RE: [PHP] $_POST in MySQL query issue...
Adam Reiswig wrote: Greetings to all. I am trying for the life of me to place a $_POST[] variable in my MySQL query. I am running the latest stable versions of PHP, MySQL and Apache 2 on my Win2kPro machine. My register_globals are set to off in my php.ini. My code I am attempting create is basically as follows: $table=elements; $sql=insert into $table set Name = '$elementName'; This works with register_globals set to on. But, I want to be able to turn that off. My code then, I am guessing, be something as follows: $table=elements; $sql=insert into $table set Name = '$_POST[elementName]'; Unfortunately this and every other combination I can think of, combinations of quotes that is, does not work. I believe the source of the problem is the quotes within quotes within quotes. I also tried: $sql='insert into $table set Name = '.$_POST[elementName];or $sql=insert into $table set Name = .$_POST['elementName']; and several other variations. Can anyone give me some pointers to inserting $_POST[] statements inside of query statements? I am sure there must be a way but I have spent a lot of time on this and am really stumped here. Thanks for any help. -Adam Reiswig PS if anything here is not clear to you, please let me know and I'll clarify as I can. Thanks again. Do this first: $elementName = $_POST[elementName]; Then you don't have to change your sql statement. That's what I've been doing all day yesterday and today in my time clock program. It's less time consuming than changing all of the sql queries. Jake McHenry Nittany Travel MIS Coordinator http://www.nittanytravel.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: [PHP-DB] Re: [PHP] $_POST in MySQL query issue...
On Fri, 17 Oct 2003, BAO RuiXian wrote: I see you can achieve this by two ways: 1. Take out all the inside quotes (single or double) like the following: $sql=insert into $table set Name = $_POST[elementName]; This is bad. Using no quotes MAY work, but it is considered a BARE WORD and not an actual string. $sql='insert into '.$table.' set Name = '.addslashes($_POST['elementName']).''; is the (more) correct way to do this. 2. Use a temporary variable for $_POST[elementName], like $elementName = $_POST[elementName], then continute use your original SQL sentence when the register_globals was on. Waste (albeit very minor) of variable space. Concat them. Beckman --- Peter Beckman Internet Guy [EMAIL PROTECTED] http://www.purplecow.com/ --- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] $_POST in MySQL query issue...
Greetings to all. I am trying for the life of me to place a $_POST[] variable in my MySQL query. I am running the latest stable versions of PHP, MySQL and Apache 2 on my Win2kPro machine. My register_globals are set to off in my php.ini. My code I am attempting create is basically as follows: $table=elements; $sql=insert into $table set Name = '$elementName'; This works with register_globals set to on. But, I want to be able to turn that off. My code then, I am guessing, be something as follows: $table=elements; $sql=insert into $table set Name = '$_POST[elementName]'; Unfortunately this and every other combination I can think of, combinations of quotes that is, does not work. I believe the source of the problem is the quotes within quotes within quotes. I also tried: $sql='insert into $table set Name = '.$_POST[elementName]; or $sql=insert into $table set Name = .$_POST['elementName']; and several other variations. Can anyone give me some pointers to inserting $_POST[] statements inside of query statements? I am sure there must be a way but I have spent a lot of time on this and am really stumped here. Thanks for any help. -Adam Reiswig PS if anything here is not clear to you, please let me know and I'll clarify as I can. Thanks again. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] $_POST in MySQL query issue...
Adam Reiswig wrote: $table=elements; $sql=insert into $table set Name = '$elementName'; This works with register_globals set to on. But, I want to be able to turn that off. My code then, I am guessing, be something as follows: $table=elements; $sql=insert into $table set Name = '$_POST[elementName]'; I see you can achieve this by two ways: 1. Take out all the inside quotes (single or double) like the following: $sql=insert into $table set Name = $_POST[elementName]; 2. Use a temporary variable for $_POST[elementName], like $elementName = $_POST[elementName], then continute use your original SQL sentence when the register_globals was on. Best Bao Unfortunately this and every other combination I can think of, combinations of quotes that is, does not work. I believe the source of the problem is the quotes within quotes within quotes. I also tried: -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php