From: =?UTF-8?Q?Hans_=C3=85hlin?= on 3 Jul 2010 03:20 You have forgotten the ending ; in the sql query.... try this mysql_query("INSERT INTO employes (name,lastname, salary, id, afp, isss, nit) VALUES ('".$field[0]."', '".$field[1]."','".$field[2]."','".$field[3]."','".$field[4]."','".$field[5]."','".$field[6]."');"); ********************************************** Hans à hlin Tel: +46761488019 icq: 275232967 http://www.kronan-net.com/ irc://irc.freenode.net:6667 - TheCoin ********************************************** 2010/7/3 Ashley Sheridan <ash(a)ashleysheridan.co.uk>: > On Fri, 2010-07-02 at 23:19 +0000, Carlos Sura wrote: > >> Hello Ash, >> >> No, I don't get an error message, the thing is, my post form, isn't working... I can't post those fields in database when I fill them up in the form... But, I really don't know why... Do you want my form code? all the entire class.php code?? >> >> Thank you for helping me. >> >> Carlos Sura. >> >> >> >> >> >> >> Subject: Re: [PHP] What's wrong in this function? Does not work for me. >> From: ash(a)ashleysheridan.co.uk >> To: carlos_sura(a)hotmail.com >> CC: php-general(a)lists.php.net >> Date: Sat, 3 Jul 2010 00:08:05 +0100 >> >> >> >> >> >> >> >> >> >> >> On Fri, 2010-07-02 at 22:05 +0000, Carlos Sura wrote: >> >> >> Hello, this function does not work for me... And I really don't know what am I doing wrong... Any help?? >> >> This function is in a class, and I call it in a form, to create a new user.. >> >> >> >>   $objEmploye=new Employe; >>   if ( $objEmploye->insert(array($name,$lastname,$salary,$dui,$afp,$isss,$nit)) == true){ >>     echo 'Saved'; >>   }else{ >>     echo 'Error, try again'; >>   } >> }else{ >> >> >>   function insert($field){ >>     if($this->con->connect()==true){ >>       return mysql_query("INSERT INTO employes (name,lastname, salary, id, afp, isss, nit) VALUES ('".$field[0].."', '".$field[1]."','".$field[2]."','".$field[3]."','".$field[4]."','".$field[5]."','".$field[6]."')"); >>     } >>   } >> >> >> >> >> Thanks. >> >> _________________________________________________________________ >> http://clk.atdmt.com/UKM/go/197222280/direct/01/ >> Do you have a story that started on Hotmail? Tell us now >> >> >> >> >> I can't see anything wrong with that code excerpt. Are you getting a specific error, and if so, what is the code on and around the line number indicated in that error? >> >> >> >> >> >> >> Thanks, >> >> Ash >> >> http://www.ashleysheridan.co.uk >> >> >> >> >> >> >> >> >> _________________________________________________________________ >> http://clk.atdmt.com/UKM/go/197222280/direct/01/ >> We want to hear all your funny, exciting and crazy Hotmail stories. Tell us now > > > Break the code down into very simple parts with echo statements. First, > I'd echo out the $_POST or $_GET data that you're using to see if the > values you think are being sent are being sent. Then, move onto the next > part of code, stepping through with echo statements to output variable > values to ensure that your data is following the right path. This is one > of the easiest ways to find a problem I've found, short of using an IDE > to step through the code. > > Also, you could put the code up on something like pastebin and post a > link to it, which will let people see what the code looks like and > hopefully figure out where the problem is. > > Thanks, > Ash > http://www.ashleysheridan.co.uk > > >
From: Ashley Sheridan on 3 Jul 2010 07:05 On Sat, 2010-07-03 at 09:01 +0200, Alexandre Simon wrote: > Hello, > > multiple things: > - escape your values: > 1. if some of the user input contains '\'' for instance, your query is > not well formed > 2. if some evil user want to do anything with your DB, he can do it > => See mysql_escape_string or PDO prepared statements > - Use "else" part of the if statement everywhere you can to see where > the error is. Maybe you can not connect to DB for instance... > > Hope you will fix your code.. > > Le vendredi 02 juillet 2010 à 22:05 +0000, Carlos Sura a écrit : > > > > Hello, this function does not work for me... And I really don't know what am I doing wrong... Any help?? > > > > This function is in a class, and I call it in a form, to create a new user.. > > > > > > > > $objEmploye=new Employe; > > if ( $objEmploye->insert(array($name,$lastname,$salary,$dui,$afp,$isss,$nit)) == true){ > > echo 'Saved'; > > }else{ > > echo 'Error, try again'; > > } > > }else{ > > > > > > function insert($field){ > > if($this->con->connect()==true){ > > return mysql_query("INSERT INTO employes (name,lastname, salary, id, afp, isss, nit) VALUES ('".$field[0]."', '".$field[1]."','".$field[2]."','".$field[3]."','".$field[4]."','".$field[5]."','".$field[6]."')"); > > } > > } > > > > > > > > > > Thanks. > > > > _________________________________________________________________ > > http://clk.atdmt.com/UKM/go/197222280/direct/01/ > > Do you have a story that started on Hotmail? Tell us now > > > As the variables aren't using the special global arrays $_POST or $_GET, there's no indication that the values aren't being sanitised when they go into the query. Thanks, Ash http://www.ashleysheridan.co.uk
From: Ashley Sheridan on 3 Jul 2010 07:05 On Sat, 2010-07-03 at 09:20 +0200, Hans à hlin wrote: > You have forgotten the ending ; in the sql query.... > try this > mysql_query("INSERT INTO employes (name,lastname, salary, id, afp, > isss, nit) VALUES ('".$field[0]."', > '".$field[1]."','".$field[2]."','".$field[3]."','".$field[4]."','".$field[5]."','".$field[6]."');"); > > ********************************************** > Hans à hlin > Tel: +46761488019 > icq: 275232967 > http://www.kronan-net.com/ > irc://irc.freenode.net:6667 - TheCoin > ********************************************** > > > > 2010/7/3 Ashley Sheridan <ash(a)ashleysheridan.co.uk>: > > On Fri, 2010-07-02 at 23:19 +0000, Carlos Sura wrote: > > > >> Hello Ash, > >> > >> No, I don't get an error message, the thing is, my post form, isn't working... I can't post those fields in database when I fill them up in the form... But, I really don't know why... Do you want my form code? all the entire class.php code?? > >> > >> Thank you for helping me. > >> > >> Carlos Sura. > >> > >> > >> > >> > >> > >> > >> Subject: Re: [PHP] What's wrong in this function? Does not work for me.. > >> From: ash(a)ashleysheridan.co.uk > >> To: carlos_sura(a)hotmail.com > >> CC: php-general(a)lists.php.net > >> Date: Sat, 3 Jul 2010 00:08:05 +0100 > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> On Fri, 2010-07-02 at 22:05 +0000, Carlos Sura wrote: > >> > >> > >> Hello, this function does not work for me... And I really don't know what am I doing wrong... Any help?? > >> > >> This function is in a class, and I call it in a form, to create a new user.. > >> > >> > >> > >> $objEmploye=new Employe; > >> if ( $objEmploye->insert(array($name,$lastname,$salary,$dui,$afp,$isss,$nit)) == true){ > >> echo 'Saved'; > >> }else{ > >> echo 'Error, try again'; > >> } > >> }else{ > >> > >> > >> function insert($field){ > >> if($this->con->connect()==true){ > >> return mysql_query("INSERT INTO employes (name,lastname, salary, id, afp, isss, nit) VALUES ('".$field[0]."', '".$field[1]."','".$field[2]."','".$field[3]."','".$field[4]."','".$field[5]."','".$field[6]."')"); > >> } > >> } > >> > >> > >> > >> > >> Thanks. > >> > >> _________________________________________________________________ > >> http://clk.atdmt.com/UKM/go/197222280/direct/01/ > >> Do you have a story that started on Hotmail? Tell us now > >> > >> > >> > >> > >> I can't see anything wrong with that code excerpt. Are you getting a specific error, and if so, what is the code on and around the line number indicated in that error? > >> > >> > >> > >> > >> > >> > >> Thanks, > >> > >> Ash > >> > >> http://www.ashleysheridan.co.uk > >> > >> > >> > >> > >> > >> > >> > >> > >> _________________________________________________________________ > >> http://clk.atdmt.com/UKM/go/197222280/direct/01/ > >> We want to hear all your funny, exciting and crazy Hotmail stories. Tell us now > > > > > > Break the code down into very simple parts with echo statements. First, > > I'd echo out the $_POST or $_GET data that you're using to see if the > > values