so after a (very) long break from websites and stuff.... 3 years :p i've gotten the coding bug again and i'm kinda embarrased that i've forgotten almost alll that i knew.

ANYWAYS i'm almost done making this simple form, all thats left is getting the mysql commands right. Right now i'm getting an error and i'm not sure how to fix it. I've tried everything i could think of and everything i could find online but it still gives error.
here is what i have now...

$sql=@mysql_query("INSERT INTO events (date,user,title,desc,address,city,state,phone,dateon,email) VALUES ($date,'$user','$title','$desc','$address','$city','$state','$phone','$dateon','$email')") or die(mysql_error());

without the '' it just adds the date into the db. and this is from a form so should i have something like ".$post['$user']." ??? i tried that too and it gives me error =\

    Try using sprintf to do stuff... makes it easier for type conversions

    Something like this:

    $db = mysql_connect($host, $user, $pword);
    mysql_select_db($dbname, $db);
    $sql = sprintf("INSERT INTO users (name, age) VALUES ('%s', %d)",
    mysql_real_escape_string($name, $db),
    mysql_real_escape_string($age, $db));
    $res = mysql_query($sql, $db);
    mysql_close($db);

    Note that you single quote strings (VARCHAR, CHAR) but not INTEGERS (INT, LONG)

      for the record the error for the code in my first post is...

      You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'desc,address,city,state,phone,dateon,email) VALUES ('12/29/2007 12:26:40 AM','',' at line 1

      and thanks for the help kobashi but i'd prefer to stick with what i have
      very appreciative for the help tho :o

        The problem is that desc is a reserved word in MySQL, thus you need to surround it with backticks ( ` ) to indicate that it is the name of a column.

        philvia wrote:

        this is from a form so should i have something like ".$post['$user']." ???

        If the variables you're using aren't explicitly defined in your script, then you need to turn OFF register_globals and use the superglobal array $_POST instead (more info on these superglobals can be found here: [man]variables.predefined[/man]).

        Also, it appears as though you're vulnerable to SQL injection attacks. User-supplied data should never be placed directly into a SQL query! Instead, sanitize it with a function such as [man]mysql_real_escape_string/man.

          alright i tried what you suggested, still gives error 😕

            Show us your new code as well as the error message provided by the SQL server.

              i just added the $_POST thing you suggested for now and it still pretty gives me pretty much same as above...

              [code=php]$sql=mysql_query("INSERT INTO events (date,user,title,`desc`,address,city,state,phone,dateon,email) VALUES ($date,".$_POST[$user].",".$_POST[$title].",".$_POST[$description].",".$_POST[$address].",".$_POST[$city].",".$_POST[$state].",".$_POST[$phone].",".$_POST[$dateon].",".$_post[$email].")") or die(mysql_error());[/code]

              You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '15:01:22,,,,,,,,,)' at line 1

                All those values in your SQL need to be quoted (unless they are numbers). Here's a version that includes the quote while also using [man]mysql_real_escape_string/man to prevent SQL injection attacks. Also, if the query fails, it will not print out the query exactly as it was sent to MySQL after it outputs the MySQL error. Oh, and it's easier to read, too. 🙂

                $query = sprintf(
                   "INSERT INTO events (date, user, title, `desc`, address, city, state, " .
                   "phone, dateon, email) VALUES ('%s', '%s', '%s', '%s', '%s', '%s', '%s', " .
                   "'%s', '%s', '%s')",
                   $date,
                   mysql_real_escape_string($_POST['user']),
                   mysql_real_escape_string($_POST['title']),
                   mysql_real_escape_string($_POST['description']),
                   mysql_real_escape_string($_POST['address']),
                   mysql_real_escape_string($_POST['city']),
                   mysql_real_escape_string($_POST['state']),
                   mysql_real_escape_string($_POST['phone']),
                   mysql_real_escape_string($_POST['dateon']),
                   mysql_real_escape_string($_POST['email'])
                );
                $sql = mysql_query($query) or die(mysql_error() . "<br />$query");
                

                  Note that the another problem is that the array index shouldn't be $user (for example), but rather the string 'user'; there is no such variable $user, so obviously using the value of a non-existent variable as the index of an array isn't going to work.

                    bradgrafelman wrote:

                    Note that the another problem is that the array index shouldn't be $user (for example), but rather the string 'user'; there is no such variable $user, so obviously using the value of a non-existent variable as the index of an array isn't going to work.

                    Good catch. I edited my previous reply accordingly (and also fixed one other typo).

                      ok i used your code and there's no error, but it only inserts the $date and nothing else :o

                        Can you show us a new copy of your code? Also, add a print_r($_POST); to your script when the query is executed and paste the output here for us to see.

                          its basically the same code as you suggested

                          here's that other thing you asked tho
                          "Array ( [post] => Submit )"

                            It looks like the post variables aren't binding to the html form elements
                            For every HTML element you want to retrieve via the posted value, make sure you give it a name like so:

                            <input type="text" name="email" size="64" value="" />
                            <input name="submit" type="submit" value="Submit" />

                            Then after you have proven that the $_POST['submit'] is sset, you can use the associated POST variable:

                            if (isset($POST['submit']))
                            echo $
                            POST['email'];

                            See how "email" is the same as the name of the HTML element? They have to match.

                              Also make sure the form tag is using a method="post" attribute.

                                as far as i know all that info is correct =\

                                still only adding date only though.

                                  ok so i have 2 seperate post forms on the page.. a preview and then from there a submit. On the preview section, all the stuff you type in shows up just fine. only once you click submit, it doesn't seem to work.

                                  was that clear?

                                    How do you transfer data from the preview page to the final processing page? Hidden form fields?

                                      right now it's just thrown together like this...

                                      if ($_POST['preview']) {
                                      	echo "<form ACTION=\"new.php\" METHOD=\"POST\">";
                                      	echo "<tr><td class=\"head\" colspan=\"2\" align=\"right\">Review the Details</td></tr>";
                                      	echo "<tr><td class=\"dark\" colspan=\"2\"><b>
                                      	".stripslashes($_POST['title'])."</b><br>
                                      	".$_POST['dateon']."<br>
                                      	".$_POST['address']."<br>
                                      	".$_POST['city'].", ".$_POST['state']."<br>
                                      	".$_POST['description']."<br>
                                      	".$_POST['user']."<br>
                                      	".$_POST['phone']."<br>
                                      	".$_POST['email']."</td></tr>";
                                      	echo "<tr><td class=\"dark\" colspan=\"2\"><input type=\"submit\" value=\"Submit\" name=\"submit\"><input type=\"submit\" value=\"Edit\" name=\"edit\"></td></tr></form></table></table>";
                                      	include("../include/foot.php");
                                      	exit;
                                      }
                                      if ($_POST['submit']) {
                                          $date=date("n/j/Y H:i:s");
                                      	$query = sprintf(
                                         "INSERT INTO events (date, user, title, `desc`, address, city, state, " .
                                         "phone, dateon, email) VALUES ('%s', '%s', '%s', '%s', '%s', '%s', '%s', " .
                                         "'%s', '%s', '%s')",
                                         $date,
                                         mysql_real_escape_string($_POST['user']),
                                         mysql_real_escape_string($_POST['title']),
                                         mysql_real_escape_string($_POST['description']),
                                         mysql_real_escape_string($_POST['address']),
                                         mysql_real_escape_string($_POST['city']),
                                         mysql_real_escape_string($_POST['state']),
                                         mysql_real_escape_string($_POST['phone']),
                                         mysql_real_escape_string($_POST['dateon']),
                                         mysql_real_escape_string($_POST['email'])
                                      );
                                      $sql = mysql_query($query) or die(mysql_error() . "<br />$query"); 
                                          echo "<tr><td class=\"dark\" colspan=\"2\">Your event should be posted soon. Thank you!</td></tr>";
                                      	include("../include/foot.php");
                                      	exit;
                                      }

                                      like i said, on the preview page everything you type in is displaying fine but once you click submit, it sends only the date. can the variables not be transferred over 2 forms or whatever :p

                                        This looks odd to me.

                                        Where's the HTML form elements that correlate with user, title, etc.?

                                        Are the two </table></table> at the end of the form right? Where's the starting two tables?