I'm trying to add a record to a database, and it's not working
properly.

The general thought is to call a data entry form, fill in the form,
and use the $_POST(array) process to pass the data from the form to a
php script that handles adding the record to the database.


The only trick part of the php script is using a hidden field to pass
the name of the data entry form to a SWITCH statement. I'm trying to
keep the site directory uncluttered and the scripting organized, and
I
understand this works.

I'm getting the error mesage of
"Error: You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near 'Ford'', ''Crown Victoria'', ''Taxicab'', ''SEP'', '2010',
''dsfdsfdsfasdfds' at line 21"

====================

Here's the code:

$con = mysql_connect("***","****","****");

if (!$con)

{

die("Could not connect: " . mysql_error());

}

function check_input($value)
{

if (get_magic_quotes_gpc())
{
$value = stripslashes($value);
}

if (!is_numeric($value))
{
$value = "'" . mysql_real_escape_string($value) . "'";
}
return $value;
}

$Make = check_input($_POST['Make']);
$Model = check_input($_POST['Model']);
$Edition = check_input($_POST['Edition']);
$Month = check_input($_POST['Month']);
$Year = check_input($_POST['Year']);
$VIN = check_input($_POST['VIN']);
$Registration = check_input($_POST['Registration']);
$reg_exp_month = check_input($_POST['reg_exp_month']);
$reg_exp_year = check_input($_POST['reg_exp_year']);
$pax_capacity = check_input($_POST['pax_capacity']);
$cargo_cubic_feet = check_input($_POST['cargo_cubic_feet']);
$cargo_weight_lbs = check_input($_POST['cargo_weight_lbs']);

mysql_select_db("taxicab", $con);

$sql="INSERT INTO

cab_vehicle (
cab_vehicle_make,
cab_vehicle_model,
cab_vehicle_edition,
cab_vehicle_month,
cab_vehicle_year,

cab_vehicle_VIN,
cab_vehicle_registration_number,
cab_vehicle_reg_exp_month,
cab_vehicle_reg_exp_year,

cab_vehicle_pax_capacity,
cab_vehicle_cubic_feet_cargo,
cab_vehicle_cargo_weight)

VALUES

($Make,
$Model,
$Edition,
$Month,
$Year,
$VIN,
$Registration,
$reg_exp_month,
$reg_exp_year,
$pax_capacity,
$cargo_cubic_feet,
$cargo_weight_lbs)";

if (!mysql_query($sql,$con))

{

die('Error:<br>'.$sql.'<br>'.mysql_error() ) ;

}

echo "1 record added";

mysql_close($con);

break;

}



?>

On Tue, 16 Aug 2011 05:10:14 -0700 (PDT), Charles
<cchamb2 (AT) gmail (DOT) com> wrote:

[code snipped]

So, what is the contents of the $sql string?
Have a look at it and you'll notice the error pretty
soon.
Best regards,
--
( Kees Nuyt
)
c[_]

On 8/16/2011 8:10 AM, Charles wrote:

I notice the values section has $Make, $Model, etc.

If $Make is 'Ford' and $Model is 'Crown Victoria', etc.

the line in values section will

Values(Ford, Crown Victoria, etc.

while it should be

Values('Ford', 'Crown Victoria', etc.

You need the php to be

Values (" . "'" . $Make . "','" .
$Model . "','" .
,.........

Hope that helps.

--
Shelly

How does it work, exactly? I'm confused.

I'm starting off by reading this as

<single quote><double quote><period>$variable<period><double
quote><single quote><comma>

On 8/16/2011 11:00 PM, Charles wrote:
Charles, non-numeric data in SQL statements must be enclosed in single
quotes ('). There are a number of ways to do it - Shelly picked one of
the more complicated ones to understand.

But you're getting ahead of yourself. First thing you should do is
follow Kees advice to see what your SQL looks like, then troubleshoot it
from there.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex (AT) attglobal (DOT) net
==================

Charles wrote:

Too many periods make Jane a bad programmer..

On 08/16/2011 11:00 PM, Charles wrote:
The problem is that you are actually assigning single quotes into the
strings... You are looking for:

"INSERT ... VALUES('$Make', '$Model', $Year ...)".

The variables will be expanded properly because the whole ball of wax
is contained within double quotes. Print that to the screen and you'll
see how it works. The first problem is that you are coding as if you
don't know what kind of data is in each variable. Proper data sanitizing
is a must but you need to construct your SQL string to match your
table/field definitions as above.

--
Norman
Registered Linux user #461062
-Have you been to www.mysql.com yet?-

On Aug 16, 8:22*pm, Jerry Stuckle <jstuck... (AT) attglobal (DOT) net> wrote:
And I have. Minus something intricate, the format to add an array
from an HTML form into a database table as a record is

INSERT INTO database_name (field name1, field name2, ... ) VALUES
(var1, var2, var3).;

There's a one-to-one correspondence both ways, so each field should
have a value and each value has a field, and the fields are spelled
correctly.


I've even run the proposed syntax through a couple of syntax checkers,
and it keeps flying as valid.

So I'm down to something either ver y esoteric or very intricate that
I need to learn about before this becomes a template for about 28
tables.

Shelly's input is valued - that's why I'm asking her to clarify and
amplify - I seek enlightenment.

On 8/17/2011 10:28 AM, Charles wrote:
Did you echo the SQL to your browser to see what the INSERT statement
actually produces? What do you get?

The table definition would also be helpful - but I highly suspect you're
missing one or more single quotes (').

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex (AT) attglobal (DOT) net
==================

On 8/17/2011 12:33 PM, Jerry Stuckle wrote:
Charles, do the following (which is what Jerry said). Right before the
mysql_query($sql) call, put one of the following lines in there:

echo $sql;
or
print $sql;

and see what appears when you run it. Then check to see that all string
values are enclosed by a single quote. A numberic value need not be
enclosed in a single quote, but it doesn't hurt and is consistent
practice. If you still have a problem, post here EXACTLY what appeared
on the screen because THAT is what is going to MySql and it is THAT
syntax that is broken.

Basically, that is what I was telling you in my first reply -- or at
least how to fix the problem. There are other ways of writing that
code, but I find that (at least for me) this way is the least confusing.

--
Shelly