Reply to Re: Trouble with $_POST data

Your name:

Reply:


Posted by Jerry Stuckle on 07/01/07 14:39

daGnutt wrote:
> On 1 Juli, 14:26, Todd Michels <t...@nalamail.com> wrote:
>> Hi all,
>>
>> I am trying to send data from a form and insert it into a MSSQL DB.
>>
>> When I submit the data I get: Warning: mssql_query()
>> [function.mssql-query]: message: The name "Todd" is not permitted in
>> this context. Valid expressions are constants, constant expressions, and
>> (in some contexts) variables. Column names are not permitted. (severity
>> 15) in "Myfile"
>>
>> If I don't use the POST data and write the query explicitly, it works.
>>
>> Any help is appreciated.
>>
>> Thanks,
>> Todd
>>
>> WinXP SP2
>> MSSQL Express 2005
>> IIS 5.1
>> PHP 5.2.1
>>
>> It's a basic form:
>>
>> <body>
>> <form id="form1" name="form1" method="post" action="flextest.php">
>> <label>User Name
>> <input name="username" type="text" id="username" />
>> </label>
>> <label>Email Address
>> <input name="emailaddress" type="text" id="emailaddress" />
>> </label>
>> <p>
>> <input type="submit" name="Submit" value="Submit" />
>> </p>
>> </form>
>> </body>
>>
>> And here is the MSSQL insert:
>>
>> if( $_POST["emailaddress"] AND $_POST["username"])
>> {
>> //add the user
>> $Query = sprintf('INSERT INTO users (username, emailaddress)
>> VALUES (%s, %s)', $_POST["username"], $_POST["emailaddress"]);
>>
>> $Result = mssql_query($Query);
>>
>> }
>
> I personally dont know mssql, but it mySQL, the error would lie in
> that non-numerical entires must be surrounded by '"' so try
> $Query = sprintf(INSERT INTO users (username, emailaddress)
> VALUES(\"%s\", \"%s\")', $_POST["username"], $_POST["emailaddress"]);
>

Actually, using double quotes (") is a non-standard MySQL extension to
the SQL standard. It also will fail if MySQL is running in strict mode
and with most other databases.

Single quote (') is the correct delimiter for MySQL and standard SQL.
It should work with MSSQL, also.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация