vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB3 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=15)
-   -   help before i do something i may regret (https://vborg.vbsupport.ru/showthread.php?t=63400)

burnist 04-03-2004 01:21 PM
help before i do something i may regret
 
I am runnig this query from a file

PHP Code:
$DB_site->query("INSERT INTO item_cats (name,battle,order,description) VALUES (' ".$_POST['itemcatname']." ',' ".$_POST['battleitemcat']." ',' "$_POST['catdisplayorder']." ',' "$_POST['itemcatdescription']." ')  "); 
The output should be a redirect page called on the next line(s) but instead i get the following error

Invalid SQL: INSERT INTO item_cats (name,battle,order,description) VALUES (' test ',' 1 ',' 1 ',' test ')
mysql error: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'order,description) VALUES (' test ',' 1 ',' 1 ',' test ')' at l

mysql error number: 1064

I have had some one on my msn list look over the query and they cannot find a problem with it. This is driving me insane and anyhelp would be greatly appreciated :tired: :rolleyes:

Dean C 04-03-2004 01:27 PM
You don't need to quote numerical values.

burnist 04-03-2004 01:42 PM
no luck, now i gives

Invalid SQL: INSERT INTO item_cats (name,battle,order,description) VALUES (' test ',1,1,' test ')
mysql error: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'order,description) VALUES (' test ',1,1,' test ')' at line 1

mysql error number: 1064

assassingod 04-03-2004 01:47 PM
You cant use 'order' as a column name. Change it

burnist 04-03-2004 01:52 PM
thanks assassingod, that worked straight away :)

assassingod 04-03-2004 01:53 PM
No problem:)

burnist 04-03-2004 04:34 PM
now im having problems with mysql_fetch_array()


PHP Code:
$catfields $DB_site->query("SELECT id, name FROM " TABLE_PREFIX " item_cats");
    while ($catinfo $DB_site->fetch_array($catfields))
    {
    echo'<tr valign="top" align="center">
    <td class="alt1" align="left"><b>$catinfo[name]</b></a>&nbsp;</td>
    <td class="alt1"><a href="itemadmin.php?do=deloldcat&id=$catinfo[id]">Delete</a></td>
    <td class="alt1"><a href="itemadmin.php?do=editoldcat&id=$catinfo[id]">Edit</a></td>
    </tr>';    
    } 
This is showing the right number of rows (ie same number of rows as in that database but the text it shows is $catinfo[name] and i cant see why, as far as i can tell the variable have the same name etc (slightly dyslixic so dont hold me to that ;) )

filburt1 04-03-2004 05:06 PM
As an unrelated note, you have massive SQL injection issues. Use addslashes() for every string used in a query, no exceptions.

burnist 04-03-2004 05:18 PM
i assume you are talking about the first post? I probobly will later but its in the admin panel so its not really a hugh problem but i will update it in my file :)

Velocd 04-03-2004 10:47 PM
Quote:
This is showing the right number of rows (ie same number of rows as in that database but the text it shows is $catinfo[name] and i cant see why, as far as i can tell the variable have the same name etc (slightly dyslixic so dont hold me to that )
You must set a string with double quotes if you intend to include variables.

e.g.

PHP Code:
$name "$bbuserinfo[username]"
Single quotes if otherwise:

PHP Code:
$name 'John'


All times are GMT. The time now is 02:09 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01706 seconds
  • Memory Usage 1,734KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (4)bbcode_php_printable
  • (1)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete