...

View Full Version : INSERT INTO problem



zodehala
01-23-2012, 11:27 AM
<form id="form1" name="form1" method="post" action="reg.php?f=ok">
<table width="70%" border="0" cellspacing="1">
<tr><td>note :</td><td><textarea name="note" id="note" cols="64" rows="3" tabindex="8"></textarea></td></tr>
<tr><td colspan="2"><input type="submit" name="button" id="button" value="Gonder" tabindex="17"/></td></tr>
</table>
</form>


reg.php


switch($_REQUEST["f"])
{
case "ok":
$note = htmlspecialchars(trim($_POST["note"]));
$sql = "INSERT INTO siparis VALUES
('$telno','$tadet','$note'),
('$telno','$tadet','$note'),
('$telno','$tadet','$note')
";

if(!mysql_query($sql)){echo mysql_errno()."<br/>".mysql_error();
}else{echo '<script language="javascript">alert("ok.");</script>';}

break;
}


altough table column is `note` varchar(5000) NOT NULL DEFAULT '' i can not insert char more than 1. where is the problem ?

KuriosJon
01-23-2012, 11:42 AM
I can't speak to the issue with your database insertion, but make sure you're escaping ANY data sent from the user to your database using mysql_real_escape_string() (http://us3.php.net/manual/en/function.mysql-real-escape-string.php).

If you don't, I can use SQL injection attacks to mess up your entire database.

tangoforce
01-23-2012, 01:52 PM
reg.php



$sql = "INSERT INTO siparis VALUES
('$telno','$tadet','$note'),
('$telno','$tadet','$note'),
('$telno','$tadet','$note')
";



You haven't named the columns you want the data inserted into - it should be like this:

insert into <table> (column1, column2, column3) values (value1, value2, value3), (value1, value2, value3), (vaue1, value2, value3)

Keleth
01-23-2012, 01:54 PM
You haven't named the columns you want the data inserted into - it should be like this:

insert into <table> (column1, column2, column3) values (value1, value2, value3), (value1, value2, value3), (vaue1, value2, value3)

That syntax actually isn't required, but is recommended, as its easier to see where you go wrong. Doing without the column names assumes the first value is for the first column, the second value for the second column, etc.

zodehala - if you echo $sql, does it look right? Also, if you're doing varcode 5000, any reason not to do text? Or do you know its going to end up at most at 5k?

tangoforce
01-23-2012, 02:05 PM
That syntax actually isn't required, but is recommended, as its easier to see where you go wrong. Doing without the column names assumes the first value is for the first column, the second value for the second column, etc.


Yes and having an 'id' colum as the first column would screw your explanation over completely hence my post.

IMO you should always declare what columns you are inserting into otherwise you run into situations like this topic. Perhaps you should consider that :rolleyes:

BluePanther
01-23-2012, 05:44 PM
<form id="form1" name="form1" method="post" action="reg.php?f=ok">
<table width="70%" border="0" cellspacing="1">
<tr><td>note :</td><td><textarea name="note" id="note" cols="64" rows="3" tabindex="8"></textarea></td></tr>
<tr><td colspan="2"><input type="submit" name="button" id="button" value="Gonder" tabindex="17"/></td></tr>
</table>
</form>


reg.php


switch($_REQUEST["f"])
{
case "ok":
$note = htmlspecialchars(trim($_POST["note"]));
$sql = "INSERT INTO siparis VALUES
('$telno','$tadet','$note'),
('$telno','$tadet','$note'),
('$telno','$tadet','$note')
";

if(!mysql_query($sql)){echo mysql_errno()."<br/>".mysql_error();
}else{echo '<script language="javascript">alert("ok.");</script>';}

break;
}


altough table column is `note` varchar(5000) NOT NULL DEFAULT '' i can not insert char more than 1. where is the problem ?

I'm guessing $telno is defined somewhere else, along with $taget. Also, your query will insert the exacty same results 3 times, that's a bit odd?

$_POST['note'] is the only POST value coming in from your form, so where does $telno and $taget come from?

zodehala
01-24-2012, 08:54 AM
I'm guessing $telno is defined somewhere else, along with $taget. Also, your query will insert the exacty same results 3 times, that's a bit odd?

$_POST['note'] is the only POST value coming in from your form, so where does $telno and $taget come from?

i am geting variable and value using following command to test

foreach($_POST as $a=>$b){

echo $a." - ". $b."<br/>";
}

its output is correct


note - MySQL is the cross-platform open source database server software used extensively in web development and implementaion. It lacks many advanced features that are taken for granted in the enterprise systems, but

namely problem occurs during db recording

BluePanther
01-24-2012, 09:06 AM
'$telno','$tadet'

Where do they come from? That's what I was talking about - I don't see anywhere that they're assigned.

zodehala
01-24-2012, 09:51 AM
'$telno','$tadet'

Where do they come from? That's what I was talking about - I don't see anywhere that they're assigned.

this is full form


<form id="form1" name="form1" method="post" action="reg.php?f=ok">
<label for="telno"></label>
<input type="text" name="telno" id="telno" />
<br />
<label for="teadet"></label>
<input type="text" name="tadet" id="teadet" />
<br />
<label for="note"></label>
<textarea name="note" id="note" cols="45" rows="5"></textarea>
<br />
<input type="submit" name="gonder" id="gonder" value="Submit" />
<br />
</form>




$note = htmlspecialchars(trim($_POST["note"]));
$telno = htmlspecialchars(trim($_POST["telno"]));
$tadet = htmlspecialchars(trim($_POST["tadet"]));

tangoforce
01-24-2012, 01:33 PM
Seems like we're going off topic now looking at the source of the variables rather than the format of the SQL.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum