"...The forum looks great! You guys have done a fantastic job on arranging things there...Your site is very precise and fun to visit..."
More...

Geography

Where in the world do Tek-Tips members come from?
Click Here To Find Out!

Tek-Tips Shirts!

Get Tek-Tips Swag
Get your
Tek-Tips Forums
SWAG here!
Home > Forums > Programmers > Web Development > PHP Forum

Insert Into

thread434-1682708
Read More Threads Like This One
PCHomepage (Programmer)
9 May 12 14:46
Even though this relates to MySQL, I think the error must be in the PHP syntax but of so, I cannot spot it. Hopefully another pair of eyes will see the problem!

In this simple code which I've done countless times before, something is throwing an error in Zend Studio. Oddly, the error manifests itself farther down in the script on totally unrelated bits but remarking out the $query_Message variable gets rid of all the other errors. I've tried it with and without the ticks and with and without the single quotes. What's wrong?

CODE

$query_Message = "INSERT INTO messages (`Name`, `EMail`, `Message`, `MessageDate`, `VisitorIP`, `UserAgent`) VALUES ('$VisitorName', '$VisitorEMail', '$VisitorMessage', $MessageDate, '$VisitorIP', '$UserAgent');

mysql_query ($query_Message);
 
vacunita (Programmer)
9 May 12 18:35
You are never closing the double quotes:

CODE

$query_Message = "INSERT INTO messages (`Name`, `EMail`, `Message`, `MessageDate`, `VisitorIP`, `UserAgent`) VALUES ('$VisitorName', '$VisitorEMail', '$VisitorMessage', $MessageDate, '$VisitorIP', '$UserAgent') ;

mysql_query ($query_Message);

 

----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

Web & Tech
 
PCHomepage (Programmer)
9 May 12 18:38
I knew it had to be something simple. Thanks!
Olavxxx (Programmer)
30 May 12 4:03
Hi, you should secure that code.
Look here: http://php.net/manual/en/function.mysql-real-escape-string.php

I would also on top of the example 1 code do some stuff like:
And more smile

On the comment, you can consider if you want to let the user use '<b><br><p>' (as a second parameter to the strip_tags().
Also the message date, you should really have a colum in your table with TIMESTAMP DEFAULT CURRENT_TIMESTAMP. If you have yet to add a primary key, I would consider making one when you are first getting dirty.

ps. still you have to check if the e-mail is an e-mail (regular expressions), you should check if the colums have any value after the trim(), strip_tags.. etc.

CODE

strlen(strip_tags(trim($_...

I usually make some global functions in a functions-script file. Then I can include this functions-file in the other pages and just run a cleanString($value, 'email') (I make the function with parameters, so I can use the same function for different column types).

Olav Alexander Mjelde

PCHomepage (Programmer)
30 May 12 4:12
Thanks. I already have functions like that that are used on some of my various sites' forms but for the sake of the question posted I simplified it only to locate the typo, which has been done. Before it was made "live" it was secured similarly to your suggestion using my existing functions.
Read More Threads Like This One

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Back To Forum

Back To PHP

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close