Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 10 of 10
  1. #1
    Regular Coder
    Join Date
    Dec 2007
    Posts
    269
    Thanks
    28
    Thanked 0 Times in 0 Posts

    INSERT INTO problem

    Code:
    <form id="form1" name="form1" method="post" action="reg.php?f=ok">
    <table  width="70%" border="0" cellspacing="1">
    <tr><td>note :</td><td><textarea name="note" id="note" cols="64" rows="3" tabindex="8"></textarea></td></tr>	
    <tr><td colspan="2"><input type="submit" name="button" id="button" value="Gonder"  tabindex="17"/></td></tr>
    </table>
    </form>
    reg.php
    PHP Code:
    switch($_REQUEST["f"])
    {
        case 
    "ok":
            
    $note        htmlspecialchars(trim($_POST["note"]));
            
    $sql        "INSERT INTO siparis VALUES
                            ('$telno','$tadet','$note'),
                            ('$telno','$tadet','$note'),
                            ('$telno','$tadet','$note')                
                        "
    ;
                                
            if(!
    mysql_query($sql)){echo mysql_errno()."<br/>".mysql_error();        
            }else{echo 
    '<script language="javascript">alert("ok.");</script>';}        
            
        break;    

    altough table column is `note` varchar(5000) NOT NULL DEFAULT '' i can not insert char more than 1. where is the problem ?

  • #2
    Regular Coder
    Join Date
    Jan 2012
    Posts
    134
    Thanks
    0
    Thanked 32 Times in 32 Posts
    I can't speak to the issue with your database insertion, but make sure you're escaping ANY data sent from the user to your database using mysql_real_escape_string().

    If you don't, I can use SQL injection attacks to mess up your entire database.

  • #3
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,341
    Thanks
    60
    Thanked 527 Times in 514 Posts
    Blog Entries
    4
    Quote Originally Posted by zodehala View Post
    reg.php
    PHP Code:

            $sql        
    "INSERT INTO siparis VALUES
                            ('$telno','$tadet','$note'),
                            ('$telno','$tadet','$note'),
                            ('$telno','$tadet','$note')                
                        "

    You haven't named the columns you want the data inserted into - it should be like this:

    insert into <table> (column1, column2, column3) values (value1, value2, value3), (value1, value2, value3), (vaue1, value2, value3)
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #4
    Senior Coder
    Join Date
    Jun 2008
    Location
    New Jersey
    Posts
    2,536
    Thanks
    45
    Thanked 259 Times in 256 Posts
    Quote Originally Posted by tangoforce View Post
    You haven't named the columns you want the data inserted into - it should be like this:

    insert into <table> (column1, column2, column3) values (value1, value2, value3), (value1, value2, value3), (vaue1, value2, value3)
    That syntax actually isn't required, but is recommended, as its easier to see where you go wrong. Doing without the column names assumes the first value is for the first column, the second value for the second column, etc.

    zodehala - if you echo $sql, does it look right? Also, if you're doing varcode 5000, any reason not to do text? Or do you know its going to end up at most at 5k?

  • #5
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,341
    Thanks
    60
    Thanked 527 Times in 514 Posts
    Blog Entries
    4
    Quote Originally Posted by Keleth View Post
    That syntax actually isn't required, but is recommended, as its easier to see where you go wrong. Doing without the column names assumes the first value is for the first column, the second value for the second column, etc.
    Yes and having an 'id' colum as the first column would screw your explanation over completely hence my post.

    IMO you should always declare what columns you are inserting into otherwise you run into situations like this topic. Perhaps you should consider that
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #6
    Senior Coder
    Join Date
    Jul 2011
    Posts
    1,226
    Thanks
    3
    Thanked 171 Times in 171 Posts
    Quote Originally Posted by zodehala View Post
    Code:
    <form id="form1" name="form1" method="post" action="reg.php?f=ok">
    <table  width="70%" border="0" cellspacing="1">
    <tr><td>note :</td><td><textarea name="note" id="note" cols="64" rows="3" tabindex="8"></textarea></td></tr>	
    <tr><td colspan="2"><input type="submit" name="button" id="button" value="Gonder"  tabindex="17"/></td></tr>
    </table>
    </form>
    reg.php
    PHP Code:
    switch($_REQUEST["f"])
    {
        case 
    "ok":
            
    $note        htmlspecialchars(trim($_POST["note"]));
            
    $sql        "INSERT INTO siparis VALUES
                            ('$telno','$tadet','$note'),
                            ('$telno','$tadet','$note'),
                            ('$telno','$tadet','$note')                
                        "
    ;
                                
            if(!
    mysql_query($sql)){echo mysql_errno()."<br/>".mysql_error();        
            }else{echo 
    '<script language="javascript">alert("ok.");</script>';}        
            
        break;    

    altough table column is `note` varchar(5000) NOT NULL DEFAULT '' i can not insert char more than 1. where is the problem ?
    I'm guessing $telno is defined somewhere else, along with $taget. Also, your query will insert the exacty same results 3 times, that's a bit odd?

    $_POST['note'] is the only POST value coming in from your form, so where does $telno and $taget come from?
    Useful function to retrieve difference in times
    The best PHP resource
    A good PHP FAQ
    PLEASE remember to wrap your code in [PHP] tags.
    PHP Code:
    // Replace this
    if(isset($_POST['submitButton']))
    // With this
    if(!empty($_POST))
    // Then check for values/forms. Some IE versions don't send the submit button 
    Always code as if the guy who ends up maintaining your code will be a violent psychopath who knows where you live.

  • #7
    Regular Coder
    Join Date
    Dec 2007
    Posts
    269
    Thanks
    28
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by BluePanther View Post
    I'm guessing $telno is defined somewhere else, along with $taget. Also, your query will insert the exacty same results 3 times, that's a bit odd?

    $_POST['note'] is the only POST value coming in from your form, so where does $telno and $taget come from?
    i am geting variable and value using following command to test
    PHP Code:
    foreach($_POST as $a=>$b){
        
        echo 
    $a." - "$b."<br/>";
        } 
    its output is correct

    Code:
    note - MySQL is the cross-platform open source database server software used extensively in web development and implementaion. It lacks many advanced features that are taken for granted in the enterprise systems, but
    namely problem occurs during db recording

  • #8
    Senior Coder
    Join Date
    Jul 2011
    Posts
    1,226
    Thanks
    3
    Thanked 171 Times in 171 Posts
    PHP Code:
    '$telno','$tadet' 
    Where do they come from? That's what I was talking about - I don't see anywhere that they're assigned.
    Useful function to retrieve difference in times
    The best PHP resource
    A good PHP FAQ
    PLEASE remember to wrap your code in [PHP] tags.
    PHP Code:
    // Replace this
    if(isset($_POST['submitButton']))
    // With this
    if(!empty($_POST))
    // Then check for values/forms. Some IE versions don't send the submit button 
    Always code as if the guy who ends up maintaining your code will be a violent psychopath who knows where you live.

  • #9
    Regular Coder
    Join Date
    Dec 2007
    Posts
    269
    Thanks
    28
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by BluePanther View Post
    PHP Code:
    '$telno','$tadet' 
    Where do they come from? That's what I was talking about - I don't see anywhere that they're assigned.
    this is full form
    Code:
    <form id="form1" name="form1" method="post" action="reg.php?f=ok">
      <label for="telno"></label>
      <input type="text" name="telno" id="telno" />
      <br />
    <label for="teadet"></label>
      <input type="text" name="tadet" id="teadet" />
      <br />
    <label for="note"></label>
      <textarea name="note" id="note" cols="45" rows="5"></textarea>
      <br />
      <input type="submit" name="gonder" id="gonder" value="Submit" />
      <br />
    </form>
    PHP Code:
    $note        htmlspecialchars(trim($_POST["note"]));
    $telno        htmlspecialchars(trim($_POST["telno"]));
    $tadet        htmlspecialchars(trim($_POST["tadet"])); 

  • #10
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,341
    Thanks
    60
    Thanked 527 Times in 514 Posts
    Blog Entries
    4
    Seems like we're going off topic now looking at the source of the variables rather than the format of the SQL.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •