0

im having the same issue with the above "You have an error in your SQL syntax; check the manual that corresponds to your MySQL...line 1"..help!


myform2.php

<? ob_start(); ?>
session_start();


<?php
$labels = array ( "comment" => "comment",
                    "condition" => "condition",
                    "cartype" => "cartype");
?>
<?php
	if($_POST['Submit'] == "Submit") 
    {
		$errorMessage = "";
		
		if(empty($_POST['comment'])) 
        {
			$errorMessage .= "<li>You forgot to enter a comment!</li>";
		}
		if(empty($_POST['condition'])) 
        {
			$errorMessage .= "<li>You forgot to enter a condition</li>";
		}
		if(empty($_POST['cartype'])) 
        {
			$errorMessage .= "<li>You forgot to select your cartype</li>";
		}

                                $varcomment = $_POST['comment'];
		$varcondition = $_POST['condition'];
		$varcartype = $_POST['cartype'];

		if(empty($errorMessage)) 
        {
                               			}
	}
            
    // function: PrepSQL()
    // use stripslashes and mysql_real_escape_string PHP functions
    // to sanitize a string for use in an SQL query
    //
    // also puts single quotes around the string
    //
    function PrepSQL($value)
    {
        // Stripslashes
        if(get_magic_quotes_gpc()) 
        {
            $value = stripslashes($value);
        }

        // Quote
        $value = "'" . mysql_real_escape_string($value) . "'";

        return($value);
    }
?>

<html>
<head>
	<title>PHP Form processing example</title>
<!-- define some style elements-->
<style>
label,a 
{
	font-family : Arial, Helvetica, sans-serif;
	font-size : 12px; 
}

</style>	
</head>

<body>

       <?php
		    if(!empty($errorMessage)) 
		    {
			    echo("<p>There was an error with your form:</p>\n");
			    echo("<ul>" . $errorMessage . "</ul>\n");
            }
        ?>
                                  <form action="savetire.php" method="post">
					<p>
				<label for='comment'>Which is your comment?</label><br/>
				<input type="text" name="comment" maxlength="50" value="<?=$varcomment;?>" />
			</p>
			<p>
				<label for='condition'>What is your condition?</label><br/>
				<input type="text" name="condition" maxlength="50" value="<?=$varcondition;?>" />
			</p>
			<p>
				<label for='cartype'>What is your cartype?</label><br/>
				<select name="cartype">
					<option value="">Select...</option>
					<option value="toyota"<? if($varcartype=="toyota") echo(" selected=\"selected\"");?>>toyota</option>
					<option value="chev"<? if($varcartype=="chev") echo(" selected=\"selected\"");?>>chev</option>
				</select>
			</p>
			<input type="submit"  value="Submit" />
		</form>
</body>
</html>
<? ob_flush(); ?>


savetire php starts here




<? ob_start(); ?>

<?php
/*  Program name: savetire.php
 *  Description:  Program checks all the form fields for
 *                blank fields and incorrect format. Saves the
 *                correct fields in a database.
 */
?>
<html>
<head><title>Member tire</title></head>
<body>
<?php
  /* set up array of field labels */
  $labels = array( "comment" => "comment",
                   "condition" => "condition",
                   "cartype" => "cartype");
/* Check information from form */
  foreach($_POST as $field => $value)
  {
    /* check each field for blank fields */
    if( $value == "" )
    {
      $blank_array[] = $field;
    }
	/* check format of each field */
    elseif( ereg("(comment)",$field) )  
    {
      if(!ereg("^[A-Za-z' -]{1,50}$",$value) )
      {
          $bad_format[] = $field;
      }
    }
   
    }
 // end of foreach for $_POST
  /* if any fields were not okay, display error message and form */
  if(@sizeof($blank_array) > 0 or @sizeof($bad_format) > 0)
  {
    if(@sizeof($blank_array) > 0)
    {
        /* display message for missing information */
        echo "<b>You didn't fill in one or more required fields. 
                 You must enter:</b><br>";
        /* display list of missing information */
        foreach($blank_array as $value)
        {
           echo "&nbsp;&nbsp;&nbsp;{$labels[$value]}<br>";
        }
    }
    if(@sizeof($bad_format) > 0)
    {
        /* display message for bad information */
        echo "<b>One or more fields have information that appears to 
                 be incorrect. Correct the format for:</b><br>";
        /* display list of bad information */
        foreach($bad_format as $value)
        {
           echo "&nbsp;&nbsp;&nbsp;{$labels[$value]}<br>";
        }
    }
    /* redisplay form */
    echo "<p><hr />";
    echo "<h3>Please enter your comments.</h3>";
    echo "<form action='savetire.php' method='POST'>
          <table>";
    foreach($labels as $field => $label)
    {
      $good_data[$field]=strip_tags(trim($_POST[$field]));
      echo "<tr>
             <td style='text-align: right; font-weight: bold'>
	  	        $label</td>
             <td><input type='text' name='$field' size='65'
                 maxlength='65' value='$good_data[$field]'></td>
            </tr>";
    }
    echo "<tr>
           <td colspan='2' style='text-align: center'>
              <input type='submit' value='comments'>";
    echo "</td></tr></table>
          </form>";
    exit();
  }
  else   //if data is okay
  {
    $user="xxxxxx";
    $host="uniontire..com";
    $passwd="xxxxxx";
    $dbname="alpha";
                        	$cxn = mysql_connect('uniontire.com', 'xxxxxx', 'xxxxxx'); if (!$cxn) { die('Could not connect: ' . mysql_error()); } echo 'Connected successfully'; mysql_select_db(alpha); 	
 foreach($labels as $field => $value)
   
	
    $fields_all = array_keys($labels);
    foreach($fields_all as $field)
    {
      $good_data[$field] = strip_tags(trim($_POST[$field]));
      if($field == "phone")
      {
         $good_data[$field] = ereg_replace("[)( .-]","",$good_data[$field]);
      }
      $good_data[$field] = mysql_real_escape_string($good_data[$field],$cxn);
    }
		   
    $query = "INSERT INTO details (good_data[comment],good_data[condition],
                      good_data[cartype]) VALUES ('$good_data[comment]','$good_data[condition]',
                      '$good_data[cartype]')";
  
echo $good_data[comment]."<br>";
echo $good_data[condition]."<br>";
echo $good_data[cartype]."<br>";

    $result = mysql_query($query,$cxn)
               or die("Couldn't execute ? query: " . mysql_error()); 
    echo "<h4>New Member added to database</h4>";
  }
?>
</body></html>
<? ob_flush(); ?>

Edited by Narue: added code tags, masked login credentials

3
Contributors
2
Replies
3
Views
5 Years
Discussion Span
Last Post by diafol
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.