you think are being sent are being sent. Then, move onto the next > > part of code, stepping through with echo statements to output variable > > values to ensure that your data is following the right path. This is one > > of the easiest ways to find a problem I've found, short of using an IDE > > to step through the code. > > > > Also, you could put the code up on something like pastebin and post a > > link to it, which will let people see what the code looks like and > > hopefully figure out where the problem is. > > > > Thanks, > > Ash > > http://www.ashleysheridan.co.uk > > > > > > Semicolons at the end of SQL statements are not required unless you are issuing multiple SQL statements in one string. Thanks, Ash http://www.ashleysheridan.co.uk
From: =?UTF-8?Q?Hans_=C3=85hlin?= on 3 Jul 2010 10:11 Another thing is that I would use != false, so every value but false passes. $objEmploye=new Employe; if ( $objEmploye->insert(array($name,$lastname,$salary,$dui,$afp,$isss,$nit)) == true){ echo 'Saved'; }else{ echo 'Error, try again'; } ********************************************** Hans à hlin Tel: +46761488019 icq: 275232967 http://www.kronan-net.com/ irc://irc.freenode.net:6667 - TheCoin ********************************************** 2010/7/3 Carlos Sura <carlos_sura(a)hotmail.com>: > > > Hello, this function does not work for me... And I really don't know what am I doing wrong... Any help?? > > This function is in a class, and I call it in a form, to create a new user.. > > > >   $objEmploye=new Employe; >   if ( $objEmploye->insert(array($name,$lastname,$salary,$dui,$afp,$isss,$nit)) == true){ >     echo 'Saved'; >   }else{ >     echo 'Error, try again'; >   } > }else{ > > >   function insert($field){ >     if($this->con->connect()==true){ >       return mysql_query("INSERT INTO employes (name,lastname, salary, id, afp, isss, nit) VALUES ('".$field[0]."', '".$field[1]."','".$field[2]."','".$field[3]."','".$field[4]."','".$field[5]."','".$field[6]."')"); >     } >   } > > > > > Thanks. > > _________________________________________________________________ > http://clk.atdmt.com/UKM/go/197222280/direct/01/ > Do you have a story that started on Hotmail? Tell us now
From: Ashley Sheridan on 3 Jul 2010 10:21
On Sat, 2010-07-03 at 16:11 +0200, Hans à hlin wrote: > Another thing is that I would use != false, so every value but false passes. > > $objEmploye=new Employe; > if ( $objEmploye->insert(array($name,$lastname,$salary,$dui,$afp,$isss,$nit)) > == true){ > echo 'Saved'; > }else{ > echo 'Error, try again'; > } > > > ********************************************** > Hans à hlin > Tel: +46761488019 > icq: 275232967 > http://www.kronan-net.com/ > irc://irc.freenode.net:6667 - TheCoin > ********************************************** > > > > 2010/7/3 Carlos Sura <carlos_sura(a)hotmail.com>: > > > > > > Hello, this function does not work for me... And I really don't know what am I doing wrong... Any help?? > > > > This function is in a class, and I call it in a form, to create a new user.. > > > > > > > > $objEmploye=new Employe; > > if ( $objEmploye->insert(array($name,$lastname,$salary,$dui,$afp,$isss,$nit)) == true){ > > echo 'Saved'; > > }else{ > > echo 'Error, try again'; > > } > > }else{ > > > > > > function insert($field){ > > if($this->con->connect()==true){ > > return mysql_query("INSERT INTO employes (name,lastname, salary, id, afp, isss, nit) VALUES ('".$field[0]."', '".$field[1]."','".$field[2]."','".$field[3]."','".$field[4]."','".$field[5]."','".$field[6]."')"); > > } > > } > > > > > > > > > > Thanks. > > > > _________________________________________________________________ > > http://clk.atdmt.com/UKM/go/197222280/direct/01/ > > Do you have a story that started on Hotmail? Tell us now > Actually, removing the '== true' part would do that and result in shorted code. The mysql_query() function returns different values depending on the query made, but will only ever be one of 3 values: true, false, or a mysql resource. In this code example, there is no difference between '== true' and '!= false'. Thanks, Ash http://www.ashleysheridan.co.uk |