Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    New to the CF scene
    Join Date
    Apr 2013
    Posts
    1
    Thanks
    1
    Thanked 0 Times in 0 Posts

    simple form question

    Hey I'm trying to create a quick sample database. I'm trying to use a form from a html page, then for It to go to a php page and also get imported into my MySQL database. Here is my html code
    Code:
      <form method="post" action="Draft.php">
            	<h2>Player Information</h2>
                
                <div><label>Round:</label>
                	<input type="number" name="Round"
                    id="Round"> </div>
                
                <div><label>Last Name:</label>
                	<input type="text" name="LastName"
                    id="LastName"> </div>
                
                <div><label>First Name:</label>
                	<input type="text" name="FirstName"
                    id="FirstName"> </div>
                    
                <div><label>College:</label>
                	<input type="text" name="College" 
                    id="College"> </div>
                    
                <div><label>Position:</label>
                	<input type="text" name="Position"
                    id="Position"> </div>
                
                <div><label>Height:</label>
                	<input type="text" name="Height"
                    	placeholder="6'0" id="Height"></div>
                    
                <div><label>Weight:</label>
                	<input type="number" name="Weight" id="Weight"></div>
                    
                <div><label>40-Yard Dash</label>
                	<input type="number" name="Dash"
                    	placeholder="4.44" id="Dash"></div><br>
                <div><label>Bench Press</label>
                	<input type="number" name="Bench" id="Bench"></div>
                </div>
                
                <p><input type="submit" name="submit" value="Register"></p>
               </form>
             </body>
     </html>
    and my php code
    [syntax=php]<?php







    $Round = isset($_POST[ "Round" ]) ? $_POST[ "Round" ] : "";
    $LastName = isset($_POST[ "LastName" ]) ? $_POST[ "LastName" ] : "";
    $FirstName = isset($_POST[ "FirstName" ]) ? $_POST[ "FirstName" ] : "";
    $College = isset($_POST[ "College" ]) ? $_POST[ "College" ] : "";
    $Position = isset($_POST[ "Position" ]) ? $_POST[ "Position" ] : "";
    $Height = isset($_POST[ "Height" ]) ? $_POST[ "Height" ] : "";
    $Weight = isset($_POST[ "Weight" ]) ? $_POST[ "Weight" ] : "";
    $Dash = isset($_POST[ "Dash" ]) ? $_POST[ "Dash" ] : "";
    $Bench = isset($_POST[ "Bench" ]) ? $_POST[ "Bench" ] : "";

    $query = "INSERT INTO playerindex " .
    "( Round, LastName, FirstName, College, Position, Height, Weight, Dash, Bench ) ".
    "VALUES ( '$Round', '$LastName', '$FirstName', '$College', '$Position', '$Height', '$Weight', '$Dash', '$Bench' )";
    if ( !($database = mysql_connect("localhost",
    "******", "********")))
    die( "<p>Could not connect to database</p></body></html>");

    if ( !mysql_select_db( "giants2013draft", $database ) )
    die( "<p>Could not open Giants 2013 Draft database</p>
    </body></html>");

    if ( !( $result = mysql_query( $query, $database ) ) )
    {
    print( "<p>Could not execute query!</p>");
    die( mysql_error() . "</body></html>" );
    }
    mysql_close( $database );
    ?>
    [/syntax]
    The error I keep encountering is after I input my information for the form page this shows up "Could not execute query!
    You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '6', '205', '555', '7' )' at line 1"
    can't figure out why i'm getting this. error.

  • #2
    Senior Coder CFMaBiSmAd's Avatar
    Join Date
    Oct 2006
    Location
    Denver, Colorado USA
    Posts
    3,027
    Thanks
    2
    Thanked 315 Times in 307 Posts
    Your height value (probably) contains a ' character in it, which is a special sql character.

    You need to escape all string data values being put into a query to protect against sql injection and to prevent any special sql characters in the data from breaking the syntax of the query statement (or use a prepared query with mysqli or pdo.)
    If you are learning PHP, developing PHP code, or debugging PHP code, do yourself a favor and check your web server log for errors and/or turn on full PHP error reporting in php.ini or in a .htaccess file to get PHP to help you.

  • Users who have thanked CFMaBiSmAd for this post:

    jumpman8947 (04-28-2013)


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •