Posted by daGnutt on 07/01/07 13:22

On 1 Juli, 14:26, Todd Michels <t...@nalamail.com> wrote:
> Hi all,
>
> I am trying to send data from a form and insert it into a MSSQL DB.
>
> When I submit the data I get: Warning: mssql_query()
> [function.mssql-query]: message: The name "Todd" is not permitted in
> this context. Valid expressions are constants, constant expressions, and
> (in some contexts) variables. Column names are not permitted. (severity
> 15) in "Myfile"
>
> If I don't use the POST data and write the query explicitly, it works.
>
> Any help is appreciated.
>
> Thanks,
> Todd
>
> WinXP SP2
> MSSQL Express 2005
> IIS 5.1
> PHP 5.2.1
>
> It's a basic form:
>
> <body>
> <form id="form1" name="form1" method="post" action="flextest.php">
> <label>User Name
> <input name="username" type="text" id="username" />
> </label>
> <label>Email Address
> <input name="emailaddress" type="text" id="emailaddress" />
> </label>
> <p>
> <input type="submit" name="Submit" value="Submit" />
> </p>
> </form>
> </body>
>
> And here is the MSSQL insert:
>
> if( $_POST["emailaddress"] AND $_POST["username"])
> {
> //add the user
> $Query = sprintf('INSERT INTO users (username, emailaddress)
> VALUES (%s, %s)', $_POST["username"], $_POST["emailaddress"]);
>
> $Result = mssql_query($Query);
>
> }

I personally dont know mssql, but it mySQL, the error would lie in
that non-numerical entires must be surrounded by '"' so try
$Query = sprintf(INSERT INTO users (username, emailaddress)
VALUES(\"%s\", \"%s\")', $_POST["username"], $_POST["emailaddress"]);

[Back to original message]