Hello and welcome to our community! Is this your first visit?
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    New to the CF scene
    Join Date
    Apr 2013
    Thanked 0 Times in 0 Posts

    simple form question

    Hey I'm trying to create a quick sample database. I'm trying to use a form from a html page, then for It to go to a php page and also get imported into my MySQL database. Here is my html code
      <form method="post" action="Draft.php">
            	<h2>Player Information</h2>
                	<input type="number" name="Round"
                    id="Round"> </div>
                <div><label>Last Name:</label>
                	<input type="text" name="LastName"
                    id="LastName"> </div>
                <div><label>First Name:</label>
                	<input type="text" name="FirstName"
                    id="FirstName"> </div>
                	<input type="text" name="College" 
                    id="College"> </div>
                	<input type="text" name="Position"
                    id="Position"> </div>
                	<input type="text" name="Height"
                    	placeholder="6'0" id="Height"></div>
                	<input type="number" name="Weight" id="Weight"></div>
                <div><label>40-Yard Dash</label>
                	<input type="number" name="Dash"
                    	placeholder="4.44" id="Dash"></div><br>
                <div><label>Bench Press</label>
                	<input type="number" name="Bench" id="Bench"></div>
                <p><input type="submit" name="submit" value="Register"></p>
    and my php code

    $Round = isset($_POST[ "Round" ]) ? $_POST[ "Round" ] : "";
    $LastName = isset($_POST[ "LastName" ]) ? $_POST[ "LastName" ] : "";
    $FirstName = isset($_POST[ "FirstName" ]) ? $_POST[ "FirstName" ] : "";
    $College = isset($_POST[ "College" ]) ? $_POST[ "College" ] : "";
    $Position = isset($_POST[ "Position" ]) ? $_POST[ "Position" ] : "";
    $Height = isset($_POST[ "Height" ]) ? $_POST[ "Height" ] : "";
    $Weight = isset($_POST[ "Weight" ]) ? $_POST[ "Weight" ] : "";
    $Dash = isset($_POST[ "Dash" ]) ? $_POST[ "Dash" ] : "";
    $Bench = isset($_POST[ "Bench" ]) ? $_POST[ "Bench" ] : "";

    $query = "INSERT INTO playerindex " .
    "( Round, LastName, FirstName, College, Position, Height, Weight, Dash, Bench ) ".
    "VALUES ( '$Round', '$LastName', '$FirstName', '$College', '$Position', '$Height', '$Weight', '$Dash', '$Bench' )";
    if ( !($database = mysql_connect("localhost",
    "******", "********")))
    die( "<p>Could not connect to database</p></body></html>");

    if ( !mysql_select_db( "giants2013draft", $database ) )
    die( "<p>Could not open Giants 2013 Draft database</p>

    if ( !( $result = mysql_query( $query, $database ) ) )
    print( "<p>Could not execute query!</p>");
    die( mysql_error() . "</body></html>" );
    mysql_close( $database );
    The error I keep encountering is after I input my information for the form page this shows up "Could not execute query!
    You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '6', '205', '555', '7' )' at line 1"
    can't figure out why i'm getting this. error.

  2. #2
    Senior Coder CFMaBiSmAd's Avatar
    Join Date
    Oct 2006
    Denver, Colorado USA
    Thanked 519 Times in 507 Posts
    Your height value (probably) contains a ' character in it, which is a special sql character.

    You need to escape all string data values being put into a query to protect against sql injection and to prevent any special sql characters in the data from breaking the syntax of the query statement (or use a prepared query with mysqli or pdo.)
    Finding out HOW to do something is called research, i.e. keep searching until you find the answer. After you attempt to do something and cannot solve a problem with it yourself, would be when you ask others for help.

  3. Users who have thanked CFMaBiSmAd for this post:

    jumpman8947 (04-28-2013)


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts