Re: [PHP] Parse Error on SQL Insert [Solved]
Sorry guys - knew it would be obvious! I was using $_FILE['image']['name'][0], instead of $_FILES['image']['name'][0] However, thanks for all your help. Tom On 07/04/06, Joe Henry [EMAIL PROTECTED] wrote: On Friday 07 April 2006 1:56 pm, Chrome wrote: Backticks (`) encapsulate table or database names I was thinking maybe if the array references were encapsulated in curly braces {}: $_POST['model'] to {$_POST['model']} Of course if the field in the DB isn't numeric this would be '{$_POST['model']}' Dan --- http://chrome.me.uk -Original Message- From: Joe Henry [mailto:[EMAIL PROTECTED] Sent: 07 April 2006 20:53 To: php-general@lists.php.net; [EMAIL PROTECTED] Subject: Re: [PHP] Parse Error on SQL Insert On Friday 07 April 2006 1:37 pm, Tom Chubb wrote: $insertSQL = INSERT INTO cars (model, `year`, details, price, image1, Not sure if this is your problem, but those look like backticks around year instead of single quotes. Should there even be quotes there? HTH -- Joe Henry www.celebrityaccess.com [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php __ NOD32 1.1475 (20060406) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com Good to know. Thanks. -- Joe Henry www.celebrityaccess.com [EMAIL PROTECTED] -- Tom Chubb [EMAIL PROTECTED] 07915 053312
[PHP] Parse Error on SQL Insert
I'm working on an insert record page with a multiple file upload script of which I understand the fundamentals. However, on submission I am getting the following error: Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in C:\apache2triad\htdocs\damotors\admin\insertnew.php on line 34 Where line 34 is... $insertSQL = INSERT INTO cars (model, `year`, details, price, image1, image2, image3, forsale) VALUES ($_POST['model'], $_POST['year'], $_POST['details'], $_POST['price'], $_FILE['image']['name'][0], $_FILE['image']['name'][1], $_FILE['image']['name'][2], $_POST['forsale']); For info, the HTML for the form is as follows: tr valign=baseline td nowrap align=rightImage1:/td tdinput type=file name=image[]/td /tr tr valign=baseline td nowrap align=rightImage2:/td tdinput type=file name=image[]/td /tr tr valign=baseline td nowrap align=rightImage3:/td tdinput type=file name=image[]/td /tr I've been slaving away for an hour and it's probably something really obvious but I'd really appreciate it if someone could point it out to me please? Previously I was getting an image1 cannot be null error which I couldn't work out either. That's gone, but I still can't work out what's going on. Many thanks, Tom -- Tom Chubb [EMAIL PROTECTED] 07915 053312
Re: [PHP] Parse Error on SQL Insert
Tom Chubb wrote: I'm working on an insert record page with a multiple file upload script of which I understand the fundamentals. However, on submission I am getting the following error: Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in C:\apache2triad\htdocs\damotors\admin\insertnew.php on line 34 Where line 34 is... $insertSQL = INSERT INTO cars (model, `year`, details, price, image1, image2, image3, forsale) VALUES ($_POST['model'], $_POST['year'], $_POST['details'], $_POST['price'], $_FILE['image']['name'][0], $_FILE['image']['name'][1], $_FILE['image']['name'][2], $_POST['forsale']); snip I've been slaving away for an hour and it's probably something really obvious but I'd really appreciate it if someone could point it out to me please? Previously I was getting an image1 cannot be null error which I couldn't work out either. That's gone, but I still can't work out what's going on. Without seeing more code (the error is probably above line 34), I can only guess that the problem is with your posted data. Escape your data before you insert it into a db. -- John C. Nichel IV Programmer/System Admin (ÜberGeek) Dot Com Holdings of Buffalo 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Parse Error on SQL Insert
why do you have single quotes around year? -B Tom Chubb wrote: I'm working on an insert record page with a multiple file upload script of which I understand the fundamentals. However, on submission I am getting the following error: Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in C:\apache2triad\htdocs\damotors\admin\insertnew.php on line 34 Where line 34 is... $insertSQL = INSERT INTO cars (model, `year`, details, price, image1, image2, image3, forsale) VALUES ($_POST['model'], $_POST['year'], $_POST['details'], $_POST['price'], $_FILE['image']['name'][0], $_FILE['image']['name'][1], $_FILE['image']['name'][2], $_POST['forsale']); For info, the HTML for the form is as follows: tr valign=baseline td nowrap align=rightImage1:/td tdinput type=file name=image[]/td /tr tr valign=baseline td nowrap align=rightImage2:/td tdinput type=file name=image[]/td /tr tr valign=baseline td nowrap align=rightImage3:/td tdinput type=file name=image[]/td /tr I've been slaving away for an hour and it's probably something really obvious but I'd really appreciate it if someone could point it out to me please? Previously I was getting an image1 cannot be null error which I couldn't work out either. That's gone, but I still can't work out what's going on. Many thanks, Tom -- Tom Chubb [EMAIL PROTECTED] 07915 053312 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Parse Error on SQL Insert
On Friday 07 April 2006 1:37 pm, Tom Chubb wrote: $insertSQL = INSERT INTO cars (model, `year`, details, price, image1, Not sure if this is your problem, but those look like backticks around year instead of single quotes. Should there even be quotes there? HTH -- Joe Henry www.celebrityaccess.com [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Parse Error on SQL Insert
Complete code... ?php require_once('../Connections/damotors.php'); ? ?php function GetSQLValueString($theValue, $theType, $theDefinedValue = , $theNotDefinedValue = ) { $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue; switch ($theType) { case text: $theValue = ($theValue != ) ? ' . $theValue . ' : NULL; break; case long: case int: $theValue = ($theValue != ) ? intval($theValue) : NULL; break; case double: $theValue = ($theValue != ) ? ' . doubleval($theValue) . ' : NULL; break; case date: $theValue = ($theValue != ) ? ' . $theValue . ' : NULL; break; case defined: $theValue = ($theValue != ) ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } $editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= ? . htmlentities($_SERVER['QUERY_STRING']); } if ((isset($_POST[MM_insert])) ($_POST[MM_insert] == form1)) { $insertSQL = INSERT INTO cars (model, `year`, details, price, image1, image2, image3, forsale) VALUES ($_POST['model'], $_POST['year'], $_POST['details'], $_POST['price'], $_FILE['image']['name'][0], $_FILE['image']['name'][1], $_FILE['image']['name'][2], $_POST['forsale']); mysql_select_db($database_damotors, $damotors); $Result1 = mysql_query($insertSQL, $damotors) or die(mysql_error()); $insertGoTo = uploadhandler.php; if (isset($_SERVER['QUERY_STRING'])) { $insertGoTo .= (strpos($insertGoTo, '?')) ? : ?; $insertGoTo .= $_SERVER['QUERY_STRING']; } header(sprintf(Location: %s, $insertGoTo)); } ?!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; html xmlns=http://www.w3.org/1999/xhtml; head meta http-equiv=Content-Type content=text/html; charset=iso-8859-1 / titleUntitled Document/title /head body form method=post name=form1 action=?php echo $editFormAction; ? table align=center tr valign=baseline td nowrap align=rightModel:/td tdinput type=text name=model value= size=32/td /tr tr valign=baseline td nowrap align=rightYear:/td tdinput type=text name=year value= size=32/td /tr tr valign=baseline td nowrap align=right valign=topDetails:/td tdtextarea name=details cols=50 rows=5/textarea /td /tr tr valign=baseline td nowrap align=rightPrice:/td tdinput type=text name=price value= size=32 input type=hidden name=MAX_FILE_SIZE value=190 //td /tr tr valign=baseline td nowrap align=rightImage1:/td tdinput type=file name=image[]/td /tr tr valign=baseline td nowrap align=rightImage2:/td tdinput type=file name=image[]/td /tr tr valign=baseline td nowrap align=rightImage3:/td tdinput type=file name=image[]/td /tr tr valign=baseline td nowrap align=rightForsale:/td tdinput type=text name=forsale value= size=32/td /tr tr valign=baseline td nowrap align=rightnbsp;/td tdinput type=submit value=Insert record/td /tr /table input type=hidden name=MM_insert value=form1 /form pnbsp;/p /body /html The reason for the single quotes around the year is something to do with Dreamweaver's insert wizard. On 07/04/06, Brad Bonkoski [EMAIL PROTECTED] wrote: why do you have single quotes around year? -B Tom Chubb wrote: I'm working on an insert record page with a multiple file upload script of which I understand the fundamentals. However, on submission I am getting the following error: Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in C:\apache2triad\htdocs\damotors\admin\insertnew.php on line 34 Where line 34 is... $insertSQL = INSERT INTO cars (model, `year`, details, price, image1, image2, image3, forsale) VALUES ($_POST['model'], $_POST['year'], $_POST['details'], $_POST['price'], $_FILE['image']['name'][0], $_FILE['image']['name'][1], $_FILE['image']['name'][2], $_POST['forsale']); For info, the HTML for the form is as follows: tr valign=baseline td nowrap align=rightImage1:/td tdinput type=file name=image[]/td /tr tr valign=baseline td nowrap align=rightImage2:/td tdinput type=file name=image[]/td /tr tr valign=baseline td nowrap align=rightImage3:/td tdinput type=file name=image[]/td /tr I've been slaving away for an hour and it's probably something really obvious but I'd really appreciate it if someone could point it out to me please? Previously I was getting an image1 cannot be null error which I couldn't work out either. That's gone, but I still can't work out what's going on. Many thanks, Tom -- Tom Chubb [EMAIL PROTECTED] 07915 053312 -- Tom Chubb [EMAIL PROTECTED] 07915 053312
Re: [PHP] Parse Error on SQL Insert
On Friday 07 April 2006 12:53, Joe Henry wrote: On Friday 07 April 2006 1:37 pm, Tom Chubb wrote: $insertSQL = INSERT INTO cars (model, `year`, details, price, image1, Not sure if this is your problem, but those look like backticks around year instead of single quotes. Should there even be quotes there? HTH -- Joe Henry www.celebrityaccess.com [EMAIL PROTECTED] The backticks should be fine. They tell MySQL that you mean the column year of the table cars and not the MySQL special word year which can be used in date calculations. The same thing would apply if you wanted a column named create. I would agree with John on the POST data. Make sure you at least run mysql_real_escape_string(). -- Ray Hauge Programmer/Systems Administrator American Student Loan Services www.americanstudentloan.com 1.800.575.1099 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Parse Error on SQL Insert
Backticks (`) encapsulate table or database names I was thinking maybe if the array references were encapsulated in curly braces {}: $_POST['model'] to {$_POST['model']} Of course if the field in the DB isn't numeric this would be '{$_POST['model']}' Dan --- http://chrome.me.uk -Original Message- From: Joe Henry [mailto:[EMAIL PROTECTED] Sent: 07 April 2006 20:53 To: php-general@lists.php.net; [EMAIL PROTECTED] Subject: Re: [PHP] Parse Error on SQL Insert On Friday 07 April 2006 1:37 pm, Tom Chubb wrote: $insertSQL = INSERT INTO cars (model, `year`, details, price, image1, Not sure if this is your problem, but those look like backticks around year instead of single quotes. Should there even be quotes there? HTH -- Joe Henry www.celebrityaccess.com [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php __ NOD32 1.1475 (20060406) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Parse Error on SQL Insert
thanks for the clarification, I guess the other solution would be to avoid using names with special meaning for column names... -B Ray Hauge wrote: On Friday 07 April 2006 12:53, Joe Henry wrote: On Friday 07 April 2006 1:37 pm, Tom Chubb wrote: $insertSQL = INSERT INTO cars (model, `year`, details, price, image1, Not sure if this is your problem, but those look like backticks around year instead of single quotes. Should there even be quotes there? HTH -- Joe Henry www.celebrityaccess.com [EMAIL PROTECTED] The backticks should be fine. They tell MySQL that you mean the column year of the table cars and not the MySQL special word year which can be used in date calculations. The same thing would apply if you wanted a column named create. I would agree with John on the POST data. Make sure you at least run mysql_real_escape_string(). -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Parse Error on SQL Insert
