 | |
#31
 
| |||
| |||
|
Re: Adding a record from PHP -
08-22-2011
, 03:50 AM
|
On 8/20/2011 4:01 PM, Norman Peelman wrote: On 08/20/2011 02:07 PM, sheldonlg wrote: On 8/20/2011 12:23 AM, Jerry Stuckle wrote: No, it should not. CORRECT SQL would be: VALUES ( 'Ford', 'Crown Vic', 'Taxicab', 'SEP', 2010, 'sdfasdfdsafasdf', 'ecc-302', 5, 10, 1000) Assuming, of course, the columns containing numerics are numeric - but without the table definition it's impossible to tell. Yours is more proper, but mine works just as well in MySql _AND_ Oracle. I don't know about other databases. I'm sure the db server (whichever one) works a lot faster when you provide the data in the formats it expects instead of expecting it to type cast everything on the fly. And there's no way i'll ever understand ones desire to concatenate quotes from hell and back when there are simpler methods that are much more readable and easier on the eyes. Norm, there are good programmers who really work to get it right. *Then there are hackers who really don't know a lot, and just keep trying things until they find something that works. Unfortunately, this latter group gives both PHP and MySQL a bad name. |
And I still appreciated the help.
#32
| |||
| |||
|
|
On Aug 20, 6:49 pm, Jerry Stuckle<jstuck... (AT) attglobal (DOT) net> wrote: On 8/20/2011 4:01 PM, Norman Peelman wrote: On 08/20/2011 02:07 PM, sheldonlg wrote: On 8/20/2011 12:23 AM, Jerry Stuckle wrote: No, it should not. CORRECT SQL would be: VALUES ( 'Ford', 'Crown Vic', 'Taxicab', 'SEP', 2010, 'sdfasdfdsafasdf', 'ecc-302', 5, 10, 1000) Assuming, of course, the columns containing numerics are numeric - but without the table definition it's impossible to tell. Yours is more proper, but mine works just as well in MySql _AND_ Oracle. I don't know about other databases. I'm sure the db server (whichever one) works a lot faster when you provide the data in the formats it expects instead of expecting it to type cast everything on the fly. And there's no way i'll ever understand ones desire to concatenate quotes from hell and back when there are simpler methods that are much more readable and easier on the eyes. Norm, there are good programmers who really work to get it right. Then there are hackers who really don't know a lot, and just keep trying things until they find something that works. Unfortunately, this latter group gives both PHP and MySQL a bad name. And I still appreciated the help. |
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex (AT) attglobal (DOT) net
==================
#33
| |||
| |||
|
|
On 8/20/2011 2:07 PM, sheldonlg wrote: On 8/20/2011 12:23 AM, Jerry Stuckle wrote: On 8/19/2011 8:09 PM, sheldonlg wrote: On 8/17/2011 9:54 PM, Charles wrote: On Aug 17, 12:27 pm, sheldonlg<sheldo... (AT) thevillages (DOT) net> wrote: On 8/17/2011 12:33 PM, Jerry Stuckle wrote: On 8/17/2011 10:28 AM, Charles wrote: On Aug 16, 8:22 pm, Jerry Stuckle<jstuck... (AT) attglobal (DOT) net> wrote: On 8/16/2011 11:00 PM, Charles wrote: I notice the values section has $Make, $Model, etc. If $Make is 'Ford' and $Model is 'Crown Victoria', etc. the line in values section will Values(Ford, Crown Victoria, etc. while it should be Values('Ford', 'Crown Victoria', etc. You need the php to be Values (" . "'" . $Make . "','" . $Model . "','" . ,......... Hope that helps. -- Shelly How does it work, exactly? I'm confused. I'm starting off by reading this as single quote><double quote><period>$variable<period><double quote><single quote><comma Charles, non-numeric data in SQL statements must be enclosed in single quotes ('). There are a number of ways to do it - Shelly picked one of the more complicated ones to understand. But you're getting ahead of yourself. First thing you should do is follow Kees advice to see what your SQL looks like, then troubleshoot it from there. And I have. Minus something intricate, the format to add an array from an HTML form into a database table as a record is INSERT INTO database_name (field name1, field name2, ... ) VALUES (var1, var2, var3).; There's a one-to-one correspondence both ways, so each field should have a value and each value has a field, and the fields are spelled correctly. I've even run the proposed syntax through a couple of syntax checkers, and it keeps flying as valid. So I'm down to something either ver y esoteric or very intricate that I need to learn about before this becomes a template for about 28 tables. Shelly's input is valued - that's why I'm asking her to clarify and amplify - I seek enlightenment. Did you echo the SQL to your browser to see what the INSERT statement actually produces? What do you get? The table definition would also be helpful - but I highly suspect you're missing one or more single quotes ('). Charles, do the following (which is what Jerry said). Right before the mysql_query($sql) call, put one of the following lines in there: echo $sql; or print $sql; and see what appears