|
|
Posted by Carl on 11/08/06 22:50
Reply Inline...
Jerim79 wrote:
>
> Okay, I found something that works. It probably isn't the best way, but
> it works. At the beginning of the script I set each variable to a local
> variable. Such as:
> $FName=$_POST["FName"];
>
> That may not be the best way to do it, but it works. The email script
> is working great now. Which just leaves the MySQL connection. Here is
> the code:
>
> $username='username';
> $password='password';
> $hostname='localhost';
> $databasename='database';
> //Here is where the database connection is actually made
> $conection = mysql_connect($hostname, $username, $password);
> mysql_select_db($databasename) or die ("Cannot connect to
> database" . msyql_error());
> //This sets the query to a variable for easy calling
> $query='INSERT INTO table() VALUES($FName,
> $LName, $Company, $Title, $Address, $Apt, $City, $State, $Zip,
> $Phone,
> $Fax, $Email, $Var1, $Var2, $Var3, $Var4, $Var5)'
> //With the database connection open, I insert the data using
> $query
> $result = mysql_query($query) or die ('Query failed: ' .
> mysql_error());
> //After reading the information into the table, we close the
> database connection
> mysql_close();
>
> The error message I get:
>
> Query failed: Unknown column '$FName' in 'field list'
If you want the variables in your SQL statement to be parsed by the php
interpreter, your SQL statement string needs to be in double quotes.
This behaviour is described here:
http://www.php.net/manual/en/language.types.string.php#language.types.string.parsing
Note that you will still be left with an error as the string values
should themselves be enclosed in single quotes (you're using mysql,
right?). Numeric values do not need to be enclosed in single quotes,
but you must remember to ensure that they are infact numeric values or
cast them explicitly.
$query = "INSERT INTO table() VALUES('$FName', '$LName'...
Alternatively, you can kill two birds with one stone and sanitize the
input while building the SQL statement.
$query = sprintf("INSERT INTO table() VALUES('%s', '$s'...
mysql_real_escape_string($FName),
mysql_real_escape_string($LName),...
>
> If I enclose the variables inside the VALUES() part with quotations,
> such as "$FName", "$LName","$Title" that data does get put into the
> table with no error. Which is to say that $FName gets written to the
> table, and not the data that $FName represents.
As stated above, this is due to the fact that php wil not expand the
value of a variable inside of single quotes. '$var' literally means
'$var'. With "$var", the php interpreter will attempt to resolve to the
value for the variable $var.
Hope that helps,
Carl.
>So I know the database
> connection is working and it is able to write. I tried defining the
> columns in table() such as table(FNAME, LNAME, TITLE) with the same
> error as above. I tried using $_POST[FName] in the VALUES() function
> but it just returns a syntax error and tells me to check the manual for
> my version of MySQL for the correct version. I am running 4.0.1 by the
> way.
Navigation:
[Reply to this message]
|