...

View Full Version : Whats wrong with this hectic command?



Democrazy
09-19-2011, 11:54 AM
$query = "INSERT INTO products(id, name, brand, country, material, primarycolour, sizes, sizem, sizel, sizexl, price, pricerange) VALUES($_POST['id'], $_POST['name'], $_POST['brand'], $_POST['country'], $_POST['material'], $_POST['primarycolour'], $_POST['sizes'], $_POST['sizem'], $_POST['sizel'], $_POST['sizexl'], $_POST['price'], $_POST['pricerange'])";

Error:

PHP Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING

EDIT: I also tried this:

$query = "INSERT INTO products(id, name, brand, country, material, primarycolour, sizes, sizem, sizel, sizexl, price, pricerange) VALUES($_POST['id'], '$_POST["name"]', '$_POST["brand"]', '$_POST["country"]', '$_POST["material"]', '$_POST["primarycolour"]', $_POST['sizes'], $_POST['sizem'], $_POST['sizel'], $_POST['sizexl'], $_POST['price'], $_POST['pricerange'])";

Wanna
09-19-2011, 12:07 PM
$query = "INSERT INTO
`products` (`id`,
`name`,
`brand`,
`country`,
`material`,
`primarycolour`,
`sizes`,
`sizem`,
`sizel`,
`sizexl`,
`price`,
`pricerange`)
VALUES('".$_POST['id']."',
'".$_POST['name']."',
'".$_POST['brand']."',
'".$_POST['country']."',
'".$_POST['material']."',
'".$_POST['primarycolour']."',
'".$_POST['sizes']."',
'".$_POST['sizem']."',
'".$_POST['sizel']."',
'".$_POST['sizexl']."',
'".$_POST['price']."',
'".$_POST['pricerange']."')";



If you want to put variables in a string always use quotes:


$stringA = "Test";
$stringB = "Hello ".$stringA.", welcome";


In SQL a string as value must be with single quotes (')
And also for table names a column names: use ` between it.


INSERT INTO `my_table_name` (`column1`,`column1`) VALUES ('value1','value2')



If you want to do this in PHP


$value1 = "val1";
$value2 = "val2"

$query = "INSERT INTO `my_table_name` (`column1`,`column1`) VALUES ('".$value1."','".$value2."')";
// NOTE: Watch out here. When insert a value first put a single quote then a dubble quote infront of the variable (and also a dot ofcourse)


NOTE:
If you use SQL and you want to insert all the column, you wont have to specify them in the query.



CREATE TABLE my_table(
`id` INT AUTO_INCREMENT NOT NULL,
`column1` NVARCHAR(50) NOT NULL,
`column2` NVARCHAR(50) NOT NULL,
PRIMARY KEY(`id`)
)

// If that is your table you can do this:
$query = "INSERT INTO `my_table` VALUES('<ID>','<VAL1>','<VAL2>')"

Democrazy
09-19-2011, 12:10 PM
In regards to your last quote: I was thinking of trying it that way too. Thanks for your advice and input!!

Wanna
09-19-2011, 12:14 PM
No thanks,

I posted some more code for you ;)

If you use SQL and you want to insert all the columns, you wont have to specify them in the query.




CREATE TABLE my_table(
`id` INT AUTO_INCREMENT NOT NULL,
`column1` NVARCHAR(50) NOT NULL,
`column2` NVARCHAR(50) NOT NULL,
PRIMARY KEY(`id`)
)

// If that is your table you can do this:
$query = "INSERT INTO `my_table` VALUES('<ID>','<VAL1>','<VAL2>')";

Democrazy
09-19-2011, 12:40 PM
WooooWWWW man! That just burnt my mind out! :P

Thanks for the extra code.
PHP is pretty fascinating is it not?! It can do so much in so many ways!

Wanna
09-19-2011, 12:43 PM
The last code isn't PHP but SQL

But yes, I agree. PHP is very fascinating.
You can do the same thing on so many different ways.

If you have a huge SQL command like this one, it is the best to seperate the lines like i did.
If you do so, you can see eveything better. a adjusment is done quickly without looking for the correct part.

tangoforce
09-19-2011, 01:53 PM
Actually, try this instead:



$query = "INSERT INTO
`products` (`id`,
`name`,
`brand`,
`country`,
`material`,
`primarycolour`,
`sizes`,
`sizem`,
`sizel`,
`sizexl`,
`price`,
`pricerange`)
VALUES('$_POST[id]',
'$_POST[name]',
'$_POST[brand]',
'$_POST[country]',
'$_POST[material]',
'$_POST[primarycolour]',
'$_POST[sizes]',
'$_POST[sizem]',
'$_POST[sizel]',
'$_POST[sizexl]',
'$_POST[price]',
'$_POST[pricerange]')";





If you want to put variables in a string always use quotes:


$stringA = "Test";
$stringB = "Hello ".$stringA.", welcome";



No thats not correct. Also your use of double quotes is wrong. Double quotes cause PHP to inspect the string and look for variables to replace which wastes CPU resources. Single quotes are used litertally - what you see is what you get. This is the better way:



$stringA = 'there';
$stringB = "Hello $stringA, welcome";


If you have any doubts about the use of quotes please see the quotes link in my signature.



In SQL a string as value must be with single quotes (')


Correct but you can still use variables inside it because if the SQL is inside double quotes.



And also for table names a column names: use ` between it.


INSERT INTO `my_table_name` (`column1`,`column1`) VALUES ('value1','value2')



There is still mixed opinion over this due to differences between mysql4 and mysql 5. Using the ` does work but it also works without them.



If you want to do this in PHP


$query = "INSERT INTO `my_table_name` (`column1`,`column1`) VALUES ('".$value1."','".$value2."')";
// NOTE: Watch out here. When insert a value first put a single quote then a dubble quote infront of the variable (and also a dot ofcourse)



No thats not necessary at all. You're teaching the long and hard method. All you need to do is this:



$query = "INSERT INTO `my_table_name` (`column1`,`column1`) VALUES ('$value1', '$value2')";

Wanna
09-19-2011, 02:04 PM
Actually, try this instead:



$query = "INSERT INTO
`products` (`id`,
`name`,
`brand`,
`country`,
`material`,
`primarycolour`,
`sizes`,
`sizem`,
`sizel`,
`sizexl`,
`price`,
`pricerange`)
VALUES('$_POST[id]',
'$_POST[name]',
'$_POST[brand]',
'$_POST[country]',
'$_POST[material]',
'$_POST[primarycolour]',
'$_POST[sizes]',
'$_POST[sizem]',
'$_POST[sizel]',
'$_POST[sizexl]',
'$_POST[price]',
'$_POST[pricerange]')";



No thats not correct. Also your use of double quotes is wrong. Double quotes cause PHP to inspect the string and look for variables to replace which wastes CPU resources. Single quotes are used litertally - what you see is what you get. This is the better way:



$stringA = 'there';
$stringB = "Hello $stringA, welcome";


If you have any doubts about the use of quotes please see the quotes link in my signature.

No thats not necessary at all. You're teaching the long and hard method. All you need to do is this:



$query = "INSERT INTO `my_table_name` (`column1`,`column1`) VALUES ('$value1', '$value2')";


I dont have any doubts about the quotes.
When i started learning PHP i always learned to keep the string and variables seperate from eachother. (This also happens in the most other popular script languages)
If you teach yourself the correct way for doing it, you wont have problems to learn other languages.

Democrazy
09-19-2011, 03:10 PM
Also your use of double quotes is wrong. Double quotes cause PHP to inspect the string and look for variables to replace which wastes CPU resources.

I like the way you think. IMO, this is one the key things that set a good programmer from a great programmer apart.

tangoforce
09-19-2011, 04:43 PM
When i started learning PHP i always learned to keep the string and variables seperate from eachother. (This also happens in the most other popular script languages)
If you teach yourself the correct way for doing it, you wont have problems to learn other languages.

The key issue here is that PHP is NOT other languages. It is its own language in its own right. The way you've written your code will waste CPU resources. On a shared server this slows things down and that is why you should be learning from and accepting what I am saying. When writing PHP code you need it to be fast and efficient so that the multiple users who may be on your site at the same time can actually use it without performance problems.

Inigoesdr
09-19-2011, 05:32 PM
Actually, try this instead
Actually, don't insert POST variables directly in to SQL at all, and don't interpolate a string when you don't need to. Separating the variables is far easier to read and allows them to be highlighted in your editor easily. If you were dead set on keeping your double quotes wrap the POST variables in curly brackets so you can keep the inner quotes. That makes it a lot easier to read and spot code errors.


No thats not correct. Also your use of double quotes is wrong. Double quotes cause PHP to inspect the string and look for variables to replace which wastes CPU resources.
Which you are suggesting he continue to do for some reason..

There is still mixed opinion over this due to differences between mysql4 and mysql 5. Using the ` does work but it also works without them.
You should always use backticks for your field as it is best practice. The reason for this is it allows you to use characters that would otherwise break the SQL syntax, and it's cleaner to read. Lots of things work, that doesn't make them a good idea. Just ask people who use register_globals, or anyone who has had to rewrite code because it depended on a feature like that.

tangoforce
09-19-2011, 05:42 PM
Which you are suggesting he continue to do for some reason..


It appears you've misunderstood my post. If you look again, you will see I recommended the use of double quotes when there is a variable inside it and to use single quotes when there is text only with no variable.

While I admit using $_POST in an SQL string is not wise, the user wanted to know what was wrong and why it wouldn't work. I've just simplified it.

Wanna
09-20-2011, 07:25 AM
The key issue here is that PHP is NOT other languages. It is its own language in its own right. The way you've written your code will waste CPU resources. On a shared server this slows things down and that is why you should be learning from and accepting what I am saying. When writing PHP code you need it to be fast and efficient so that the multiple users who may be on your site at the same time can actually use it without performance problems.

Like i said, I learned it this way but i didn`t know dubble quotes would take more CPU.
I will try to remeber this next time i write a code.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum