Posted by Carl on 11/08/06 18:20

Jerim79,

My reply is inline...

Jerim79 wrote:
>
> I was able to figure out the POST issue. If you use " in the name on
> the HTML form, you have to use " in the PHP script. So $_POST['FName']
> didn't work but $_POST["FName"] does. (I haven't seen this mentioned
> anywhere.)
>

I don't believe this to be true. Double quotes should be used for
parsing variables within a string.
http://www.php.net/manual/en/language.types.string.php#language.types.string.parsing
Both double and single quotes work for quoting array indexes. I would
suggest your problem is elsewhere.

> The other issue I am having, besides the email issue is the database
> INSERT. Here is the code:
> $result = mysql_query("INSERT INTO table() VALUES($FName, $LName,
> $Company, $Title, $Address, $Apt, $City, $State, $Zip, $Phone, $Fax,
> $Email, $Var1, $Var2, $Var3, $Var4, $Var5)")
>
> I know that $FName isn't the proper way to do it. However, when I set
> it to $_POST["FName"] I get this error:
>
> Parse error: syntax error, unexpected '"', expecting T_STRING or
> T_VARIABLE or T_NUM_STRING in /website/test.php on line 264

You are receiving this error because when you insert the variable
$_POST["FName"] into your SQL statement, the first double quote is
ending the quotes you use to enclose your SQL statement.

You have a couple of options, but remember that It is VERY bad practice
to pass user input (POST/GET) values directly to the database.

The following page describes this problem. I strongly advise you read
the page carefully and make sure you understand it.
http://www.php.net/manual/en/function.mysql-real-escape-string.php

> I did insert this command to show any database errors, but it doesn't
> show any:
> echo mysql_error($connection)

What was the value of your $result variable? It would be helpful to see
the relevant code.

Hope this helps,
Carl.

[Back to original message]