when you run it. Then check to see that all string values are enclosed by a single quote. A numberic value need not be enclosed in a single quote, but it doesn't hurt and is consistent practice. If you still have a problem, post here EXACTLY what appeared on the screen because THAT is what is going to MySql and it is THAT syntax that is broken. INSERT INTO cab_vehicle ( cab_vehicle_make, cab_vehicle_model, cab_vehicle_edition, cab_vehicle_month, cab_vehicle_year, cab_vehicle_VIN, cab_vehicle_registration_number, cab_vehicle_pax_capacity, cab_vehicle_cubic_feet_cargo, cab_vehicle_cargo_weight) VALUES ( ''Ford'', ''Crown Vic'', ''Taxicab'', ''SEP'', '2010', ''sdfasdfdsafasdf'', ''ecc-302'', '5', '10', '1000') Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Ford'', ''Crown Vic'', ''Taxicab'', ''SEP'', '2010', ''sdfasdfdsafasdf'', ' at line 28 The string gives me the same error if I run it in phpmyadmin against the table, so I *do* have something wrong in the SQL translation. Bets the hell out of me what it is. Charlie It should be VALUES ( 'Ford', 'Crown Vic', 'Taxicab', 'SEP', '2010', 'sdfasdfdsafasdf', 'ecc-302', '5', '10', '1000') and that is what the error told you -- an error near 'Ford'. No, it should not. CORRECT SQL would be: VALUES ( 'Ford', 'Crown Vic', 'Taxicab', 'SEP', 2010, 'sdfasdfdsafasdf', 'ecc-302', 5, 10, 1000) Assuming, of course, the columns containing numerics are numeric - but without the table definition it's impossible to tell. Yours is more proper, but mine works just as well in MySql _AND_ Oracle. I don't know about other databases. It doesn't work if Oracle is properly configured. But then there are a significant number of idiots out there configuring Oracle DBs, just like there are a lot of idiots writing SQL code. A good Oracle DBA configures the database such that junk like that won't be accepted. |
--
Shelly
#34
| |||
| |||
|
|
On 8/20/2011 3:57 PM, Jerry Stuckle wrote: On 8/20/2011 2:07 PM, sheldonlg wrote: On 8/20/2011 12:23 AM, Jerry Stuckle wrote: On 8/19/2011 8:09 PM, sheldonlg wrote: On 8/17/2011 9:54 PM, Charles wrote: On Aug 17, 12:27 pm, sheldonlg<sheldo... (AT) thevillages (DOT) net> wrote: On 8/17/2011 12:33 PM, Jerry Stuckle wrote: On 8/17/2011 10:28 AM, Charles wrote: On Aug 16, 8:22 pm, Jerry Stuckle<jstuck... (AT) attglobal (DOT) net> wrote: On 8/16/2011 11:00 PM, Charles wrote: I notice the values section has $Make, $Model, etc. If $Make is 'Ford' and $Model is 'Crown Victoria', etc. the line in values section will Values(Ford, Crown Victoria, etc. while it should be Values('Ford', 'Crown Victoria', etc. You need the php to be Values (" . "'" . $Make . "','" . $Model . "','" . ,......... Hope that helps. -- Shelly How does it work, exactly? I'm confused. I'm starting off by reading this as single quote><double quote><period>$variable<period><double quote><single quote><comma Charles, non-numeric data in SQL statements must be enclosed in single quotes ('). There are a number of ways to do it - Shelly picked one of the more complicated ones to understand. But you're getting ahead of yourself. First thing you should do is follow Kees advice to see what your SQL looks like, then troubleshoot it from there. And I have. Minus something intricate, the format to add an array from an HTML form into a database table as a record is INSERT INTO database_name (field name1, field name2, ... ) VALUES (var1, var2, var3).; There's a one-to-one correspondence both ways, so each field should have a value and each value has a field, and the fields are spelled correctly. I've even run the proposed syntax through a couple of syntax checkers, and it keeps flying as valid. So I'm down to something either ver y esoteric or very intricate that I need to learn about before this becomes a template for about 28 tables. Shelly's input is valued - that's why I'm asking her to clarify and amplify - I seek enlightenment. Did you echo the SQL to your browser to see what the INSERT statement actually produces? What do you get? The table definition would also be helpful - but I highly suspect you're missing one or more single quotes ('). Charles, do the following (which is what Jerry said). Right before the mysql_query($sql) call, put one of the following lines in there: echo $sql; or print $sql; and see what appears when you run it. Then check to see that all string values are enclosed by a single quote. A numberic value need not be enclosed in a single quote, but it doesn't hurt and is consistent practice. If you still have a problem, post here EXACTLY what appeared on the screen because THAT is what is going to MySql and it is THAT syntax that is broken. INSERT INTO cab_vehicle ( cab_vehicle_make, cab_vehicle_model, cab_vehicle_edition, cab_vehicle_month, cab_vehicle_year, cab_vehicle_VIN, cab_vehicle_registration_number, cab_vehicle_pax_capacity, cab_vehicle_cubic_feet_cargo, cab_vehicle_cargo_weight) VALUES ( ''Ford'', ''Crown