CODEWITHSUNDEEP
phpmysql
Dmitry Makovetskiyd
Dmitry Makovetskiyd

Reputation: 7053

Insert statement fails in PHP

if(isset($_POST['title']) && isset($_POST['tag_h1']) && isset($_POST['tag_h2']) && isset($_POST['tag_metadata']) && isset($_POST['title']) && isset($_POST['postContent']))
{    
    $tag_h1=$_POST['tag_h1'];
    $tag_h2=$_POST['tag_h2'];
    $tag_metadata=$_POST['tag_metadata'];       
    $content=$_POST['postContent'];
    $title=$_POST['title'];
    $isTop=isset($_POST['isTop'])?1:0;
    $query = "INSERT INTO topic (tag_h1,tag_h2,tag_metadata,content,title,is_top) VALUES ('".$tag_h1."', '".$tag_h2."', '".$tag_metadata."', '".$content."', '".$title."'".$isTop."')";
    mysql_query($query) or die(mysql_error());
}

The above statement fails. An exception is thrown. I cant see any, cause Chrome freezes.. other browsers go blank.. and I can't see any error!

Does anyone know why my insert statement is wrong?

Upvotes: 0

Views: 102

Answers (6)

Sabari
Sabari

Reputation: 6335

There is a missing: comma and single quote between last tow values.:

Your query should be changed to :

$query = "INSERT INTO topic (tag_h1,tag_h2,tag_metadata,content,title,is_top) VALUES ('".$tag_h1."', '".$tag_h2."', '".$tag_metadata."', '".$content."', '".$title."', '".$isTop."')";

Upvotes: 0

Bassel Safadi
Bassel Safadi

Reputation: 487

There is a missing: "," and a missing "'" 

$query = "INSERT INTO topic (tag_h1,tag_h2,tag_metadata,content,title,is_top) VALUES ('".$tag_h1."', '".$tag_h2."', '".$tag_metadata."', '".$content."', '".$title."'".$isTop."')";

Between '".$title."'".$isTop."'

Should be:

$query = "INSERT INTO topic (tag_h1,tag_h2,tag_metadata,content,title,is_top) VALUES ('".$tag_h1."', '".$tag_h2."', '".$tag_metadata."', '".$content."', '".$title."', '".$isTop."')";

Upvotes: 0

Phoenix
Phoenix

Reputation: 4536

//checking that they're all set won't do anything, because, unless it's a checkbox,
//it's always set if it's in the form
//So you should check if the submit button has been set (form submitted)
//And that the inputs are !empty()
//Also, for future reference, isset() can take multiple arguments and will return true if all arguments are set or false if one isn't.  empty() only takes one argument though.
if( (isset($_POST['submitbutton']) || isset($_POST['submitbutton_x'])) //checking for the submitname_x is a fix for image submit buttons on IE
    && !empty($_POST['title']) 
    && !empty($_POST['tag_h1']) 
    && !empty($_POST['tag_h2']) 
    && !empty($_POST['tag_metadata']) 
    && !empty($_POST['title']) 
    && !empty($_POST['postContent']) )
{ 

    $tag_h1 = mysql_real_escape_string($_POST['tag_h1']);  //Always escape directly used input!
    $tag_h2 = mysql_real_escape_string($_POST['tag_h2']);
    $tag_metadata = mysql_real_escape_string($_POST['tag_metadata']);       
    $content = mysql_real_escape_string($_POST['postContent']);
    $title = mysql_real_escape_string($_POST['title']);

    $isTop = isset($_POST['isTop'])?1:0;


    $sql = 'INSERT INTO topic (tag_h1,tag_h2,tag_metadata,content,title,is_top)';
    $query = sprintf("%s VALUES ('%s', '%s', '%s', '%s', '%s', %d)",$sql,$tag_h1,$tag_h2,$tag_metadata,$content,$title,$isTop);
    //I assume is_top is an int or tinyint or whatever field 
    //and as such should not have single quotes around it.

    mysql_query($query) or die(mysql_error());

}

Upvotes: 0

DaveRandom
DaveRandom

Reputation: 88647

Change this line:

$query = "INSERT INTO topic (tag_h1,tag_h2,tag_metadata,content,title,is_top) VALUES ('".$tag_h1."', '".$tag_h2."', '".$tag_metadata."', '".$content."', '".$title."'".$isTop."')";

To this:

$query = "INSERT INTO topic
            (tag_h1,tag_h2,tag_metadata,content,title,is_top)
          VALUES
            ('".mysql_real_escape_string($tag_h1)."', '".mysql_real_escape_string($tag_h2)."', '".mysql_real_escape_string($tag_metadata)."', '".mysql_real_escape_string($content)."', '".mysql_real_escape_string($title)."', '".mysql_real_escape_string($isTop)."')";

You forgot a , ', and you didn't escape your input.

Upvotes: 2

jcmeloni
jcmeloni

Reputation: 1234

I can't speak to the freezing, but:

'".$title."'".$isTop."'

should be 

'".$title."', '".$isTop."'

Upvotes: 0

Manse
Manse

Reputation: 38147

You have specified 6 columns to insert and only 5 values :

$query = "INSERT INTO topic (tag_h1,tag_h2,tag_metadata,content,title,is_top) 
VALUES (
     '".$tag_h1."', '"
     .$tag_h2."', '"
     .$tag_metadata."', '"
     .$content."', '"
     .$title."'".$isTop."')";

Perhaps you missed a comma ?

And please make sure you have a read about SQL injection

Upvotes: 2

Related Questions