Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Insert Into

Status
Not open for further replies.
PCHomepage

PCHomepage

Programmer
Feb 24, 2009
609
US
Even though this relates to MySQL, I think the error must be in the PHP syntax but of so, I cannot spot it. Hopefully another pair of eyes will see the problem!

In this simple code which I've done countless times before, something is throwing an error in Zend Studio. Oddly, the error manifests itself farther down in the script on totally unrelated bits but remarking out the $query_Message variable gets rid of all the other errors. I've tried it with and without the ticks and with and without the single quotes. What's wrong?

Code: 
$query_Message = "INSERT INTO messages (`Name`, `EMail`, `Message`, `MessageDate`, `VisitorIP`, `UserAgent`) VALUES ('$VisitorName', '$VisitorEMail', '$VisitorMessage', $MessageDate, '$VisitorIP', '$UserAgent');

mysql_query ($query_Message);
 
Sort by date Sort by votes
You are never closing the double quotes:

Code: 
$query_Message = [red]"[/red][gray]INSERT INTO messages (`Name`, `EMail`, `Message`, `MessageDate`, `VisitorIP`, `UserAgent`) VALUES ('$VisitorName', '$VisitorEMail', '$VisitorMessage', $MessageDate, '$VisitorIP', '$UserAgent')[/gray][COLOR=white red] [/color];

mysql_query ($query_Message);



----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

Web & Tech
 
Upvote 0 Downvote
Hi, you should secure that code.
Look here:
I would also on top of the example 1 code do some stuff like:
[ul]
[li]strip_tags()[/li]
[li]trim()[/li]
[li]ucwords()[/li]
[li]strtolower()[/li]
[/ul]

And more :)

On the comment, you can consider if you want to let the user use '<b><br><p>' (as a second parameter to the strip_tags().
Also the message date, you should really have a colum in your table with TIMESTAMP DEFAULT CURRENT_TIMESTAMP. If you have yet to add a primary key, I would consider making one when you are first getting dirty.

ps. still you have to check if the e-mail is an e-mail (regular expressions), you should check if the colums have any value after the trim(), strip_tags.. etc.
Code: 
strlen(strip_tags(trim($_...

I usually make some global functions in a functions-script file. Then I can include this functions-file in the other pages and just run a cleanString($value, 'email') (I make the function with parameters, so I can use the same function for different column types).

Olav Alexander Mjelde
 
Upvote 0 Downvote
Thanks. I already have functions like that that are used on some of my various sites' forms but for the sake of the question posted I simplified it only to locate the typo, which has been done. Before it was made "live" it was secured similarly to your suggestion using my existing functions.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

SashaBuilder3
  • Locked
  • Question
import CSV file into MySql table in PhpMyAdmin
Replies
0
Views
226
SashaBuilder3
SashaBuilder3
PeDa
  • Locked
  • Question
unwanted spaces inserted into the middle of php-generated html email body 1
Replies
2
Views
110
PeDa
PeDa
Brianfree
  • Locked
  • Question
split file name into different values
Replies
1
Views
114
spamjim
spamjim
waubain
  • Locked
  • Question
Insert a key:value pair into an array based on another key:value pair 2
Replies
2
Views
87
waubain
waubain
Marine1969
  • Locked
  • Question
Mysql Insert Into not inserting
Replies
1
Views
49
feherke
feherke

Part and Inventory Search

Sponsor

Back
Top