Vic'', ''Taxicab'', ''SEP'', '2010', ''sdfasdfdsafasdf'', ''ecc-302'', '5', '10', '1000') Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Ford'', ''Crown Vic'', ''Taxicab'', ''SEP'', '2010', ''sdfasdfdsafasdf'', ' at line 28 The string gives me the same error if I run it in phpmyadmin against the table, so I *do* have something wrong in the SQL translation. Bets the hell out of me what it is. Charlie It should be VALUES ( 'Ford', 'Crown Vic', 'Taxicab', 'SEP', '2010', 'sdfasdfdsafasdf', 'ecc-302', '5', '10', '1000') and that is what the error told you -- an error near 'Ford'. No, it should not. CORRECT SQL would be: VALUES ( 'Ford', 'Crown Vic', 'Taxicab', 'SEP', 2010, 'sdfasdfdsafasdf', 'ecc-302', 5, 10, 1000) Assuming, of course, the columns containing numerics are numeric - but without the table definition it's impossible to tell. Yours is more proper, but mine works just as well in MySql _AND_ Oracle. I don't know about other databases. It doesn't work if Oracle is properly configured. But then there are a significant number of idiots out there configuring Oracle DBs, just like there are a lot of idiots writing SQL code. A good Oracle DBA configures the database such that junk like that won't be accepted. Whatever. jerry is such an idiot he hasn't written PHP for years. |
#35
| |||
| |||
|
|
On 8/20/2011 3:57 PM, Jerry Stuckle wrote: snip It doesn't work if Oracle is properly configured. But then there are a significant number of idiots out there configuring Oracle DBs, just like there are a lot of idiots writing SQL code. A good Oracle DBA configures the database such that junk like that won't be accepted. Whatever. |
like they care about security, even if the code is "behind a secure
firewall".
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex (AT) attglobal (DOT) net
==================
#36
| |||
| |||
|
|
On 8/22/2011 1:13 PM, sheldonlg wrote: On 8/20/2011 3:57 PM, Jerry Stuckle wrote: snip It doesn't work if Oracle is properly configured. But then there are a significant number of idiots out there configuring Oracle DBs, just like there are a lot of idiots writing SQL code. A good Oracle DBA configures the database such that junk like that won't be accepted. Whatever. Which proves my point. GOOD programmers care about such things. Just like they care about security, even if the code is "behind a secure firewall". |
--
Shelly
#37
| |||
| |||
|
|
On 8/22/2011 6:38 PM, Jerry Stuckle wrote: On 8/22/2011 1:13 PM, sheldonlg wrote: On 8/20/2011 3:57 PM, Jerry Stuckle wrote: snip It doesn't work if Oracle is properly configured. But then there are a significant number of idiots out there configuring Oracle DBs, just like there are a lot of idiots writing SQL code. A good Oracle DBA configures the database such that junk like that won't be accepted. Whatever. Which proves my point. GOOD programmers care about such things. Just like they care about security, even if the code is "behind a secure firewall". Apparently you don't understand the meaning of "whatever". |
programmers care. You obviously don't.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex (AT) attglobal (DOT) net
==================
#38
| |||
| |||
|
|
On 8/23/2011 6:34 PM, sheldonlg wrote: On 8/22/2011 6:38 PM, Jerry Stuckle wrote: On 8/22/2011 1:13 PM, sheldonlg wrote: On 8/20/2011 3:57 PM, Jerry Stuckle wrote: snip It doesn't work if Oracle is properly configured. But then there are a significant number of idiots out there configuring Oracle DBs, just like there are a lot of idiots writing SQL code. A good Oracle DBA configures the database such that junk like that won't be accepted. Whatever. Which proves my point. GOOD programmers care about such things. Just like they care about security, even if the code is "behind a secure firewall". Apparently you don't understand the meaning of "whatever". I do. And by that you've proven what kind of programmer you are. Good programmers care. You obviously don't. |
--
Shelly
#39
| |||
| |||
|
|
I'm trying to add a record to a database, and it's not working properly. I'm getting the error mesage of "Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Ford'', ''Crown Victoria'', ''Taxicab'', ''SEP'', '2010', ''dsfdsfdsfasdfds' at line 21" |
Quote:
|
Here's the code: |
Some rules:
1. never(!) ever(!!) turn on magic quotes
2. never use addslashes() or stripslashes()
3. thoroughly check the parameters you got via GPC;
never rely on a hidden field not to be manipulated
4. run mysql_real_escape_string() or equivalent once
on each argument that goes to a string type column.
Always use the connection handle as second argument
because escaping depends on the selected charset.
Much better than 4. is to use prepared statements.
XL
 |
« Previous Thread
|
Next Thread »
| Thread Tools | |
| Display Modes | |
Linear Mode
| |
Powered by vBulletin Version 3.5.3
Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.
Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.