Posted by Rami Elomaa on 07/02/07 15:22

Brendan Gillatt kirjoitti:
> On Sun, 01 Jul 2007 08:26:10 -0400, Todd Michels <todd@nalamail.com>
> wrote:
>
>> Hi all,
>>
>> I am trying to send data from a form and insert it into a MSSQL DB.
>>
>> When I submit the data I get: Warning: mssql_query()
>> [function.mssql-query]: message: The name "Todd" is not permitted in
>> this context. Valid expressions are constants, constant expressions, and
>> (in some contexts) variables. Column names are not permitted. (severity
>> 15) in "Myfile"
>>
>> If I don't use the POST data and write the query explicitly, it works.
>>
>> Any help is appreciated.
>>
>> Thanks,
>> Todd
>>
>> WinXP SP2
>> MSSQL Express 2005
>> IIS 5.1
>> PHP 5.2.1
>>
>> It's a basic form:
>>
>> <body>
>> <form id="form1" name="form1" method="post" action="flextest.php">
>> <label>User Name
>> <input name="username" type="text" id="username" />
>> </label>
>> <label>Email Address
>> <input name="emailaddress" type="text" id="emailaddress" />
>> </label>
>> <p>
>> <input type="submit" name="Submit" value="Submit" />
>> </p>
>> </form>
>> </body>
>>
>> And here is the MSSQL insert:
>>
>> if( $_POST["emailaddress"] AND $_POST["username"])
>> {
>> //add the user
>> $Query = sprintf('INSERT INTO users (username, emailaddress)
>> VALUES (%s, %s)', $_POST["username"], $_POST["emailaddress"]);
>>
>> $Result = mssql_query($Query);
>> }
>
> You could try doing $_POST[username] (remove the quotes) and seeing if
> that makes a difference.

It won't make a difference 'cos that's not the issue. And like Jerry
already said, it will make it even worse.

--
Rami.Elomaa@gmail.com

"Wikipedia on vähän niinq internetin raamattu, kukaan ei pohjimmiltaan
usko siihen ja kukaan ei tiedä mikä pitää paikkansa." -- z00ze

[Back to original message]