View Full Version : My form variables don't work anymore
06-25-2009, 11:22 AM
Evidently in the new version of PHP the values sent in the command from the form are no longer available as $variable, but must be accessed using $_post['variable']. My MySQL Insert command no longer works using
$sql = "INSERT INTO q<removed> (K_Q<removed>,F<removed>,L<removed>) values VALUES ($_POST['K_Q<removed>'],$_POST['F<removed>'],$_POST['L<removed>'])";
gives me an indecipherable error message
Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /big/dom/x<removed>.php on line 35
What am I doing wrong?
06-25-2009, 11:48 AM
Take out the single quotes. It's a weird aspect of PHP double-quoting. By the way, that code is unsafe unless you trust your users not to craft any old MySQL statement they want.
06-25-2009, 11:51 AM
The quoting is explained by the 'banana' examples here:
06-25-2009, 12:39 PM
Kitchen is right. Any input needs to be sanitized before using it in an SQL query or even worse shell code.
06-25-2009, 01:59 PM
Thanks. I no longer get the error message, but it still won't save the record to the database. My $result is always false and no new records are added.
Any suggestions for that?
06-25-2009, 02:00 PM
And how is that done?
06-25-2009, 04:55 PM
Kevin, fell out of my chair laughing so hard - printed the page, had to show it around some as explanation/example of my sense of humor (even tho I knew the comments would be unkind). Thankyou for lightening my day !! :bow:
06-25-2009, 04:57 PM
To be fair, that was a cartoon from xkcd.com not something I made. It is one of their better ones though.
06-25-2009, 05:02 PM
The basic technique is described here:
I can't say it's always sufficient, but it is much better.
06-25-2009, 07:11 PM
vBulletin® v3.6.8, Copyright ©2000-2013, Jelsoft Enterprises Ltd.