...

View Full Version : having problems with quotes...



DiarYofaMadmaN
05-20-2004, 01:49 AM
$Query = 'INSERT INTO products SET Cat_ID='$_POST[\'Category'\]', Sub_Cat_ID='$_POST['Subcategory']' , Product_Number='$_POST['Subcategory']' , Product='$_POST['ProductName']' , Man_ID='$_POST['Manufacturers']' , Description='$_POST['Description']' , In_Stock='$_POST['Instock']' , Show_Quanity='$_POST['ShowQuanity']' , Quanity='$_POST['Quanity']' , Cost='$_POST['OurCost']' , Sell_Price='$_POST['SellPrice']' , Taxable='$_POST['Taxable']' , Tax_Price='$_POST['TaxPrice']' , Dementions='$_POST['Dementions1']. X .$_POST['Dementions2']. X .$_POST['Dementions3']' , Weight='$_POST['Weight'].$_POST['WCheck']';

I have such a hard time understanding when to use which quotes and how to break out of them using \... I'm not even sure if that syntax above is correct. If it's not can you help me out on how to fix the syntax? Also can you explain when to use which quotes and how to break out of them?

-peace

Hawkmoon
05-20-2004, 02:13 AM
You're dealing with a couple of issues here.

First off: Quotes - Use " at the beginning of an sql string, then throughout that string use '


$sql = "SELECT * FROM $database WHERE id='foo' ";

If you need to use " in a value do the following:

$sql = "UPDATE $database SET text='\"This is a sql quote\" ' WHERE id='foo' ";

The second issue is using $_POST incorrectly. You should use post to assign the variables in the beginning of your script, then perform any math equations and assign those values to new variables, and finally use all your variables in your script.



foreach($values as $variable) {
${$variable}; //So $_POST['Category'] is now $Category, etc...
}

$Dimensions = $Dimensions1 * $Dimensions2 * $Dimensions3;

$sql = "INSERT INTO products";
$sql .= " SET Cat_ID='$Category',";
$sql .= " Sub_Cat_ID='$Subcategory',";
$sql .= " Product_Number='$Subcategory',";
$sql .= " Dimensions='$Dimensions',";
$sql .= " etc...";


Have fun coding!

DiarYofaMadmaN
05-20-2004, 02:27 AM
You're dealing with a couple of issues here.

First off: Quotes - Use " at the beginning of an sql string, then throughout that string use '


$sql = "SELECT * FROM $database WHERE id='foo' ";

If you need to use " in a value do the following:

$sql = "UPDATE $database SET text='\"This is a sql quote\" ' WHERE id='foo' ";

The second issue is using $_POST incorrectly. You should use post to assign the variables in the beginning of your script, then perform any math equations and assign those values to new variables, and finally use all your variables in your script.



foreach($values as $variable) {
${$variable}; //So $_POST['Category'] is now $Category, etc...
}

$Dimensions = $Dimensions1 * $Dimensions2 * $Dimensions3;

$sql = "INSERT INTO products";
$sql .= " SET Cat_ID='$Category',";
$sql .= " Sub_Cat_ID='$Subcategory',";
$sql .= " Product_Number='$Subcategory',";
$sql .= " Dimensions='$Dimensions',";
$sql .= " etc...";


Have fun coding!

I think you may be wrong about the variables because they are being set using a form, i'm just taking those variables putting them into the query statement then executing the query statement to add them to my database under their correct columns.... I'm also not doing any math here. They are the dementions for the product height width and length which are seperated by X's so for example 1 X 2 X 3 will be added into the database under the Dementions column.

Hawkmoon
05-20-2004, 03:18 AM
Gotcha...so then for the dimension stuff you would do something like this:



$Dimension = "$Dimension1 X $Dimension2 X $Dimension3";

$sql = "INSERT INTO $databse VALUES('$Dimension')";


or



$sql = "INSERT INTO $database VALUES('$Dimension1 X $Dimension2 X $Dimension3')";

raf
05-20-2004, 06:50 AM
whet db-format is that?

the standard syntax for an insert is:

$sql="INSERT INTO tablename (column1, column2, column3) VALUES ('stringvalue', numericvalue, 'stringvalue')";

what you have looks more like an update-query. Or do you use a db-wrapper?


i enclosse my sql-string with double quotes, and then all values of string-typ columns, with single quotes. Values foe a column of a numerical type, don't need to be enclosed in quotes.


So your query should be like

$Query = "INSERT INTO products (Cat_ID, Sub_Cat_ID, Product_Number, etc etc) VALUES (" . $_POST['Category'] . ", " . $_POST['Subcategory'] . ", " . $_POST['Subcategory'] . ", etc etc)";

DiarYofaMadmaN
05-21-2004, 06:10 AM
whet db-format is that?

the standard syntax for an insert is:

$sql="INSERT INTO tablename (column1, column2, column3) VALUES ('stringvalue', numericvalue, 'stringvalue')";

what you have looks more like an update-query. Or do you use a db-wrapper?


i enclosse my sql-string with double quotes, and then all values of string-typ columns, with single quotes. Values foe a column of a numerical type, don't need to be enclosed in quotes.


So your query should be like

$Query = "INSERT INTO products (Cat_ID, Sub_Cat_ID, Product_Number, etc etc) VALUES (" . $_POST['Category'] . ", " . $_POST['Subcategory'] . ", " . $_POST['Subcategory'] . ", etc etc)";

Thanks, I'm also stuck on these stupid sql queries it never fails ehhh.. I desperatly need to learn how to write this query statments correctly cause I'm also stumped on what to do...

Anyways, one more problem I'm having. This may kinda be confusing for me to explain but I'll do my best.

Code:


$formtext = array('Category' , 'Subcategory' , 'ProductNumber' , 'ProductName' , 'Manufacturers' , 'Descriptions' , 'Quantity' , 'OurCost' , 'SellPrice' , 'TaxPrice' , 'Dementions' , 'Weight') ;
$numbers = array('ProductNumber' , 'Quanity' , 'OurCost' , 'SellPrice' , 'TaxPrice' , 'Dementions' , 'Weight');

foreach($formtext as $k=> $v) {
if( ( empty( $k ) ) && ( in_array( $v, $numbers ) ) ) {
$errs[] = "Field ".$v." is required to be filled out in numberic form.";
}elseif( empty( $_POST['k'] ) ) {
$errs[] = "Field ".$v." is required to be filled out.";
}
}

In the formtext array, those values are the exact names of the textboxes and listboxes on my form. The if statements are checking the arrays to see if they are emtpy which in theory i guess isn't by how i coded it. What it needs to be doing is checking to see if the textboxes and listboxes aren't empty. It keeps on printing out Field is required to be filled out.. also field is required to be filled out when it is filled out. I don't understand why it's doing that, can you help me out?

raf
05-21-2004, 09:44 AM
That code looks completely wrong to me.

I would use a different logic.
1) loop through all fromfields and check if they are empty.
2) the ones that are not empty --> check if they appear inside the array with numeric fields.

Like this


$errors='';
foreach($_POST as $var=>$value){
if (strlen($value)>=1){
if ((in_array($var, $numbers)) and (!is_numeric($value))){
$errors .= 'Field ' . $var . ' is required to be filled out in numberic form.';
}
} else {
$errors .= 'Field ' . $var .' is required to be filled out.';
}
}

DiarYofaMadmaN
05-22-2004, 02:15 AM
That code looks completely wrong to me.

I would use a different logic.
1) loop through all fromfields and check if they are empty.
2) the ones that are not empty --> check if they appear inside the array with numeric fields.

Like this


$errors='';
foreach($_POST as $var=>$value){
if (strlen($value)>=1){
if ((in_array($var, $numbers)) and (!is_numeric($value))){
$errors .= 'Field ' . $var . ' is required to be filled out in numberic form.';
}
} else {
$errors .= 'Field ' . $var .' is required to be filled out.';
}
}


Ahha! I did not know you can just use $_POST for all the posted information from a form. Cool :-) Thanks! or maybe not?



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum