On Tue, 16 Aug 2011 01:30:02 -0700 (PDT),
Charles <cchamb2(at)gmail(dot)com> wrote:
> Is this better?
>
> I still get one error message - Error: You have an error in your SQL
> syntax; check the manual that corresponds to your MySQL server version
> for the right syntax to use near 'Ford'', ''Crown Victoria'',
> ''Taxicab'', ''SEP'', '2010', ''sadfasdfsadfdsf' at line 21
>
> =====================================
>
> <?php
>
> /***Switch statement that controls processing from
> value of $_POST(deform)***************/
>
> switch ( $_POST['deform'] )
>
> {
>
> /***Case statement that acts on value of $_POST(deform)******/
>
> CASE $_POST['deform'] = "cab_vehicle_data_entry_add_a_vehicle":
>
> $con = mysql_connect("localhost","root","edward");
>
> if (!$con)
>
> {
>
> die("Could not connect: " . mysql_error());
>
> }
>
> function check_input($value)
> {
>
> if (get_magic_quotes_gpc())
> {
> $value = stripslashes($value);
> }
>
> if (!is_numeric($value))
> {
> $value = "'" . mysql_real_escape_string($value) . "'";
> }
> return $value;
> }
>
> $Make = check_input($_POST['Make']);
> $Model = check_input($_POST['Model']);
> $Edition = check_input($_POST['Edition']);
> $Month = check_input($_POST['Month']);
> $Year = check_input($_POST['Year']);
> $VIN = check_input($_POST['VIN']);
> $Registration = check_input($_POST['Registration']);
> $reg_exp_month = check_input($_POST['reg_exp_month']);
> $reg_exp_year = check_input($_POST['reg_exp_year']);
> $pax_capacity = check_input($_POST['pax_capacity']);
> $cargo_cubic_feet = check_input($_POST['cargo_cubic_feet']);
> $cargo_weight_lbs = check_input($_POST['cargo_weight_lbs']);
>
> mysql_select_db("taxicab", $con);
>
> $sql="INSERT INTO
>
> cab_vehicle (
> cab_vehicle_make,
> cab_vehicle_model,
> cab_vehicle_edition,
> cab_vehicle_month,
> cab_vehicle_year,
>
> cab_vehicle_VIN,
> cab_vehicle_registration_number,
> cab_vehicle_reg_exp_month,
> cab_vehicle_reg_exp_year,
>
> cab_vehicle_pax_capacity,
> cab_vehicle_cubic_feet_cargo,
> cab_vehicle_cargo_weight)
>
> VALUES
>
> ('$Make',
> '$Model',
> '$Edition',
> '$Month',
> '$Year',
> '$VIN',
> '$Registration',
> '$reg_exp_month',
> '$reg_exp_year',
> '$pax_capacity',
> '$cargo_cubic_feet',
> '$cargo_weight_lbs')";
>
> if (!mysql_query($sql,$con))
>
> {
>
> die("Error: " . mysql_error());
>
> }
>
> echo "1 record added";
>
> mysql_close($con);
>
> break;
>
> }
>
> /******End of CASE statement start of next one*************/
>
> ?>
Don't use the INSERT var1,var2,var3,var4,var5 VALUES
val1,val2,val3,val5 style -- it's prone to misalignment errors
when you're doing more than one or two values. As a matter of
good practice, always use the SET var1=val1, var2=val2, var3=val3
form instead. That way there's no mistake about which value is
getting assigned to which var (did you notice the 'error'?)
Further, do all your testing for the record in one lump, not on a
per-field basis. The reason being that unless your validation
routine can see everything at once, the person could enter
something like 'Make="Chevrolet", Model="Crown Vic"' and you
wouldn't be able to catch it.
To find mysql errors such as the one you're getting, change your
die("Error: " . mysql_error());
to
die('Error:<br>'.$sql.'<br>'.mysql_error() ) ;
That way, when you get a mysql error, you're looking at both the
text of the error message and the broken mysql statement, which
you can then examine to see where the problem is.
|
Calendar
Search
Help
Members
Register
Login
Home
]