Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

0

Error (PHP)

Started by Crofty, Aug 28 2006 06:59 AM

You cannot reply to this topic
Go to first unread post

4 replies to this topic

#1 Crofty

Young Padawan

Members
32 posts

Posted 28 August 2006 - 06:59 AM

Hey, i get this error

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1.

this is my code

<?
if($_SERVER["REQUEST_METHOD"] == "POST")
{
	$dvdname = $_POST['dvdname'];
	$price = $_POST['price'];
	$quantity = $_POST['quantity'];
	$description = $_POST['description'];
	$MySQL_User = "****";
	$MySQL_Pass = "****";
	$MySQL_DB = "****";
	$MySQL_Host = "*****";
	$sql = mysql_connect($MySQL_Host, $MySQL_User, $MySQL_Pass);
	if(!mysql_select_db($MySQL_DB, $sql))
	{ 
		die("Fatal Error:  Cannot select MySQL Database.  MySQL says: ".mysql_error());
	}

	mysql_query("INSERT INTO `products` (`dvdname`, `price`,`quantity`, `description`,`picurl`) VALUES ('$dvdname', '$price', '$quantity','$description','$url'")or die(mysql_error());
	echo ' Dvd Added';
	exit;
}
	echo '<form action="'.$PHP_SELF.'" method="POST" enctype="multipart/form-data">
<table width="800" border="1">
  <tr>
	<th scope="col">DVD VISION</th>
  </tr>
</table>
<table width="802" border="1">
  <tr>
	<td width="175" height="301" valign="top" scope="col"><table width="150" height="119" border="1" align="Center">
	  <tr>
		<td height="21"><div align="center">Welcome '.$_SESSION['s_username'].'</div></th>
	  </tr>
	  <tr>
		<td height="21"><div align="center"><a href="index.php?view=logout">Logout</a></div></td>
	  </tr>
		<tr>
		<td height="21">&nbsp;</td>
	  </tr>
		  <tr>
		<td height="21"><div align="center"><b>Admin Options</b></div></td>
	  </tr>
	  <tr>
		 <td height="21"><div align="center"><a href="index.php?view=adddvd">Add DVD</a></div></td>
	  </tr>
	  <tr>
		 <td height="21"><div align="center"><a href="index.php?view=topost">To Post</a></div></td>
	  </tr>
	</table>
	</th>
	<th width="617" scope="col">
	<table width="344" border="0">
	  <tr>
		<td width="99" valign="top" scope="col">DVD Name: </td>
		<td width="235" scope="col"><input name="dvdname" type="text" size="40"  maxlength="100"></td>
	  </tr>
	  <tr>
		<td valign="top">Price (&pound;) : </td>
		<td><input name="price" type="text" size="40"  maxlength="100"></td>
	  </tr>
	  <tr>
		<td valign="top">Quantity:</td>
		<td><input name="quantity" type="text" size="40"  maxlength="100"></td>
	  </tr>
	  <tr>
		<td valign="top">Description:</td>
		<td><textarea name="description" cols="35" rows="7" wrap="VIRTUAL" id="comment" ></textarea></td>
	  </tr>
	  <tr>
		<td valign="top">Picture URL: </td>
		<td><input name="picurl" type="text" size="40"  maxlength="100"></td>
	  </tr>
	  <tr>
		<td valign="top">&nbsp;</td>
		<td><input name="submit" type="submit" id="submit" value="Submit"></td>
	  </tr>
	</table></th>
  </tr>
</table>
</form>';
?>

does anyone know how to solve it i cant seem to figure it out?

thanks

Edited by Crofty, 28 August 2006 - 07:02 AM.

Back to top

#3 Matthew.

Official Spammer .Matt

Members
2,749 posts

Gender:Male
Location:England

Posted 28 August 2006 - 08:07 AM

designcode you haven't changed anything.......

Crofty, have you tried to submit a form value with any quotes in? such as it's etc

You can try first stripping the slashes and then addng them on your form values. (strip first because of magic quotes)

	$dvdname = addslashes(stripslashes($_POST['dvdname']));
	$price = addslashes(stripslashes($_POST['price']));
	$quantity = addslashes(stripslashes($_POST['quantity']));
	$description = addslashes(stripslashes($_POST['description']));

That should escape the quotes if that is the case.