Tom Chubb wrote: Complete code... snip $insertSQL = INSERT INTO cars (model, `year`, details, price, image1, image2, image3, forsale) VALUES ($_POST['model'], $_POST['year'], $_POST['details'], $_POST['price'], $_FILE['image']['name'][0], $_FILE['image']['name'][1], $_FILE['image']['name'][2], $_POST['forsale']); /snip Looks like a problem with your input data. Escape it. You should be escaping it anyway, and not putting raw user input into your db. The reason for the single quotes around the year is something to do with Dreamweaver's insert wizard. year is a special word in MySQL. The back ticks are to let MySQL know that it's a column name. Without the back ticks, MySQL will 'guess', but that can cause problems...best to just back tick all the column names anyway. -- John C. Nichel IV Programmer/System Admin (ÜberGeek) Dot Com Holdings of Buffalo 716.856.9675 [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Parse Error on SQL Insert
On Friday 07 April 2006 12:56, Chrome wrote: Of course if the field in the DB isn't numeric this would be '{$_POST['model']}' Dan That's what I was thinking. Even if data is a number, I still generally put quotes around it to make sure I don't have an issue. -- Ray Hauge Programmer/Systems Administrator American Student Loan Services www.americanstudentloan.com 1.800.575.1099 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Parse Error on SQL Insert
Mi vote goes to the curly braces The error is given by php, not by SQL When exploding variables within double quotes it is hard for php to distinguish when a variable end unless it is a simple variable like $foo. When it is an array element and even worst, when it is an element of a multidimensional array, php cannot assert when it is over (really, it is not a bug, try to figure out how to do it and you'll see it is not easy) so you tell php by enclosing the whole variable in curly braces. Which it says so in the manual Satyam - Original Message - From: Chrome [EMAIL PROTECTED] To: 'Joe Henry' [EMAIL PROTECTED]; php-general@lists.php.net; [EMAIL PROTECTED] Sent: Friday, April 07, 2006 9:56 PM Subject: RE: [PHP] Parse Error on SQL Insert Backticks (`) encapsulate table or database names I was thinking maybe if the array references were encapsulated in curly braces {}: $_POST['model'] to {$_POST['model']} Of course if the field in the DB isn't numeric this would be '{$_POST['model']}' Dan --- http://chrome.me.uk -Original Message- From: Joe Henry [mailto:[EMAIL PROTECTED] Sent: 07 April 2006 20:53 To: php-general@lists.php.net; [EMAIL PROTECTED] Subject: Re: [PHP] Parse Error on SQL Insert On Friday 07 April 2006 1:37 pm, Tom Chubb wrote: $insertSQL = INSERT INTO cars (model, `year`, details, price, image1, Not sure if this is your problem, but those look like backticks around year instead of single quotes. Should there even be quotes there? HTH -- Joe Henry www.celebrityaccess.com [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php __ NOD32 1.1475 (20060406) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Parse Error on SQL Insert
On Friday 07 April 2006 1:56 pm, Chrome wrote: Backticks (`) encapsulate table or database names I was thinking maybe if the array references were encapsulated in curly braces {}: $_POST['model'] to {$_POST['model']} Of course if the field in the DB isn't numeric this would be '{$_POST['model']}' Dan --- http://chrome.me.uk -Original Message- From: Joe Henry [mailto:[EMAIL PROTECTED] Sent: 07 April 2006 20:53 To: php-general@lists.php.net; [EMAIL PROTECTED] Subject: Re: [PHP] Parse Error on SQL Insert On Friday 07 April 2006 1:37 pm, Tom Chubb wrote: $insertSQL = INSERT INTO cars (model, `year`, details, price, image1, Not sure if this is your problem, but those look like backticks around year instead of single quotes. Should there even be quotes there? HTH -- Joe Henry www.celebrityaccess.com [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php __ NOD32 1.1475 (20060406) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com Good to know. Thanks. -- Joe Henry www.celebrityaccess.com [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php