FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Adding a record to a database
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Adding a record to a database [message #175123 is a reply to message #175120] Tue, 16 August 2011 10:23 Go to previous messageGo to previous message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
Senior Member
On 8/16/2011 5:41 AM, A.Reader wrote:
> On Tue, 16 Aug 2011 01:30:02 -0700 (PDT),
> Charles<cchamb2(at)gmail(dot)com> wrote:
>
>> Is this better?
>>
>> I still get one error message - Error: You have an error in your SQL
>> syntax; check the manual that corresponds to your MySQL server version
>> for the right syntax to use near 'Ford'', ''Crown Victoria'',
>> ''Taxicab'', ''SEP'', '2010', ''sadfasdfsadfdsf' at line 21
>>
>> =====================================
>>
>> <?php
>>
>> /***Switch statement that controls processing from
>> value of $_POST(deform)***************/
>>
>> switch ( $_POST['deform'] )
>>
>> {
>>
>> /***Case statement that acts on value of $_POST(deform)******/
>>
>> CASE $_POST['deform'] = "cab_vehicle_data_entry_add_a_vehicle":
>>
>> $con = mysql_connect("localhost","root","edward");
>>
>> if (!$con)
>>
>> {
>>
>> die("Could not connect: " . mysql_error());
>>
>> }
>>
>> function check_input($value)
>> {
>>
>> if (get_magic_quotes_gpc())
>> {
>> $value = stripslashes($value);
>> }
>>
>> if (!is_numeric($value))
>> {
>> $value = "'" . mysql_real_escape_string($value) . "'";
>> }
>> return $value;
>> }
>>
>> $Make = check_input($_POST['Make']);
>> $Model = check_input($_POST['Model']);
>> $Edition = check_input($_POST['Edition']);
>> $Month = check_input($_POST['Month']);
>> $Year = check_input($_POST['Year']);
>> $VIN = check_input($_POST['VIN']);
>> $Registration = check_input($_POST['Registration']);
>> $reg_exp_month = check_input($_POST['reg_exp_month']);
>> $reg_exp_year = check_input($_POST['reg_exp_year']);
>> $pax_capacity = check_input($_POST['pax_capacity']);
>> $cargo_cubic_feet = check_input($_POST['cargo_cubic_feet']);
>> $cargo_weight_lbs = check_input($_POST['cargo_weight_lbs']);
>>
>> mysql_select_db("taxicab", $con);
>>
>> $sql="INSERT INTO
>>
>> cab_vehicle (
>> cab_vehicle_make,
>> cab_vehicle_model,
>> cab_vehicle_edition,
>> cab_vehicle_month,
>> cab_vehicle_year,
>>
>> cab_vehicle_VIN,
>> cab_vehicle_registration_number,
>> cab_vehicle_reg_exp_month,
>> cab_vehicle_reg_exp_year,
>>
>> cab_vehicle_pax_capacity,
>> cab_vehicle_cubic_feet_cargo,
>> cab_vehicle_cargo_weight)
>>
>> VALUES
>>
>> ('$Make',
>> '$Model',
>> '$Edition',
>> '$Month',
>> '$Year',
>> '$VIN',
>> '$Registration',
>> '$reg_exp_month',
>> '$reg_exp_year',
>> '$pax_capacity',
>> '$cargo_cubic_feet',
>> '$cargo_weight_lbs')";
>>
>> if (!mysql_query($sql,$con))
>>
>> {
>>
>> die("Error: " . mysql_error());
>>
>> }
>>
>> echo "1 record added";
>>
>> mysql_close($con);
>>
>> break;
>>
>> }
>>
>> /******End of CASE statement start of next one*************/
>>
>> ?>
>
> Don't use the INSERT var1,var2,var3,var4,var5 VALUES
> val1,val2,val3,val5 style -- it's prone to misalignment errors
> when you're doing more than one or two values. As a matter of
> good practice, always use the SET var1=val1, var2=val2, var3=val3
> form instead. That way there's no mistake about which value is
> getting assigned to which var (did you notice the 'error'?)
>

Terrible advice. He is doing it the correct way, according to the SQL
standard. SET in an INSERT statement is non-standard and AFAIK only
supported by MySQL (and then only when not running in STRICT mode).

> Further, do all your testing for the record in one lump, not on a
> per-field basis. The reason being that unless your validation
> routine can see everything at once, the person could enter
> something like 'Make="Chevrolet", Model="Crown Vic"' and you
> wouldn't be able to catch it.
>

There is nothing wrong with such a search. It will just not return any
rows. Trying to validate all possible combinations like this will add
unnecessary complexity to the code.

The purpose of validation at this level is not to ensure that
combinations are valid - but that the field itself is the correct type
and possibly a reasonable value.

> To find mysql errors such as the one you're getting, change your
>
> die("Error: " . mysql_error());
>
> to
>
> die('Error:<br>'.$sql.'<br>'.mysql_error() ) ;
>
> That way, when you get a mysql error, you're looking at both the
> text of the error message and the broken mysql statement, which
> you can then examine to see where the problem is.

Better yet - get rid of the die() all together and handle the error
gracefully. Then ask about the SQL problem in the appropriate newsgroup.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: PHP 4 vs 5 timings
Next Topic: Re: ftp with win-filenames with chr#32 ?
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Tue Nov 26 10:07:50 GMT 2024

Total time taken to generate the page: 0.04891 seconds