Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

is their something wrong with this php or mysql code

italiano40

italiano40

macrumors 65816
Original poster
Oct 7, 2007
1,080
0
NY
Code: 
mysql_query("INSERT INTO pictures (code, picname) VALUES ('$_REQUEST[deletecode]', '$_FILES[file][name]')",$con);
or this
Code: 
mysql_query("DELETE FROM pictures WHERE code='$code'",$con);

it isn't working and i have tried a lot of different things can anyone help me?
 
I believe $_REQUEST[deletecode] takes a ', so it would be $_REQUEST['deletecode'], same for $_FILES[file][name] would be $_FILES['file']['name'] and there's no need for the $con. It would be "INSERT INTO table_name (column_name1, column_name2)VALUES('value1, 'value2')" ;

i find it easier to structure my sql like so,

$query = "INSERT INTO ......";
$result = mysql_query($query);

then if getting data use $row = mysql_fetch_array($result); and $row['column title'].

Dont forget to connect and disconnect to your database. Just google php mysql you'll get tons of help, heres a good one http://www.phpeasystep.com/mysql/5.html
 
@OP:

web_god61 edited their posted before your last reply (see timestamps) - relax a bit.

As to the advice given, the key name in an associative array in PHP does not have to be wrapped by single or double quotes. But it is a good practice to do so. A trick I learned in PHP is to use {} around global arrays so they can be parsed properly in a double quoted string, so combining the best practice with the cool trick:

PHP: 
$mystring="blah blah blah {$_REQUEST['keyname']} blah blah blah";

Technically you could use {} around *any* PHP variable in a string, but I use it only for associative arrays, especially globals. It eliminates parsing errors. This is easier than " blah ".$_REQUEST['keyname']." blah " as well.

As to the second argument in the mysql_query function, that refers to the link identifier generated by the last mysql_connect. In most scripts there is only one connection, the last one used is the current one, so this second parameter can be left blank. It does not HAVE to be left blank.

So, change your queries to use associate array in the format I described right inside the string, then if that fails capture the error and tell use what that was so we can further help you debug.

-jim
 
italiano40 said:
Code: 
mysql_query("INSERT INTO pictures (code, picname) VALUES ('$_REQUEST[deletecode]', '$_FILES[file][name]')",$con);
or this
Code: 
mysql_query("DELETE FROM pictures WHERE code='$code'",$con);
Click to expand...

Just to get it out in the open, you should be aware of the insecurity of your code. Pulling values directly out of $_REQUEST (or $_POST, $_GET) and putting them inside a query leaves you incredibly open to SQL injection, which can result in a malicious user deleting your database. The data from those variables needs to be sanitized and scrubbed to ensure they are safe for DB use.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back