Alter Table With Variable Problems

[forthfriend]

Hello!

I've got a couple of problems with adding a ($gamename) field to a database and then inserting data ($embedcode) into it using alter table.

Here is my code right now:

PHP Code:

<?php
include "dbconfig.php";
$gamename = $_GET['gamename'];
$embedcode = $_GET['embedcode'];

$query = 'ALTER TABLE `games` ADD `' . $gamename . '` TEXT NOT NULL INSERT INTO `a5740986_games`.`games` (`' . $gamename . '`) VALUES (`' . $embedcode . '`');

$doquery = mysql_query($query);

if (!$doquery) {
    echo "An error occurred, please try again or e-mail csstewart@roadrunner.com."
}

else{
   ob_start();
   echo "Click Here";
   header("Location: http://forthfriendgames.site90.net/admin/");
   ob_flush();
}
?>

This is the error I get:

Parse error: syntax error, unexpected ')' in /home/a5740986/public_html/admin/addgame.php on line 6

Can anybody shine some light on this subject? THANKS a bunch.

Forthfriend
Help -

[rangana]

PHP Code:

/* $query = "ALTER TABLE swat_dev_pending ADD {$gamename} TEXT NOT NULL; INSERT INTO swat_dev_pending ({$gamename}) VALUES ('{$embedcode}')";
$doquery = mysql_query($query) or die(mysql_error()); */ // Error at my end. Anyway:

$query1 = "ALTER TABLE swat_dev_pending ADD {$gamename} TEXT NOT NULL";
$query2 = "INSERT INTO swat_dev_pending ({$gamename}) VALUES ('{$embedcode}')";

$doquery1 = mysql_query($query1) or die(mysql_error()); 
$doquery2 = mysql_query($query2) or die(mysql_error()); 


[forthfriend]

Quote:

Originally Posted by rangana

PHP Code:

/* $query = "ALTER TABLE swat_dev_pending ADD {$gamename} TEXT NOT NULL; INSERT INTO swat_dev_pending ({$gamename}) VALUES ('{$embedcode}')";
$doquery = mysql_query($query) or die(mysql_error()); */ // Error at my end. Anyway:

$query1 = "ALTER TABLE swat_dev_pending ADD {$gamename} TEXT NOT NULL";
$query2 = "INSERT INTO swat_dev_pending ({$gamename}) VALUES ('{$embedcode}')";

$doquery1 = mysql_query($query1) or die(mysql_error()); 
$doquery2 = mysql_query($query2) or die(mysql_error()); 


THANK YOU! Anyway, I am having one of those freak mysql "Check Your Manual" errors . Here is my code:

PHP Code:

<?php
include "dbconfig.php";

$gamename = $_GET['gamename'];
$embedcode = $_GET['embedcode'];

$query1 = "ALTER TABLE games ADD {$gamename}"; 
$query2 = "INSERT INTO games ({$gamename}) VALUES ('{$embedcode}')"; 

$doquery1 = mysql_query($query1) or die(mysql_error());  
$doquery2 = mysql_query($query2) or die(mysql_error());  

?>

This is the url that I am accessing this with:

"http://forthfriendgames.site90.net/admin/addgame.php?gamename=Fancy+Pants+Adventure+2&embedcode=%3Cembed%0D%0Apluginspage%3D%22http%3A%2F%2Fw ww.macromedia.com%2Fgo%2Fgetflashplayer%22%0D%0Atype%3D%22application%2Fx-shockwave-flash%22+allowscriptaccess%3D%22never%22%0D%0Aname%3D%22FlashContent%22+quality%3D%22high%22%0D%0Asr c%3D%22http%3A%2F%2Fwww.addictinggames.com%2FD78AQSAKQLQWI9%2F4555.swf%22%0D%0Aheight%3D%22480%22+wi dth%3D%22720%22%3E%3Cbr%3E%3Ca+border%3D0+href%3D%22http%3A%2F%2Fwww.gigyamailbutton.com%2Fwildfire% 2Fgigyamailbutton.ashx%3Furl%3DaHR*cDovL3d3dy5naWd5YS5jb2*vd2lsZGZpcmUvd2Zwb3AuYXNweD9tb2R1bGU9ZW1ha WwmdXJsPWh*dHAlM*ElMkYlMkZmb3J*aGZyaWVuZCUyRTg5MG*lMkVjb2*lMkZmdW5hbmRnYW1lcyUyRmdhbWVzJTJGZmFuY3lwY W5*czIlMkY%3D%22+target%3D%22_blank%22%3E%3Cimg+src%3D%22http%3A%2F%2Fcdn.gigya.com%2Fwildfire%2Fi%2 FincludeShareButton.gif%22+border%3D%220%22+width%3D%2260%22+height%3D%2220%22+%2F%3E%3C%2Fa%3E%3Cim g+style%3D%22visibility%3Ahidden%3Bwidth%3A0px%3Bheight%3A0px%3B%22+border%3D0+width%3D0+height%3D0+ src%3D%22http%3A%2F%2Fcounters.gigya.com%2Fwildfire%2FIMP%2FCXNID%3D2000002.0NXC%2FbT*xJmx*PTEyMjQ2M zY2NTc5MjYmcHQ9MTIyNDYzNjY1OTc2NyZwPTE5NjE3MSZkPSZnPTEmdD*mbz*2MjVhNDBjMzYxNzg*ZGI1YTcxZjA1MWM*NWEzZ jFlYg%3D%3D.gif%22+%2F%3E"

WOW! Heh. The embedcode went a little overboard don't you think?... Anyway, here is my little error message:

"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Pants Adventure 2' at line 1"

Hmmm. Does anybody know what this might mean? Thanks for your help so far.

Forthfriend

[rangana]

Works fine at my end. Anyway ensure that dbconfig.php has something along these lines:

PHP Code:

$connect=mysql_connect("localhost","root","password"); // Establish a connection 
mysql_select_db('database_name',$connect); // Name of your DB 


[forthfriend]

Quote:

Originally Posted by rangana

Works fine at my end. Anyway ensure that dbconfig.php has something along these lines:

PHP Code:

$connect=mysql_connect("localhost","root","password"); // Establish a connection 
mysql_select_db('database_name',$connect); // Name of your DB 


Here is my dbconfig file:

PHP Code:

<?php
$dbhost = 'mysql3.***************';
$dbuser = 'a5740986_site';
$dbpass = '*************';

$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die
                      ('Error connecting to mysql');

$dbname = 'a5740986_games';
mysql_select_db($dbname,$conn);
?>

When I go to it in my browser, it loads fine. I don't think there is a problem there. Maybe elsewhere?

Here is my submit form: (HTML)

Code:

<form action="addgame.php" method="get"> 
<label>Game Name: <input type="text" name="gamename" /> 
  </label><br /> 
Embed Code:
<TEXTAREA NAME="embedcode" ROWS=6 COLS=40>
</TEXTAREA><br /> 
<input type="submit" value="Submit!" /> 
</form>

I just sends the variables to http://website/admin/addgame.php?gam...embedcode=blah

I wonder what could be wrong...

Here is my error message:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Pants Adventure 2' at line 1

The gamename is Fancy Pants Adventure 2.

Hope I've given enough information to solve this...

Thanks all!

Forthfriend

[Fou-Lu]

Assuming you altered it so that you're actually creating a text field by that name correctly (check you're database), the problem is that it can't identify the fieldname. Backticks like this: ;
$query2 = "INSERT INTO swat_dev_pending (`{$gamename}`) VALUES ('{$embedcode}')"; . Fields with spaces have to be told in SQL that the entirety of the tokens represent the fieldname.
If its not creating the field (which I would expect), you need to surround the name with single quotations in the alter command.

Also, anything coming from a user needs to be escaped. Filter all data through mysql_real_escape_string first, and use my tutorial in the php snippets to remove any slashes added by magic_quotes_gpc. As it stands right now, if magic_quotes_gpc is disabled on you're server I can drop the entire database with one line of input code.

