Insert Data Form Trouble 2

[redzonne]

Problem with form iserting data to database.

<?
// create short variable names
  $staddress=$_POST['staddress'];
  $city=$_POST['city'];
  $state=$_POST['state'];
  $zip=$_POST['zip'];
  $proptyp=$_POST['proptyp'];
  $bednum=$_POST['bednum'];
  $bathnum=$_POST['bathnum'];
  $intsqr=$_POST['intsqr'];
  $lotsize=$_POST['lotsize'];
  $price=$_POST['price'];
  $archtype=$_POST['archtype'];
  $feature0=$_POST['feature0'];
  $feature1=$_POST['feature1'];
  $feature2=$_POST['feature2'];
  $feature3=$_POST['feature3'];
  $feature4=$_POST['feature4'];
  $feature5=$_POST['feature5'];
  $feature6=$_POST['feature6'];
  $feature7=$_POST['feature7'];
  $highschool=$_POST['highschool'];
  $midschool=$_POST['midschool'];
  $eleschool=$_POST['eleschool'];

  $staddress = addslashes($staddress);
  $city = addslashes($city);
  $state = addslashes($state);
  $zip = addslashes($zip);
  $proptyp = addslashes($proptyp);
  $bednum = addslashes($bednum);
  $bathnum = addslashes($bathnum);
  $intsqr = addslashes($intsqr);
  $lotsize = addslashes($lotsize);
  $price = addslashes($price);
  $archtype = addslashes($archtype);
  $feature0 = addslashes($feature0);
  $feature1 = addslashes($feature1);
  $feature2 = addslashes($feature2);
  $feature3 = addslashes($feature3);
  $feature4 = addslashes($feature4);
  $feature5 = addslashes($feature5);
  $feature6 = addslashes($feature6);
  $feature7 = addslashes($feature7);
  $highschool = addslashes($highschool);
  $midschool = addslashes($midschool);
  $eleschool = addslashes($eleschool);

  $db = mysql_pconnect('localhost', 'DB_user', 'PASSWORD');

  if (!$db)
  {
    echo 'Error: Could not connect to database. Please try again later.';
    exit;
  }

  mysql_select_db('realest1_proppost');
  $query = "INSERT propertys SET staddress='$staddress', city='$city', state='$state', zip='$zip', proptyp='$proptyp', bednum='$bednum', bathnum='$bathnum', intsqr='$intsqr', lotsize='$lotsize', price='$price', $archtype='$$archtype', feature0='$feature0', feature1='$feature1', feature2='$feature2', feature3='$feature3', feature4='$feature4', feature5='$feature5', feature6='$feature6' feature7='$feature7' highschool='$highschool' midschool='$midschool' eleschool='$eleschool'";
  $result = mysql_query($query) or die(mysql_error());
?>

I get the following message

You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '='$', feature0='', feature1='', feature2='', feature3='', featu

The Journey of a Thousand Miles Begins with the First Step...

 

[748323]

Umm... You really aren't using PHP to the fullest.

Here is my mini-tutorial on how to use foreach statements:

foreach() is a loop in PHP that will run through arrays. It only works on arrays. It is usually set up like this:

foreach($Array_name as $key => $value) {
block of statement;
}

That loop will execute once for each key in the array you put. The key value would be inserted in $key, and its value will be put into $value. This is useful with the glob() function for file managing, and also when you want to perform one action to every (or some) values in an array.

When PHP loads, it places all POST variables in the array $_POST. So, if you use logic, you will know that you can use the foreach statement on it. Your mission is to take every key name in the $_POST array, change that into a variable name, and add slashes.
So, what you should do instead of the first 50 lines of the code or so:

foreach($_POST as $key => $value) {
$$key = addslashes($value);
}

Pretty much, it loops through every key in the $_POST array. The first $ in there tells PHP that you are declaring a variable, and the "$key" replaces the key name in the $_POST array that is currently being looked it. Then, it takes the values, adds slashes to it, and completes the statement.

Sorry for the long post. This is basic language construct. The sooner you know this, the more comfortable you will feel using PHP, and then you will be a better programmer.

I didn't even answer your question, but language syntax is more important than MySQL.

 

[kenrbnsn]

To answer your question, you're missing some commas in your query. You have:

  $query = "INSERT propertys SET staddress='$staddress', city='$city', state='$state', zip='$zip', proptyp='$proptyp', bednum='$bednum', bathnum='$bathnum', intsqr='$intsqr', lotsize='$lotsize', price='$price', $archtype='$$archtype', feature0='$feature0', feature1='$feature1', feature2='$feature2', feature3='$feature3', feature4='$feature4', feature5='$feature5', feature6='$feature6' feature7='$feature7' highschool='$highschool' midschool='$midschool' eleschool='$eleschool'";

It should be:

  $query = "INSERT propertys SET staddress='$staddress', city='$city', state='$state', zip='$zip', proptyp='$proptyp', bednum='$bednum', bathnum='$bathnum', intsqr='$intsqr', lotsize='$lotsize', price='$price', $archtype='$$archtype', feature0='$feature0', feature1='$feature1', feature2='$feature2', feature3='$feature3', feature4='$feature4', feature5='$feature5', feature6='$feature6'[COLOR=red],[/color] feature7='$feature7'[COLOR=red],[/color] highschool='$highschool'[COLOR=red],[/color] midschool='$midschool'[COLOR=red],[/color] eleschool='$eleschool'";

I've colored the missing commas red

I agree with the replier before me that you should use the foreach loop to code this query.

Ken

 

[jpadie]

and you have a double string in front of archtype

on the above two posts: although i often do what they advise for debugging or quick scripts i most often loop the values of the POST array into a new array (whilst calling the escape function or whatever). I have found time and time again that I need the values of the POST array in their pure form in a later part of a long script. I would also not use addslashes for a db operation. create the db connection first and then use mysql_real_escape_string.

 

[kenrbnsn]

Here's what I have been doing lately when I want to create a MySQL insert command from a form. This technique assues your form field names match the field names in your database table.

If I will be treating all of the fields the same:

$tmp = array();
foreach ($_POST as $key => $value) {
   if ($key != 'submit') // don't want to put the submit key in the database
       if (trim($val) != '') // usually don't need to put blanks in
          $tmp[] = $key . "='" . urlencode(stripslashes($val))  . "'";
$q = 'insert into tablename set ' . implode(', ',$tmp);

If I do special checks on different information being posted on the form, I use a switch inside the foreach.

You can build update queries the same way, only adding the update if the your posted data is different from the data in the database.

Ken

 

[redzonne]

Okay I implemented the foreach loop to create variables based on the declared keys. That works! Nice little shortcut. Thanx!

Now let me try implementing the code that assures that my field names match column names in my DB

<?php 
if($submit)
{
// create short variable names
  $propstaddr=$_POST['propstaddr'];
  $propunitnum=$_POST['propunitnum'];
  $city=$_POST['city'];
  $state=$_POST['state'];
  $zip=$_POST['zip'];
  $proptyp=$_POST['proptyp'];
  $bednum=$_POST['bednum'];
  $bathnum=$_POST['bathnum'];
  $intsqr=$_POST['intsqr'];
  $lotsize=$_POST['lotsize'];
  $price=$_POST['price'];
  $archtype=$_POST['archtype'];
  $propfeata=$_POST['propfeata'];
  $propfeatb=$_POST['propfeatb'];
  $propfeatc=$_POST['propfeatc'];
  $propfeatd=$_POST['propfeatd'];
  $propfeate=$_POST['propfeate'];
  $propfeatf=$_POST['propfeatf'];
  $propfeatg=$_POST['propfeatg'];
  $propfeath=$_POST['propfeath'];
  $highschool=$_POST['highschool'];
  $midschool=$_POST['midschool'];
  $eleschool=$_POST['eleschool'];

  if (!$propstaddr)
  {
    echo '<span class=psparkred12>You did not enter property street address</span><br />';
   }

  if (!$city)
  {
    echo '<span class=psparkred12>You did not enter property city.</span><br />';
   }

  if (!$zip)
  {
    echo '<span class=psparkred12>You did not enter a zip code.</span><br />';
   }

  if (!$proptyp)
  {
    echo '<span class=psparkred12>You have not entered a proprety type.</span><br />';
   }

  if (!$bednum)
  {
    echo '<span class=psparkred12>You have not entered the number of bedrooms.</span><br />';
   }

  if (!$bathnum)
  {
    echo '<span class=psparkred12>You have not entered the number of bathrooms.</span><br />';
   }

  if (!$intsqr)
  {
    echo '<span class=psparkred12>You have not entered the interior square footage.</span><br />';
   }

  if (!$lotsize)
  {
    echo '<span class=psparkred12>You have not entered the lot size.</span><br />';
   }

  if (!$price)
  {
    echo '<span class=psparkred12>You have not entered the asking price for this property.</span><br />';
   }

  if (!$propfeata)
  {
    echo '<span class=psparkred12>You have not entered atleaset 3 property feature or amenity.</span><br />';
   }

  if (!$propfeatb)
  {
    echo '<span class=psparkred12>You have not entered atleaset 3 property feature or amenity.</span><br />';
   }

  if (!$propfeatc)
  {
    echo '<span class=psparkred12>You have not entered atleaset 3 property feature or amenity.</span><br />';
    exit;
   }

  if (!$highschool)
  {
    echo '<span class=psparkred12>You have not entered a highschool.</span><br />';
    exit;
   }

  if (!$midschool)
  {
    echo '<span class=psparkred12>You have not entered a middle school.</span><br />';
   }

  if (!$eleschool)
  {
    echo '<span class=psparkred12>You have not entered an elementary school.</span><br />';
   }

foreach($_POST as $key => $value) {
$$key = addslashes($value);
}

  $db2 = mysql_pconnect('localhost', 'DB_user', 'PASSWORD');
  mysql_select_db('realest1_proppost');
  $query = "INSERT propertys SET propstaddr='$propstaddr', city='$city', state='$state', zip='$zip', proptyp='$proptyp', bednum='$bednum', bathnum='$bathnum', intsqr='$intsqr', lotsize='$lotsize', price='$price', archtype='$archtype', propfeata='$propfeata', propfeatb='$propfeatb', propfeatc='$propfeatc', propfeatd='$propfeatd', propfeate='$propfeate', propfeatf='$propfeatf', propfeatg='$propfeatg', propfeath='$propfeath', highschool='$highschool', midschool='$midschool', eleschool='$eleschool'";
  $result = mysql_query($query) or die(mysql_error());
  if ($result)

echo "<span class=psparkblu12><b>Thank you for submitting your property posting request.</b>
<br><br>Your request will be reviewed and upon approval, your posting will be published 24 hours after receipt of property pictures.<br><br>
A copy of your submitted details will be emailed to you almost immediately.<br>
<br>Please check the email and inform us of any errors as soon as possible.<br><br>
Thank you.<br><br>
<u>IMPORTANT CONDITIONS APPLY</u><br>1. All property postings require atleast 6 pictures of the property before publishing. (Once the above form is submitted and approved, an email will be sent with an email addresse to send property pictures.)<br>
2. Only properties in Southern California will be posted.<br></span><br><a class=pmidblu href=proppost_controlpanel.php>Click here to return to Main Control Panel</br></a>";
} 
else 
{ 
?>

The Journey of a Thousand Miles Begins with the First Step...

 

[redzonne]

Kenrbnsn,

For the script that assure field names match DB column names, use a switch in the foreach loop becaue I want to implememt special checks for different fields

The Journey of a Thousand Miles Begins with the First Step...