I wonder is anyone can help me with this annoying problem. Trying to insert some data into a table. In the mean time, I want to leave out some fields and not insert something there. For some reason I'm getting Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING
error. Is there something I'm doing wrong below?
Your help will be appreciated.
<?php
function sqlEscape($string){
return "'".mysql_real_escape_string($string)."'";
}
if( $_GET['location'] == ''
|| $_GET['name'] == ''
|| $_GET['school'] == ''
|| $_GET['reason'] == ''
|| $_GET['address'] == ''
|| $_GET['postcode'] == ''
|| $_GET['email'] == ''
|| $_GET['telephone'] == '') {
exit('You missed a value');
}
include('theConfig.php');
$con = mysql_connect($host, $username, $password) or die(mysql_error()) ;
if (!$con){
die('Could not connect: ' . mysql_error());
} mysql_select_db($db, $con); //$description = mysql_real_escape_string($_GET[description]);
$sql = sprintf('INSERT INTO applications (location, name, school, reason, address, postcode, email, telephone, town, county, state, country)
VALUES(%s, %s, %s, %s, %s, %s, %s, %s, %s, %s,'','')',
sqlEscape($_GET['location']),
sqlEscape($_GET['name']),
sqlEscape($_GET['school']),
sqlEscape($_GET['reason']),
sqlEscape($_GET['address']),
开发者_运维技巧 sqlEscape($_GET['postcode']),
sqlEscape($_GET['email']),
sqlEscape($_GET['telephone']));
if (!mysql_query($sql,$con)){
die('Error: ' . mysql_error());
}
header('Location: thankyou.php');
mysql_close($con)
?>
You should have values set for town and county - or set with default value (empty string like the others):
$sql = sprintf("INSERT INTO applications (location, name, school, reason, address, postcode, email, telephone, town, county, state, country)
VALUES(%s, %s, %s, %s, %s, %s, %s, %s, '','','','')", ... )
Edit:
Also - use double quotes to surround the first sprintf
parameter as single quotes are used within...
$sql = sprintf('INSERT INTO applications (location, name, school, reason, address, postcode, email, telephone, town, county, state, country)
VALUES(%s, %s, %s, %s, %s, %s, %s, %s, %s, %s,'','')',
You have '', '')' which is incorrect, b/c the first quote in this sequence closes the string, so it's actually three strings togather: 'INSERT ... ', then ', ', and then ')'. You must escape quotes in the string with backslash or use double quotes to enclose whole string:
(escaping)
$sql = sprintf('INSERT INTO applications (location, name, school, reason, address, postcode, email, telephone, town, county, state, country)
VALUES(%s, %s, %s, %s, %s, %s, %s, %s, %s, %s,\'\',\'\')',
(using double quotes)
$sql = sprintf("INSERT INTO applications (location, name, school, reason, address, postcode, email, telephone, town, county, state, country)
VALUES(%s, %s, %s, %s, %s, %s, %s, %s, %s, %s,'','')",
You use single quotes for the string in your sprintf()
call, but you also use single quotes inside the string as well.
Try changing
function sqlEscape($string){
return "'".mysql_real_escape_string($string)."'";
}
to
function sqlEscape($string){
return mysql_real_escape_string($string);
}
or better yet just throw it in your sprintf
$sql = sprintf('INSERT INTO applications (location, name, school, reason, address, postcode, email, telephone, town, county, state, country)
VALUES('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s','','')',
mysql_real_escape_string($_GET['location']),
etc...
note I changed %s to '%s'
精彩评论