Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 13 of 13
  1. #1
    Banned
    Join Date
    Sep 2011
    Posts
    140
    Thanks
    17
    Thanked 0 Times in 0 Posts

    Whats wrong with this hectic command?

    PHP Code:
    $query "INSERT INTO products(id, name, brand, country, material, primarycolour, sizes, sizem, sizel, sizexl, price, pricerange) VALUES($_POST['id'], $_POST['name'], $_POST['brand'], $_POST['country'], $_POST['material'], $_POST['primarycolour'], $_POST['sizes'], $_POST['sizem'], $_POST['sizel'], $_POST['sizexl'], $_POST['price'], $_POST['pricerange'])"
    Error:
    PHP Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING
    EDIT: I also tried this:
    PHP Code:
    $query "INSERT INTO products(id, name, brand, country, material, primarycolour, sizes, sizem, sizel, sizexl, price, pricerange) VALUES($_POST['id'], '$_POST["name"]', '$_POST["brand"]', '$_POST["country"]', '$_POST["material"]', '$_POST["primarycolour"]', $_POST['sizes'], $_POST['sizem'], $_POST['sizel'], $_POST['sizexl'], $_POST['price'], $_POST['pricerange'])"
    Last edited by Democrazy; 09-19-2011 at 12:06 PM.

  • #2
    Regular Coder
    Join Date
    Sep 2011
    Posts
    128
    Thanks
    2
    Thanked 21 Times in 21 Posts
    PHP Code:
    $query "INSERT INTO
    `products` (`id`,
    `name`,
    `brand`,
    `country`,
    `material`,
    `primarycolour`,
    `sizes`,
    `sizem`,
    `sizel`,
    `sizexl`,
    `price`,
    `pricerange`)
    VALUES('"
    .$_POST['id']."',
    '"
    .$_POST['name']."',
    '"
    .$_POST['brand']."',
    '"
    .$_POST['country']."',
    '"
    .$_POST['material']."',
    '"
    .$_POST['primarycolour']."',
    '"
    .$_POST['sizes']."',
    '"
    .$_POST['sizem']."',
    '"
    .$_POST['sizel']."',
    '"
    .$_POST['sizexl']."',
    '"
    .$_POST['price']."',
    '"
    .$_POST['pricerange']."')"
    If you want to put variables in a string always use quotes:
    PHP Code:
    $stringA "Test";
    $stringB "Hello ".$stringA.", welcome"
    In SQL a string as value must be with single quotes (')
    And also for table names a column names: use ` between it.
    PHP Code:
    INSERT INTO `my_table_name` (`column1`,`column1`) VALUES ('value1','value2'

    If you want to do this in PHP
    PHP Code:
    $value1 "val1";
    $value2 "val2"

    $query "INSERT INTO `my_table_name` (`column1`,`column1`) VALUES ('".$value1."','".$value2."')";
    // NOTE: Watch out here. When insert a value first put a single quote then a dubble quote infront of the variable (and also a dot ofcourse) 
    NOTE:
    If you use SQL and you want to insert all the column, you wont have to specify them in the query.

    PHP Code:
    CREATE TABLE my_table(
      `
    idINT AUTO_INCREMENT NOT NULL,
      `
    column1NVARCHAR(50NOT NULL,
      `
    column2NVARCHAR(50NOT NULL,
      
    PRIMARY KEY(`id`)
    )

    // If that is your table you can do this:
    $query "INSERT INTO `my_table` VALUES('<ID>','<VAL1>','<VAL2>')" 
    Last edited by Wanna; 09-19-2011 at 12:12 PM. Reason: Adding some SQL code

  • Users who have thanked Wanna for this post:

    Democrazy (09-19-2011)

  • #3
    Banned
    Join Date
    Sep 2011
    Posts
    140
    Thanks
    17
    Thanked 0 Times in 0 Posts
    In regards to your last quote: I was thinking of trying it that way too. Thanks for your advice and input!!

  • #4
    Regular Coder
    Join Date
    Sep 2011
    Posts
    128
    Thanks
    2
    Thanked 21 Times in 21 Posts
    No thanks,

    I posted some more code for you

    If you use SQL and you want to insert all the columns, you wont have to specify them in the query.


