Posted by Jerim79 on 11/08/06 19:36

Carl wrote:
> Jerim79,
>
> My reply is inline...
>
> Jerim79 wrote:
> >
> > I was able to figure out the POST issue. If you use " in the name on
> > the HTML form, you have to use " in the PHP script. So $_POST['FName']
> > didn't work but $_POST["FName"] does. (I haven't seen this mentioned
> > anywhere.)
> >
>
> I don't believe this to be true. Double quotes should be used for
> parsing variables within a string.
> http://www.php.net/manual/en/language.types.string.php#language.types.string.parsing
> Both double and single quotes work for quoting array indexes. I would
> suggest your problem is elsewhere.
>
> > The other issue I am having, besides the email issue is the database
> > INSERT. Here is the code:
> > $result = mysql_query("INSERT INTO table() VALUES($FName, $LName,
> > $Company, $Title, $Address, $Apt, $City, $State, $Zip, $Phone, $Fax,
> > $Email, $Var1, $Var2, $Var3, $Var4, $Var5)")
> >
> > I know that $FName isn't the proper way to do it. However, when I set
> > it to $_POST["FName"] I get this error:
> >
> > Parse error: syntax error, unexpected '"', expecting T_STRING or
> > T_VARIABLE or T_NUM_STRING in /website/test.php on line 264
>
> You are receiving this error because when you insert the variable
> $_POST["FName"] into your SQL statement, the first double quote is
> ending the quotes you use to enclose your SQL statement.
>
> You have a couple of options, but remember that It is VERY bad practice
> to pass user input (POST/GET) values directly to the database.
>
> The following page describes this problem. I strongly advise you read
> the page carefully and make sure you understand it.
> http://www.php.net/manual/en/function.mysql-real-escape-string.php
>
> > I did insert this command to show any database errors, but it doesn't
> > show any:
> > echo mysql_error($connection)
>
> What was the value of your $result variable? It would be helpful to see
> the relevant code.
>
> Hope this helps,
> Carl.

Carl,

I just read the links you gave me. I am certainly on board with what
they had to say. I do intend to add the functionality to the final
script. What I would like first would be to get the script working.
Right now, this is a dummy script, with access only to a blank table. I
can mess around with it as much as I want. (My boss just gave me this
task as a learning experience.) This is day 2 of my PHP learning
experience. So I am just trying to take it one step at a time. I really
do appreciate your help.

• Next in forum: Re: OT: MySQL And Native File Writes Versus Ports and TCP/IP
• Prev in forum: Re: Database/Email Script
• Thread view: Re: Database/Email Script

[Reply to this message]