Strange MySQL Problem

Hello there,
Here's a short PHP script a friend has written, and given to me to test.
However, I am getting a MySQL error saying that the syntax error, on the
line that contains mysql_connect(); is wrong, near '')'
(note that it is not a PHP error, but a MySQL error.)
Here's the code:

[code]
$username = "root";
$password = "abc";
$con = mysql_connect("", $username, $password);
mysql_select_db ("test", $con);
$sql = "INSERT INTO BOOK(bookname, authorsname, ISBN) VALUES
('$_POST[bookname]', '$_POST[authorsname]', $_POST[ISBN]')";
if (!mysql_query($sql, $con))
{
die( 'error: ' . mysql_error());
}
echo "1 record added";
mysql_close($con)
?>
[/code]




--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Strange MySQL Problem

Hello Parham,

i think you should change this:

$sql = "INSERT INTO BOOK(bookname, authorsname, ISBN) VALUES
('$_POST[bookname]', '$_POST[authorsname]', $_POST[ISBN]')";

to this:

$sql = "INSERT INTO BOOK(bookname, authorsname, ISBN) VALUES
('".$_POST[bookname]."', '".$_POST[authorsname]."', '".$_POST[ISBN]."')";


best regards
Jochen


Parham Doustdar schrieb:
> Hello there,
> Here's a short PHP script a friend has written, and given to me to test.
> However, I am getting a MySQL error saying that the syntax error, on the
> line that contains mysql_connect(); is wrong, near '')'
> (note that it is not a PHP error, but a MySQL error.)
> Here's the code:
>
> [code]
> > $username = "root";
> $password = "abc";
> $con = mysql_connect("", $username, $password);
> mysql_select_db ("test", $con);
> $sql = "INSERT INTO BOOK(bookname, authorsname, ISBN) VALUES
> ('$_POST[bookname]', '$_POST[authorsname]', $_POST[ISBN]')";
> if (!mysql_query($sql, $con))
> {
> die( 'error: ' . mysql_error());
> }
> echo "1 record added";
> mysql_close($con)
> ?>
> [/code]
>
>
>
>

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Strange MySQL Problem

Hi there,
Does it differ? I thought when in quotations, variables like that would be
automatically interpreted?
Also, the MySQL is meant to connect to localhost. I had emptied it for
testing purposes. With or without it, I get the same error.
"Jochen Schultz" wrote in message
news:4B25FB8E.3040907@sportimport.de...
> Hello Parham,
>
> i think you should change this:
>
> $sql = "INSERT INTO BOOK(bookname, authorsname, ISBN) VALUES
> ('$_POST[bookname]', '$_POST[authorsname]', $_POST[ISBN]')";
>
> to this:
>
> $sql = "INSERT INTO BOOK(bookname, authorsname, ISBN) VALUES
> ('".$_POST[bookname]."', '".$_POST[authorsname]."', '".$_POST[ISBN]."')";
>
>
> best regards
> Jochen
>
>
> Parham Doustdar schrieb:
>> Hello there,
>> Here's a short PHP script a friend has written, and given to me to test.
>> However, I am getting a MySQL error saying that the syntax error, on the
>> line that contains mysql_connect(); is wrong, near '')'
>> (note that it is not a PHP error, but a MySQL error.)
>> Here's the code:
>>
>> [code]
>> >> $username = "root";
>> $password = "abc";
>> $con = mysql_connect("", $username, $password);
>> mysql_select_db ("test", $con);
>> $sql = "INSERT INTO BOOK(bookname, authorsname, ISBN) VALUES
>> ('$_POST[bookname]', '$_POST[authorsname]', $_POST[ISBN]')";
>> if (!mysql_query($sql, $con))
>> {
>> die( 'error: ' . mysql_error());
>> }
>> echo "1 record added";
>> mysql_close($con)
>> ?>
>> [/code]
>>
>>
>>


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Strange MySQL Problem

--0015175d09de60cdca047aaca90d
Content-Type: text/plain; charset=ISO-8859-1

Salaaam

$sql = "INSERT INTO BOOK(bookname, authorsname, ISBN) VALUES
('".$_POST[bookname]."'' , '".$_POST[authorsname]."',''".$_POST[ISBN]."')";

above line is correct, your code is wrong ,$_POST[ISBN]')";

and add
$host = 'localhost';
$con = mysql_connect($host, $username, $password);

you can also check this page:
http://php.net/manual/en/function.mysql-connect.php

Regards,
Shahrzad

--0015175d09de60cdca047aaca90d--

Re: Strange MySQL Problem

Parham Doustdar wrote:
> Hi there,
> Does it differ? I thought when in quotations, variables like that would be
> automatically interpreted?
> Also, the MySQL is meant to connect to localhost. I had emptied it for
> testing purposes. With or without it, I get the same error.
> "Jochen Schultz" wrote in message
> news:4B25FB8E.3040907@sportimport.de...
>
>> Hello Parham,
>>
>> i think you should change this:
>>
>> $sql = "INSERT INTO BOOK(bookname, authorsname, ISBN) VALUES
>> ('$_POST[bookname]', '$_POST[authorsname]', $_POST[ISBN]')";
>>
>> to this:
>>
>> $sql = "INSERT INTO BOOK(bookname, authorsname, ISBN) VALUES
>> ('".$_POST[bookname]."', '".$_POST[authorsname]."', '".$_POST[ISBN]."')";
>>
>>
>> best regards
>> Jochen
>>
>>
>> Parham Doustdar schrieb:
>>
>>> Hello there,
>>> Here's a short PHP script a friend has written, and given to me to test.
>>> However, I am getting a MySQL error saying that the syntax error, on the
>>> line that contains mysql_connect(); is wrong, near '')'
>>> (note that it is not a PHP error, but a MySQL error.)
>>> Here's the code:
>>>
>>> [code]
>>> >>> $username = "root";
>>> $password = "abc";
>>> $con = mysql_connect("", $username, $password);
>>> mysql_select_db ("test", $con);
>>> $sql = "INSERT INTO BOOK(bookname, authorsname, ISBN) VALUES
>>> ('$_POST[bookname]', '$_POST[authorsname]', $_POST[ISBN]')";
>>> if (!mysql_query($sql, $con))
>>> {
>>> die( 'error: ' . mysql_error());
>>> }
>>> echo "1 record added";
>>> mysql_close($con)
>>> ?>
>>> [/code]
>>>
>>>
>>>
>>>
>
>
>
Exactly the opposite. Use double quotes for interpolation.
Moreover, you would still get an error, as mysql requires text columns
to be escaped. Use Jochens code.
Also: SQL injection ! --> http://en.wikipedia.org/wiki/SQL_injection


HTH,

Stijn

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Strange MySQL Problem

Thank you, everyone. All fixed.
"metastable" wrote in message
news:4B260641.80308@metastable-services.net...
> Parham Doustdar wrote:
>> Hi there,
>> Does it differ? I thought when in quotations, variables like that would
>> be
>> automatically interpreted?
>> Also, the MySQL is meant to connect to localhost. I had emptied it for
>> testing purposes. With or without it, I get the same error.
>> "Jochen Schultz" wrote in message
>> news:4B25FB8E.3040907@sportimport.de...
>>
>>> Hello Parham,
>>>
>>> i think you should change this:
>>>
>>> $sql = "INSERT INTO BOOK(bookname, authorsname, ISBN) VALUES
>>> ('$_POST[bookname]', '$_POST[authorsname]', $_POST[ISBN]')";
>>>
>>> to this:
>>>
>>> $sql = "INSERT INTO BOOK(bookname, authorsname, ISBN) VALUES
>>> ('".$_POST[bookname]."', '".$_POST[authorsname]."',
>>> '".$_POST[ISBN]."')";
>>>
>>>
>>> best regards
>>> Jochen
>>>
>>>
>>> Parham Doustdar schrieb:
>>>
>>>> Hello there,
>>>> Here's a short PHP script a friend has written, and given to me to
>>>> test.
>>>> However, I am getting a MySQL error saying that the syntax error, on
>>>> the
>>>> line that contains mysql_connect(); is wrong, near '')'
>>>> (note that it is not a PHP error, but a MySQL error.)
>>>> Here's the code:
>>>>
>>>> [code]
>>>> >>>> $username = "root";
>>>> $password = "abc";
>>>> $con = mysql_connect("", $username, $password);
>>>> mysql_select_db ("test", $con);
>>>> $sql = "INSERT INTO BOOK(bookname, authorsname, ISBN) VALUES
>>>> ('$_POST[bookname]', '$_POST[authorsname]', $_POST[ISBN]')";
>>>> if (!mysql_query($sql, $con))
>>>> {
>>>> die( 'error: ' . mysql_error());
>>>> }
>>>> echo "1 record added";
>>>> mysql_close($con)
>>>> ?>
>>>> [/code]
>>>>
>>>>
>>>>
>>>>
>>
>>
>>
> Exactly the opposite. Use double quotes for interpolation.
> Moreover, you would still get an error, as mysql requires text columns
> to be escaped. Use Jochens code.
> Also: SQL injection ! --> http://en.wikipedia.org/wiki/SQL_injection
>
>
> HTH,
>
> Stijn



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Strange MySQL Problem

You're missing a tick in the query. There should be a tick before the =
$_POST[ISBN].

Take care,
Floyd

On Dec 14, 2009, at 3:41 AM, Parham Doustdar wrote:

> Hello there,
> Here's a short PHP script a friend has written, and given to me to =
test.
> However, I am getting a MySQL error saying that the syntax error, on =
the
> line that contains mysql_connect(); is wrong, near '')'
> (note that it is not a PHP error, but a MySQL error.)
> Here's the code:
>=20
> [code]
> > $username =3D "root";
> $password =3D "abc";
> $con =3D mysql_connect("", $username, $password);
> mysql_select_db ("test", $con);
> $sql =3D "INSERT INTO BOOK(bookname, authorsname, ISBN) VALUES
> ('$_POST[bookname]', '$_POST[authorsname]', $_POST[ISBN]')";
> if (!mysql_query($sql, $con))
> {
> die( 'error: ' . mysql_error());
> }
> echo "1 record added";
> mysql_close($con)
> ?>
> [/code]
>=20
>=20
>=20
>=20
> --=20
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Strange MySQL Problem

At 1:12 PM +0330 12/14/09, Parham Doustdar wrote:
>Thank you, everyone. All fixed.


Really?!?

I think you would be well advised to sanitize the values coming into
from a public $_POST.

That habit allows MySQL injection problems.

Cheers,

tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php