Altering you're table is a bad idea though. Normalize you're table to accept a `gamename` and a `value` field, and use a simple insertion for multiple rows. Altering tables without a model damages you're database design which will ultimately lead to anomalies.

[forthfriend]

Quote:

Originally Posted by Fou-Lu

Assuming you altered it so that you're actually creating a text field by that name correctly (check you're database), the problem is that it can't identify the fieldname. Backticks like this: ;
$query2 = "INSERT INTO swat_dev_pending (`{$gamename}`) VALUES ('{$embedcode}')"; . Fields with spaces have to be told in SQL that the entirety of the tokens represent the fieldname.
If its not creating the field (which I would expect), you need to surround the name with single quotations in the alter command.

Also, anything coming from a user needs to be escaped. Filter all data through mysql_real_escape_string first, and use my tutorial in the php snippets to remove any slashes added by magic_quotes_gpc. As it stands right now, if magic_quotes_gpc is disabled on you're server I can drop the entire database with one line of input code.

Altering you're table is a bad idea though. Normalize you're table to accept a `gamename` and a `value` field, and use a simple insertion for multiple rows. Altering tables without a model damages you're database design which will ultimately lead to anomalies.

About adding rows, is it possible to name individual ones and get a specific one using a code? Here is what I'm using now, which works great for me.

PHP Code:

<?php include 'dbconfig.php';

$query = 'SELECT `' . $game . '` FROM `games`';

$result = mysql_query($query);

if($result) {
      while($row = mysql_fetch_array($result)) {
         echo $row["$game"];
    }
} else {
    die('The game could not be found, please try again.');
}
?>

Is anything like this possible with rows?

Thanks!

Forthfriend

[forthfriend]

YES! I just got it to work!

Here is my final code:

PHP Code:

<?php
include "dbconfig.php";

$gamename = $_GET['gamename'];
$embedcode = $_GET['embedcode'];

$query1 = 'ALTER TABLE `games` ADD `' . $gamename . '` TEXT NOT NULL';
$query2 = 'INSERT INTO `a5740986_games`.`games` (`' . $gamename . '`) VALUES (\'' . $embedcode . '\')';

$doquery1 = mysql_query($query1) or die(mysql_error());  
$doquery2 = mysql_query($query2) or die(mysql_error()); 

$yaymessage = "YES IT WORKED! YAY (if you reach this point...)";
echo $yaymessage;
?>

Yes! It is even complete with a submit form:

(html)

Code:

<form action="addgame.php" method="get"> 
<label>Game Name: <input type="text" name="gamename" /> 
  </label><br /> 
Embed Code:
<TEXTAREA NAME="embedcode" ROWS=6 COLS=40>
</TEXTAREA><br /> 
<input type="submit" value="Submit!" /> 
</form>

Thanks all!

P.S. - How do you write Resolved in front of the thread name?

[rangana]

1. Click the Edit button
2. Go Advanced
3. Change the drop down "prefix" to Resolved

[Fou-Lu]

Quote:

Originally Posted by forthfriend

About adding rows, is it possible to name individual ones and get a specific one using a code? Here is what I'm using now, which works great for me.

PHP Code:

<?php include 'dbconfig.php';

$query = 'SELECT `' . $game . '` FROM `games`';

$result = mysql_query($query);

if($result) {
      while($row = mysql_fetch_array($result)) {
         echo $row["$game"];
    }
} else {
    die('The game could not be found, please try again.');
}
?>

Is anything like this possible with rows?

Thanks!

Forthfriend

Sure.

Code:

CREATE TABLE `games` (
  `Name` varchar(50) NOT NULL,
  `Data` longtext NOT NULL,
  PRIMARY KEY  (`Name`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

Run inserts using the name of the game (thats the field you're adding in), combined with the data. When you select it, you simply select like so:

PHP Code:


$query = 'SELECT `Data` FROM `games` WHERE `Name` = \'' . mysql_real_escape_string($game) . '\''; 


Simple as that. This keeps you're table to only two fields which indexes based on the game name.