    PHP Code:
    CREATE TABLE my_table
      `
    idINT AUTO_INCREMENT NOT NULL
      `
    column1NVARCHAR(50NOT NULL
      `
    column2NVARCHAR(50NOT NULL
      
    PRIMARY KEY(`id`) 


    // If that is your table you can do this: 
    $query "INSERT INTO `my_table` VALUES('<ID>','<VAL1>','<VAL2>')"

  • #5
    Banned
    Join Date
    Sep 2011
    Posts
    140
    Thanks
    17
    Thanked 0 Times in 0 Posts
    WooooWWWW man! That just burnt my mind out! :P

    Thanks for the extra code.
    PHP is pretty fascinating is it not?! It can do so much in so many ways!

  • #6
    Regular Coder
    Join Date
    Sep 2011
    Posts
    128
    Thanks
    2
    Thanked 21 Times in 21 Posts
    The last code isn't PHP but SQL

    But yes, I agree. PHP is very fascinating.
    You can do the same thing on so many different ways.

    If you have a huge SQL command like this one, it is the best to seperate the lines like i did.
    If you do so, you can see eveything better. a adjusment is done quickly without looking for the correct part.
    Last edited by Wanna; 09-19-2011 at 12:47 PM.

  • #7
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,312
    Thanks
    58
    Thanked 525 Times in 512 Posts
    Blog Entries
    5
    Actually, try this instead:

    PHP Code:
    $query "INSERT INTO
    `products` (`id`,
    `name`,
    `brand`,
    `country`,
    `material`,
    `primarycolour`,
    `sizes`,
    `sizem`,
    `sizel`,
    `sizexl`,
    `price`,
    `pricerange`)
    VALUES('$_POST[id]',
    '$_POST[name]',
    '$_POST[brand]',
    '$_POST[country]',
    '$_POST[material]',
    '$_POST[primarycolour]',
    '$_POST[sizes]',
    '$_POST[sizem]',
    '$_POST[sizel]',
    '$_POST[sizexl]',
    '$_POST[price]',
    '$_POST[pricerange]')"

    Quote Originally Posted by Wanna View Post
    If you want to put variables in a string always use quotes:
    PHP Code:
    $stringA "Test";
    $stringB "Hello ".$stringA.", welcome"
    No thats not correct. Also your use of double quotes is wrong. Double quotes cause PHP to inspect the string and look for variables to replace which wastes CPU resources. Single quotes are used litertally - what you see is what you get. This is the better way:

    PHP Code:
    $stringA 'there';
    $stringB "Hello $stringA, welcome"
    If you have any doubts about the use of quotes please see the quotes link in my signature.

    Quote Originally Posted by Wanna View Post
    In SQL a string as value must be with single quotes (')
    Correct but you can still use variables inside it because if the SQL is inside double quotes.

    Quote Originally Posted by Wanna View Post
    And also for table names a column names: use ` between it.
    PHP Code:
    INSERT INTO `my_table_name` (`column1`,`column1`) VALUES ('value1','value2'
    There is still mixed opinion over this due to differences between mysql4 and mysql 5. Using the ` does work but it also works without them.

    Quote Originally Posted by Wanna View Post
    If you want to do this in PHP
    PHP Code:
    $query "INSERT INTO `my_table_name` (`column1`,`column1`) VALUES ('".$value1."','".$value2."')";
    // NOTE: Watch out here. When insert a value first put a single quote then a dubble quote infront of the variable (and also a dot ofcourse) 
    No thats not necessary at all. You're teaching the long and hard method. All you need to do is this:

    PHP Code:
    $query "INSERT INTO `my_table_name` (`column1`,`column1`) VALUES ('$value1', '$value2')"
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #8
    Regular Coder
    Join Date
    Sep 2011
    Posts
    128
    Thanks
    2
    Thanked 21 Times in 21 Posts
    Quote Originally Posted by tangoforce View Post
    Actually, try this instead:

    PHP Code:
    $query "INSERT INTO
    `products` (`id`,
    `name`,
    `brand`,
    `country`,
    `material`,
    `primarycolour`,
    `sizes`,
    `sizem`,
    `sizel`,
    `sizexl`,
    `price`,
    `pricerange`)
    VALUES('$_POST[id]',
    '$_POST[name]',
    '$_POST[brand]',
    '$_POST[country]',
    '$_POST[material]',
    '$_POST[primarycolour]',
    '$_POST[sizes]',
    '$_POST[sizem]',
    '$_POST[sizel]',
    '$_POST[sizexl]',
    '$_POST[price]',
    '$_POST[pricerange]')"

    No thats not correct. Also your use of double quotes is wrong. Double quotes cause PHP to inspect the string and look for variables to replace which wastes CPU resources. Single quotes are used litertally - what you see is what you get. This is the better way:

    PHP Code:
    $stringA 'there';
    $stringB "Hello $stringA, welcome"
    If you have any doubts about the use of quotes please see the quotes link in my signature.

    No thats not necessary at all. You're teaching the long and hard method. All you need to do is this:

    PHP Code:
    $query "INSERT INTO `my_table_name` (`column1`,`column1`) VALUES ('$value1', '$value2')"
    I dont have any doubts about the quotes.
    When i started learning PHP i always learned to keep the string and variables seperate from eachother. (This also happens in the most other popular script languages)
    If you teach yourself the correct way for doing it, you wont have problems to learn other languages.

  • #9
    Banned
    Join Date
    Sep 2011
    Posts
    140
    Thanks
    17
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by tangoforce View Post
    Also your use of double quotes is wrong. Double quotes cause PHP to inspect the string and look for variables to replace which wastes CPU resources.
    I like the way you think. IMO, this is one the key things that set a good programmer from a great programmer apart.

  • #10
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,312
    Thanks
    58
    Thanked 525 Times in 512 Posts
    Blog Entries
    5
    Quote Originally Posted by Wanna View Post
    When i started learning PHP i always learned to keep the string and variables seperate from eachother. (This also happens in the most other popular script languages)
    If you teach yourself the correct way for doing it, you wont have problems to learn other languages.
    The key issue here is that PHP is NOT other languages. It is its own language in its own right. The way you've written your code will waste CPU resources. On a shared server this slows things down and that is why you should be learning from and accepting what I am saying. When writing PHP code you need it to be fast and efficient so that the multiple users who may be on your site at the same time can actually use it without performance problems.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #11
    Super Moderator Inigoesdr's Avatar
    Join Date
    Mar 2007
    Location
    Florida, USA
    Posts
    3,642
    Thanks
    2
    Thanked 405 Times in 397 Posts
    Quote Originally Posted by tangoforce View Post
    Actually, try this instead
    Actually, don't insert POST variables directly in to SQL at all, and don't interpolate a string when you don't need to. Separating the variables is far easier to read and allows them to be highlighted in your editor easily. If you were dead set on keeping your double quotes wrap the POST variables in curly brackets so you can keep the inner quotes. That makes it a lot easier to read and spot code errors.

    Quote Originally Posted by tangoforce View Post
    No thats not correct. Also your use of double quotes is wrong. Double quotes cause PHP to inspect the string and look for variables to replace which wastes CPU resources.
    Which you are suggesting he continue to do for some reason..
    Quote Originally Posted by tangoforce View Post
    There is still mixed opinion over this due to differences between mysql4 and mysql 5. Using the ` does work but it also works without them.
    You should always use backticks for your field as it is best practice. The reason for this is it allows you to use characters that would otherwise break the SQL syntax, and it's cleaner to read. Lots of things work, that doesn't make them a good idea. Just ask people who use register_globals, or anyone who has had to rewrite code because it depended on a feature like that.

  • #12
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,312
    Thanks
    58
    Thanked 525 Times in 512 Posts
    Blog Entries
    5
    Quote Originally Posted by Inigoesdr View Post
    Which you are suggesting he continue to do for some reason..
    It appears you've misunderstood my post. If you look again, you will see I recommended the use of double quotes when there is a variable inside it and to use single quotes when there is text only with no variable.

    While I admit using $_POST in an SQL string is not wise, the user wanted to know what was wrong and why it wouldn't work. I've just simplified it.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #13
    Regular Coder
    Join Date
    Sep 2011
    Posts
    128
    Thanks
    2
    Thanked 21 Times in 21 Posts
    Quote Originally Posted by tangoforce View Post
    The key issue here is that PHP is NOT other languages. It is its own language in its own right. The way you've written your code will waste CPU resources. On a shared server this slows things down and that is why you should be learning from and accepting what I am saying. When writing PHP code you need it to be fast and efficient so that the multiple users who may be on your site at the same time can actually use it without performance problems.
    Like i said, I learned it this way but i didn`t know dubble quotes would take more CPU.
    I will try to remeber this next time i write a code.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •