Unable to insert records in a MYSQL Database using PHP (Coding) ***Correction

[Chelsea7]

I'm having trouble inserting records into a MYSQL database using PHP 5 (don't have the exact version. I can insert records directly in the table itself. What makes this strange is that the code below already exists from prior coding and works fine. I used the same exact syntax for the new database and table, but it will not insert any records. I receive no error messages either. Any suggestions?

------------------------------------------
<?

$conn=mysql_connect("mysql", "User", "Password")or die(mysql_error());
mysql_select_db("eventcal",$conn)or die(mysql_error());

mysql_query("INSERT INTO eventshows(date,event_name,desc,links_page)VALUES
('$_POST[date]','$_POST[event_name]','$_POST[desc]','$_POST[links_page]')");



Print "Thank you for updating the event calendar!";


?>
------------------------------------
MySQL client version: 5.1.55

Thanks
Chelsea

 

[jpadie]

escape all user submitted values before using them in the database. and ensure that they are properly formatted too (e.g. date strings are most easily passed as yyyy-mm-dd).

 

[Chelsea7]

Hello there. I'm not sure what you mean by "escape all user submitted values before using them in the database". Please clarify.

Thank you.

 

[vacunita]

You should not use user submitted values directly in a query. They should be escaped or cleansed prior to being placed in a query. Using mysql_real_eascape_string() function.

i.e. $date = mysql_real_escape_string($_POST['date']);

That however does not directly address why its not inserting.

Try asking mysql for an error on the insert query like you do for the connection and DB selection.

mysql_query("INSERT INTO eventshows(date,event_name,desc,links_page)VALUES
('$_POST[date]','$_POST[event_name]','$_POST[desc]','$_POST[links_page]')")[red][b] or die(mysql_error)[/b][/red];

Also try outputting the generated query to make sure its correct.

echo "INSERT INTO eventshows(date,event_name,desc,links_page)VALUES
('$_POST[date]','$_POST[event_name]','$_POST[desc]','$_POST[links_page]')";


----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown. 

[url=http://behindtheweb.blogspot.com/] Web & Tech [/url]

 

[jpadie]

It would answer the question of why it is not inserting if the date delimiters were coming in as / and not being escaped.

That was the thrust behind my points.

 

[vacunita]

Ahh, did not think of that. But you are of course correct. Unescaped date delimiters may be causing issues.

----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

Web & Tech

 

[Chelsea7]

Hello everyone. Sorry it too me long but I got it to work. It's so strange. For some odd reason, something told me to change the names of the last two fields. Why? I don;t know. But now it works fine. I changed the 'DESC' field to 'Details' and 'Event_Name' to 'Eventname'. Perhaps, the old field names were reserved by mysql or something else.

Thanks everyone.

 

[jpadie]

desc is indeed a reserved word. it is used in order by and similar clauses to mean 'descending'