Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Go Back   Wrox Programmer Forums > PHP/MySQL > PHP Databases
Password Reminder
Register
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
PHP Databases Using PHP in conjunction with databases. PHP questions not specific to databases should be directed to one of the other PHP forums.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the PHP Databases section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Reply
 
Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old September 22nd, 2003, 06:42 AM
Registered User
 
Join Date: Jul 2003
Location: , , Pakistan.
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default run query problem

Hi,
I need help in INSERT query. i want to insert this data via INSERT query. but the query dont run. neither it displays any error/warning message.
INSERT INTO temp_sale (salepersonid, product_id, cat_id, action_id, prod_name, short_desc, long_desc, picture_url, price) VALUES('5', 'T63-2', '15', '321', '', 'Features a variety of carnations and daisies in a lovely basket. Approximately 20" H x 16" W.', 'The serenity of cattails surrounded by the excitement of blazing blooms. Soothing, thrilling...they'll love the contrast! Features a variety of carnations and daisies in a lovely basket. Approximately 20" H x 16" W.', 'images/HW0_1644.jpg', '45.00')

The PHP code is as follows.
$query2 = "INSERT INTO temp_sale (salepersonid, product_id, cat_id, action_id, prod_name, short_desc, long_desc, picture_url, price) VALUES('" . $saleid . "', '" . $productid . "', '" . $cat_id . "', '" . $action_id . "', '" . $item_name . "', '" . $short_desc . "', '" . $long_desc . "', '" . $picture_url . "', '" . $price . "')";

db_connect($default_dbname);
mysql_query($query2);

FYI, DB connection is OK before running this query i am running a SELECT query successfully. what i guess that a single quote "'" in the data to be inserted is causing problem. Is there any way to insert large data that can contain "'"?
Thanks in advance.


Musharaf Choudhry
Reply With Quote
  #2 (permalink)  
Old September 22nd, 2003, 12:32 PM
richard.york's Avatar
Wrox Author
Points: 5,506, Level: 31
Points: 5,506, Level: 31 Points: 5,506, Level: 31 Points: 5,506, Level: 31
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: Camby, IN, USA.
Posts: 1,706
Thanks: 0
Thanked 6 Times in 6 Posts
Default

Try this:

$result = mysql_query($query);

if (empty($result))
{

     echo mysql_error().": ";
     echo mysql_errno()."<br />\n";
     echo $query."<br />\n";

}

See if mysql returns an error from PHP.

I also don't see where your mysql link handler is identified. Is this made an exported global within the db_connect function? If so try specifing the mysql link resource in the query as the second argument for mysql_query($query, $link); I would designate the link resource as a superglobal $GLOBALS["link"] or return its value from db_connect. Then specify it as $link in the second argument. (provided that this script executes in global scope or $GLOBALS["link"] if accessed from within a function or class). Eventhough you say its working fine! If it doesn't spit out an error at mysql_query() then it is likely working fine and is likely an SQL syntax error.

$link = db_connect($default_dbname);

In your first query you need to escape all single quotes using a backslash \' <- like so.
Within PHP however all quotes, single and double should automagically be escaped with the magic quotes directive.

hth
: )
Rich



:::::::::::::::::::::::::::::::::
Smiling Souls
http://www.smilingsouls.net
:::::::::::::::::::::::::::::::::
Reply With Quote
  #3 (permalink)  
Old September 22nd, 2003, 02:11 PM
Friend of Wrox
Points: 2,570, Level: 21
Points: 2,570, Level: 21 Points: 2,570, Level: 21 Points: 2,570, Level: 21
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: San Diego, CA, USA
Posts: 836
Thanks: 0
Thanked 0 Times in 0 Posts
Default

If you don't have the magic quotes directive on, you should use addslashes() and stripslashes() to escape all the special characters in a string, including quotes and other slash characters.

  http://www.php.net/addslashes
  http://www.php.net/stripslashes

If you can't control the PHP configuration for the servers you're writing applications for, then you might want to write a function to handle quote escaping for all servers, regardless of the magic quotes setting.

function escape_string($text)
{
    return get_magic_quotes_gpc()? $text : addslashes($text);
}

If you call this function for ALL strings you're inserting into the database, you're set. It's a little extra overhead, but it allows your script to run on almost any server. I say "almost" because sybase uses an extra single-quote to escape single-quotes, not a backslash.


Take care,

Nik
http://www.bigaction.org/
Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Enable to run query in ASP... rupen Classic ASP Databases 2 August 8th, 2006 09:45 AM
Will this query run perfectly??? ... rupen Access 2 August 1st, 2006 06:11 AM
Query to be run against both SQL and Oracle NK Oracle 2 April 26th, 2004 05:28 PM
Run query automatically mateenmohd SQL Server 2000 9 March 28th, 2004 03:35 PM
run total in query stoneman Access 1 December 23rd, 2003 04:43 AM



All times are GMT -4. The time now is 06:02 PM.


Powered by vBulletin®
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.