[RESOLVED] cant store data database..

chinna

hi there...hru...i have try to store the data in mysql..table name detail... but i cant...here is my coding and the error message....
$insert='$REQUEST[('company_name'),('prepare)by'),('email'),('employee_no_1'),('designation'),('manager'),('department'),('pay_to'),('employee_no_2'),('e-cer')]';
$query = insert into detail (company_name, prepare_by, email, employee_no_1, designation, manager, department, purpose, pay_to, employee_no_2, e-cer) values ('$REQUEST[company_name]', '$REQUEST['prepare_by']', '$REQUEST['email']', '$REQUEST['employee_no_1']' , '$REQUEST['designation']', '$REQUEST['manager']', '$REQUEST['department']', '$REQUEST['purpose']', '$REQUEST['pay_to']', '$REQUEST['employee_no_2']', '$REQUEST['e-cer']');
$insert_res = mysql_query($insert) or die (mysql_error());
$rid=mysql_insert_id();
header ("Location: login.php");....the erroe msg is ....Parse error: parse error, unexpected T_STRING in c:\program files\easyphp1-7\www\smtt\voucher.php on line 10.....please help to solve this problem...thank you///

NogDog

Please place

 vbcode tags[/url] around your code sample so we can read it more easily.

2. Please let us know exactly which line is the line specified by your error message (line number 10 in this case).

chinna

the line is..

$insert='$_REQUEST[('company_name'),('prepare)by'),('email'),('employee_no_1'),('designation'),('manager'),('department'),('pay_to'),('employee_no_2'),('e-cer')]';

$query = insert into detail (company_name, prepare_by, email, employee_no_1, designation, manager, department, purpose, pay_to, employee_no_2, e-cer) values ('$_REQUEST[company_name]', '$_REQUEST['prepare_by']', '$_REQUEST['email']', '$_REQUEST['employee_no_1']' , '$_REQUEST['designation']', '$_REQUEST['manager']', '$_REQUEST['department']', '$_REQUEST['purpose']', '$_REQUEST['pay_to']', '$_REQUEST['employee_no_2']', '$_REQUEST['e-cer']');

$insert_res = mysql_query($insert) or die (mysql_error());

$rid=mysql_insert_id();

NogDog

EDIT: fixed typo in "mysql_real_escape_string".

The problem is the quoting (and lack thereof). Also, it's pretty unsafe code right now as far as SQL injection goes. The following should hopefully work better for you:

$query = sprintf(
   "insert into detail (company_name, prepare_by, email, employee_no_1 ".
   "designation, manager, department, purpose, pay_to, employee_no_2, e-cer) ".
   "values('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s')",
   mysql_real_escape_string($_REQUEST['company_name']), 
   mysql_real_escape_string($_REQUEST['prepare_by']),
   mysql_real_escape_string($_REQUEST['email']),
   mysql_real_escape_string($_REQUEST['employee_no_1']) ,
   mysql_real_escape_string($_REQUEST['designation']),
   mysql_real_escape_string($_REQUEST['manager']),
   mysql_real_escape_string($_REQUEST['department']),
   mysql_real_escape_string($_REQUEST['purpose']),
   mysql_real_escape_string($_REQUEST['pay_to']),
   mysql_real_escape_string($_REQUEST['employee_no_2']),
   mysql_real_escape_string($_REQUEST['e-cer'])
);
$insert_res = mysql_query($query) or die (mysql_error());
$rid = mysql_insert_id();

bradgrafelman

Note that NogDog made a simple typo (that multiplied due to copying-and-pasting no doubt :p) - the function you're after to filter data is [man]mysql_real_escape_string/man.

chinna

nogdog,.....

when i change the code...its show new error....Fatal error: Call to undefined function: msyql_real_escape_string() in c:\program files\easyphp1-7\www\smtt\voucher.php on line 12

Weedpacket

chinna wrote:
Call to undefined function:

I know it was only eighteen minutes since bradgrafelman posted, but surely it had got to wherever you are by the time you replied?

NogDog

Typo has been fixed - thanks.