is their something wrong with this php or mysql code

Discussion in 'Web Design and Development' started by italiano40, Jan 7, 2009.

  1. italiano40 macrumors 65816


    Oct 7, 2007
    mysql_query("INSERT INTO pictures (code, picname) VALUES ('$_REQUEST[deletecode]', '$_FILES[file][name]')",$con);
    or this
    mysql_query("DELETE FROM pictures WHERE code='$code'",$con);
    it isn't working and i have tried a lot of different things can anyone help me?
  2. web_god61 macrumors regular


    May 14, 2004
    I believe $_REQUEST[deletecode] takes a ', so it would be $_REQUEST['deletecode'], same for $_FILES[file][name] would be $_FILES['file']['name'] and there's no need for the $con. It would be "INSERT INTO table_name (column_name1, column_name2)VALUES('value1, 'value2')" ;

    i find it easier to structure my sql like so,

    $query = "INSERT INTO ......";
    $result = mysql_query($query);

    then if getting data use $row = mysql_fetch_array($result); and $row['column title'].

    Dont forget to connect and disconnect to your database. Just google php mysql you'll get tons of help, heres a good one
  3. Trip.Tucker Guest

    Mar 13, 2008
    Sheesh. Helpful...not.

    How about providing a positive response?
  4. SrWebDeveloper macrumors 68000


    Dec 7, 2007
    Alexandria, VA, USA

    web_god61 edited their posted before your last reply (see timestamps) - relax a bit.

    As to the advice given, the key name in an associative array in PHP does not have to be wrapped by single or double quotes. But it is a good practice to do so. A trick I learned in PHP is to use {} around global arrays so they can be parsed properly in a double quoted string, so combining the best practice with the cool trick:

    $mystring="blah blah blah {$_REQUEST['keyname']} blah blah blah";
    Technically you could use {} around *any* PHP variable in a string, but I use it only for associative arrays, especially globals. It eliminates parsing errors. This is easier than " blah ".$_REQUEST['keyname']." blah " as well.

    As to the second argument in the mysql_query function, that refers to the link identifier generated by the last mysql_connect. In most scripts there is only one connection, the last one used is the current one, so this second parameter can be left blank. It does not HAVE to be left blank.

    So, change your queries to use associate array in the format I described right inside the string, then if that fails capture the error and tell use what that was so we can further help you debug.

  5. angelwatt Moderator emeritus


    Aug 16, 2005
    Just to get it out in the open, you should be aware of the insecurity of your code. Pulling values directly out of $_REQUEST (or $_POST, $_GET) and putting them inside a query leaves you incredibly open to SQL injection, which can result in a malicious user deleting your database. The data from those variables needs to be sanitized and scrubbed to ensure they are safe for DB use.

Share This Page