Hi, I wrote a script that grabs a user's text and adds it to a database... or so I thought I did.

When it runs, I get a MySQL error:
Error in query: Unknown column 'Type your post here.' in 'field list'

Any help?

PHP File:

<?php

// If the form hasent been filled and submited, then display it.
if (!isset ($_POST['submit'])) {

?>

<form action="<?php $_SERVER['PHP_SELF'] ?>" method="post">
<div align="center"><textarea name="post" rows="15" style="width:600px;">Type your post here.</textarea><br />
<input name="submit" type="submit" value="Post">
</div>
</form>

<?php

// End form.
}

// If the post form has been submited, add it to the database and show all posts.
if (isset ($_POST['submit'])) {

// Open connection.
$connection = mysql_connect(localhost, shadowte_shadow, tikicat) or die ('Unable to connect!');

// Select database.
mysql_select_db(shadowte_cmstest1) or die ('Unable to select database!');

// Get the post that the user submited...
$post = $_POST['post'];

// Add slashes if Magic Quotes are off. (they should be)
if(!get_magic_quotes_gpc())
{
$post = addslashes($post);
}

// Add this post to the database.
$addpost = 'INSERT INTO posts (input) VALUES (`'.$post.'`)';

// Execute addition.
mysql_query($addpost) or die ('Error in query: '.mysql_error());

// End posts.
}

?>

Example:
http://www.shadowtechstudios.net/shadowtechstudios.net/projects/postsystem/0.0.1.php

Change this line:



$addpost = 'INSERT INTO posts (input) VALUES (`'.$post.'`)';


to:



$addpost = "INSERT INTO posts `input` VALUES ('".$post."')";


Hope this helps.

Error in query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '`input` VALUES ('Type your post here.')' at line 1

the line is now exactly as you suggested, but for some reason the MySQL thinks there is an extra '?

$addpost = "INSERT INTO posts (input) VALUES ($post)";Also, use mysql_real_escape_string(), not just addslashes(). addslashes() will not catch some potentially dangerous MySQL constructs.

new error:
Error in query: Unknown column '$post' in 'field list'

ill escape that too, thanks for that

current code:


<?php

// If the form hasent been filled and submited, then display it.
if (!isset ($_POST['submit'])) {

?>

<form action="<?php $_SERVER['PHP_SELF'] ?>" method="post">
<div align="center"><textarea name="post" rows="15" style="width:600px;">Type your post here.</textarea><br />
<input name="submit" type="submit" value="Post">
</div>
</form>

<?php

// End form.
}

// If the post form has been submited, add it to the database and show all posts.
if (isset ($_POST['submit'])) {

// Open connection.
$connection = mysql_connect(localhost, shadowte_shadow, tikicat) or die ('Unable to connect!');

// Select database.
mysql_select_db(shadowte_cmstest1) or die ('Unable to select database!');

// Get the post that the user submited...
$post = $_POST['post'];

// Remove slashes if Magic Quotes are on.
if(get_magic_quotes_gpc())
{
$post = stripslashes($post);
}

// Make the post MySQL safe.
$post = mysql_real_escape_string($post);

// Add this post to the database.
$addpost = 'INSERT INTO posts (input) VALUES ('.$post.')';

// Execute addition.
mysql_query($addpost) or die ('Error in query: '.mysql_error());

// Close connection.
mysql_close($connection);

// End posts.
}

?>

and back to this error:

Error in query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '`input` VALUES ('Type your post here.')' at line 1

I actually edited this to be somewhat more complex and it is working now strangely enough...

Yes, I accidentally merged two forms of the code that I was having difficulty choosing between. Those should be double quotes, not single; edited to prevent reader confusion.