Reply to Re: Trouble with $_POST data

Your name:

Reply:


Posted by Norman Peelman on 07/01/07 23:04

Todd Michels wrote:
> daGnutt wrote:
>> On 1 Juli, 14:26, Todd Michels <t...@nalamail.com> wrote:
>>> Hi all,
>>>
>>> I am trying to send data from a form and insert it into a MSSQL DB.
>>>
>>> When I submit the data I get: Warning: mssql_query()
>>> [function.mssql-query]: message: The name "Todd" is not permitted in
>>> this context. Valid expressions are constants, constant expressions, and
>>> (in some contexts) variables. Column names are not permitted. (severity
>>> 15) in "Myfile"
>>>
>>> If I don't use the POST data and write the query explicitly, it works.
>>>
>>> Any help is appreciated.
>>>
>>> Thanks,
>>> Todd
>>>
>>> WinXP SP2
>>> MSSQL Express 2005
>>> IIS 5.1
>>> PHP 5.2.1
>>>
>>> It's a basic form:
>>>
>>> <body>
>>> <form id="form1" name="form1" method="post" action="flextest.php">
>>> <label>User Name
>>> <input name="username" type="text" id="username" />
>>> </label>
>>> <label>Email Address
>>> <input name="emailaddress" type="text" id="emailaddress" />
>>> </label>
>>> <p>
>>> <input type="submit" name="Submit" value="Submit" />
>>> </p>
>>> </form>
>>> </body>
>>>
>>> And here is the MSSQL insert:
>>>
>>> if( $_POST["emailaddress"] AND $_POST["username"])
>>> {
>>> //add the user
>>> $Query = sprintf('INSERT INTO users (username, emailaddress)
>>> VALUES (%s, %s)', $_POST["username"], $_POST["emailaddress"]);
>>>
>>> $Result = mssql_query($Query);
>>>
>>> }
>>
>> I personally dont know mssql, but it mySQL, the error would lie in
>> that non-numerical entires must be surrounded by '"' so try
>> $Query = sprintf(INSERT INTO users (username, emailaddress)
>> VALUES(\"%s\", \"%s\")', $_POST["username"], $_POST["emailaddress"]);
>>
>
> Thanks for the suggestion, and you were close. This is the command that
> actually worked.
>
> $Query = sprintf('INSERT INTO users (username, emailaddress)
> VALUES("%s", "%s")', $_POST["username"], $_POST["emailaddress"]);
>
> Thanks again.

If you aren't doing anything special with sprintf (if you don't
neccessarily need it) then the following works as expected:

$Query = "(INSERT INTO users (username, emailaddress)
VALUES('$_POST[username]', '$_POST[emailaddress]')";

but that's not accounting for the cleansing of variables.

Norm

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация