is their something wrong with this php or mysql code

Discussion in 'Web Design and Development' started by italiano40, Jan 7, 2009.

  1. italiano40 macrumors 65816

    italiano40

    Joined:
    Oct 7, 2007
    Location:
    NY
    #1
    Code:
    mysql_query("INSERT INTO pictures (code, picname) VALUES ('$_REQUEST[deletecode]', '$_FILES[file][name]')",$con);
    or this
    Code:
    mysql_query("DELETE FROM pictures WHERE code='$code'",$con);
    it isn't working and i have tried a lot of different things can anyone help me?
     
  2. web_god61 macrumors regular

    web_god61

    Joined:
    May 14, 2004
    #2
    I believe $_REQUEST[deletecode] takes a ', so it would be $_REQUEST['deletecode'], same for $_FILES[file][name] would be $_FILES['file']['name'] and there's no need for the $con. It would be "INSERT INTO table_name (column_name1, column_name2)VALUES('value1, 'value2')" ;

    i find it easier to structure my sql like so,

    $query = "INSERT INTO ......";
    $result = mysql_query($query);

    then if getting data use $row = mysql_fetch_array($result); and $row['column title'].

    Dont forget to connect and disconnect to your database. Just google php mysql you'll get tons of help, heres a good one http://www.phpeasystep.com/mysql/5.html
     
  3. Trip.Tucker Guest

    Joined:
    Mar 13, 2008
    #3
    Sheesh. Helpful...not.

    How about providing a positive response?
     
  4. SrWebDeveloper macrumors 68000

    SrWebDeveloper

    Joined:
    Dec 7, 2007
    Location:
    Alexandria, VA, USA
    #4
    @OP:

    web_god61 edited their posted before your last reply (see timestamps) - relax a bit.

    As to the advice given, the key name in an associative array in PHP does not have to be wrapped by single or double quotes. But it is a good practice to do so. A trick I learned in PHP is to use {} around global arrays so they can be parsed properly in a double quoted string, so combining the best practice with the cool trick:

    PHP:
    $mystring="blah blah blah {$_REQUEST['keyname']} blah blah blah";
    Technically you could use {} around *any* PHP variable in a string, but I use it only for associative arrays, especially globals. It eliminates parsing errors. This is easier than " blah ".$_REQUEST['keyname']." blah " as well.

    As to the second argument in the mysql_query function, that refers to the link identifier generated by the last mysql_connect. In most scripts there is only one connection, the last one used is the current one, so this second parameter can be left blank. It does not HAVE to be left blank.

    So, change your queries to use associate array in the format I described right inside the string, then if that fails capture the error and tell use what that was so we can further help you debug.

    -jim
     
  5. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #5
    Just to get it out in the open, you should be aware of the insecurity of your code. Pulling values directly out of $_REQUEST (or $_POST, $_GET) and putting them inside a query leaves you incredibly open to SQL injection, which can result in a malicious user deleting your database. The data from those variables needs to be sanitized and scrubbed to ensure they are safe for DB use.
     

Share This Page