[RESOLVED] Plese help...

mymainoffender

Im having a problem with the following lines:

$connector = new DbConnector();
		$sql = 'INSERT INTO cmssections (name,parentid,pagetitle) VALUES ('.$HTTP_POST_VARS['name'].','.$HTTP_POST_VARS['parent'].','.$HTTP_POST_VARS['pagetitle'].')';
		$connector->query($sql) or die ("ERROR: ".mysql_error()." with query: $sql");

I am getting the error:

ERROR: Unknown column 'testsection' in 'field list' with query: INSERT INTO cmssections (name,parentid,pagetitle) VALUES (testsection,0,testpagetitle)

My code is as follows:

<?php

require_once('../includes/DbConnector.php');
require_once('../includes/Validator.php');

$connector = new DbConnector();
$validator = new Validator();

// DELETE SECTIONS //
if ($HTTP_GET_VARS['action'] == 'delete'){

$sectionID = $HTTP_GET_VARS['ID'];

if ( $validator->validateNumber($sectionID,'Section ID') ){


	$connector->query('DELETE FROM cmssections WHERE ID = '.$sectionID);
	echo 'Section Deleted.<br>';
}else{

	echo "Couldn't delete. There was a problem with: ".$validator->listErrors();
}
}

// ADD SECTION //
if ($HTTP_GET_VARS['action'] == 'add'){
	$validator->validateTextOnlyNoSpaces($HTTP_POST_VARS['name'],'section name');
	$validator->validateNumber($HTTP_POST_VARS['parent'],'parent section');
	$validator->validateTextOnlyNoSpaces($HTTP_POST_VARS['pagetitle'],'pagetitle section');


if (!$validator->foundErrors()){
	$connector = new DbConnector();
	$sql = 'INSERT INTO cmssections (name,parentid,pagetitle) VALUES ('.$HTTP_POST_VARS['name'].','.$HTTP_POST_VARS['parent'].','.$HTTP_POST_VARS['pagetitle'].')';
	$connector->query($sql) or die ("ERROR: ".mysql_error()." with query: $sql");

}else{
	echo '<b>Please correct '.$validator->listErrors().'</b><br><br>';
}

}

// LIST SECTIONS //
$result = $connector->query('SELECT ID,name,parentid FROM cmssections');

while ($row = $connector->fetchArray($result)){
	echo $row['name'].' - &nbsp;&nbsp; '; // Show the name of section
	echo '<a href="editSections.php?action=delete&id='.$row['ID'].'"> Delete </a>'; // Show the delete link 
	echo '<br>'; // Show a carriage return
}

?>



	<form name="form1" method="post" action="editSections.php?action=add">
	  <p>Create a Section:</p>
	 <p>&nbsp;Name:
	     <input name="name" type="text" id="name">
	 </p>
	  <p>Page Title:</p>
	 <p>&nbsp;Name:
	     <input name="pagetitle" type="text" id="pagetitle">
	 </p>
	 <p>&nbsp;Parent:
	   <select name="parent">
		<option value="0">None</option>
	    <?PHP 	// Generate a drop-down list of sections.
			// NOTE : Requires database modifications in article 4
			$result = $connector->query('SELECT ID,name FROM cmssections ORDER BY name');

			// Get an array containing the results.
			// Loop for each item in that array
			while ($row = $connector->fetchArray($result)){
				echo '<option value="'.$row['ID'].'">'.$row['name'].'</option>';
			}
	  ?>
    	</select>
	</p>
	<p align="left">
	  <input type="submit" name="Submit" value="Create">
	</p>
	</form>

Roger_Ramjet

Your VALUE strings need to be quoted otherwise sql reads them as column names and looks for the coulmns in the table - hence your error message.

mymainoffender

as in doublequotes(") ??

mymainoffender

Im now getting the error:

ERROR: Column count doesn't match value count at row 1 with query: INSERT INTO cmssections (name,parentid,pagetitle) VALUES ("TestSection,0,TestTitle")

Roger_Ramjet

As in the alternate string quoting syntax to the one you use around the query string itself:
single inside double -- my choice
double inside single

mymainoffender

Okay, so i used doublequotes and got passed the first error now im comming out with the second error listed above.

Roger_Ramjet

Roger Ramjet wrote:
Your VALUE strings need to be quoted ...

VALUES ("TestSection",0,"TestTitle")

mymainoffender

Thankyou