Adding items to database

[SMartin91]

Okay, I know there are already threads on this topic but I only need someone to review my code. I had this working before but I accidentally deleted the file and now I cannot get it working again. I have a form to add staff members to a database and I keep getting the error 'Unknown column '$fName' in 'field list.'' I can hard code the variables in and it works. So it has something to do with my variables I would assume. Thanks for any help.

Here is my form:

HTML Code:

<form method="POST" action="addStaffprocess.php">
	First Name: <input type="text" name="fName" size="20"><br><br>
 	Last Name: <input type="text" name="lName" size="20"><br><br>
 	Grade: <input type="text" name="grade" size="20"><br><br>
 	Position: <input type="text" name="position" size="20"><br><br>
   	Awards: <input type="text" name="awards" size="20"><br><br>
   	
        <input type="submit" value="Submit" name="submit">
</form>

And here is the PHP that concerns the form submission:

PHP Code:

if(isset($_POST['submit'])) {

$fName = $_POST['fName'];
$lName = $_POST['lName'];
$grade = $_POST['grade'];
$position = $_POST['position'];
$awards = $_POST['awards'];

$connect = mysql_connect("localhost", "*****", "*****") or die(mysql_error());

$select = mysql_select_db("*****") or die(mysql_error());

$sql = mysql_query('INSERT INTO Staff(`fname`, `lname`, `grade`, `position`, `awards`) VALUES($fName, $lName, $grade, $position, $awards);')or die(mysql_error());

mysql_close($connect);
} 


Again, thanks for the help and I need more info I'll be glad to give it.

[SMartin91]

Okay, I've got it solved a little bit, I think. Now it simply tells me "syntax error, unexpected T_VARIABLE." I know this is usually caused by missing curly braces or semicolon or some such error. Everything is the same except for the following line:

PHP Code:

$sql=mysql_query('INSERT INTO Staff (fname, lname, grade, position, awards, id)
VALUES('$_POST[fName]','$_POST[lName]','$_POST[grade]','$_POST[position]','$_POST[awards]','')'); 


[heavensgate15]

try putting all your data and your query in a variable so that you can easily determine what's lacking. Like this:

Code:

$fName = $_POST[fName];
$lName = $_POST[lName];
$grade = $_POST[grade];
$position = $_POST[position];
$awards = $_POST[awards]; 

$variable = "insert into Staff values('$fName','$lName','$grade','$position',
                                                '$awards')";
$query = mysql_query($variable) or die(mysql_error());

Take note, I didn't specify the columns, so check your database if it is in the same order.

By the way, do you have an ID column/attribute in your database? Is it auto incremented? If yes, then in the values, you can add null there.

Code:

$variable = "insert into Staff values('$fName','$lName','$grade','$position',
                                                '$awards',null)";

[forum_amnesiac]

Your problem is a common one, you are only using single quotes in the line.

When your code is being parsed it is matching up each single quote with the next single quote and so on. This is why you are getting the error.

The easy way around this is to use double quotes for the start and end of the line. eg

PHP Code:

$sql=mysql_query("INSERT INTO Staff (fname, lname, grade, position, awards, id) VALUES('$_POST[fName]','$_POST[lName]','$_POST[grade]','$_POST[position]','$_POST[awards]','')"); 


[heavensgate15]

hey, forum_amnesiac... I think that's new to me... Can you explain further about that? in behalf of SMartin91 and me hehe ... You know I'm interested in something like this.. So can you give examples? like how to do it in a right way, and what is the wrong way... Thanks...

[forum_amnesiac]

It's fairly logical, if you are trying to build a string you need to ensure that the string contains exactly what you and the process expects.

PHP Code:

$test="INSERT INTO Staff (fname, lname, grade, position, awards, id) VALUES('$_POST[fName]','$_POST[lName]','$_POST[grade]','$_POST[position]','$_POST[awards]','')";  
$test1='INSERT INTO Staff (fname, lname, grade, position, awards, id) VALUES('$_POST[fName]','$_POST[lName]','$_POST[grade]','$_POST[position]','$_POST[awards]','')';
$test2='INSERT INTO Staff (fname, lname, grade, position, awards, id) VALUES('.$_POST[fName].','.$_POST[lName].','.$_POST[grade].','.$_POST[position].','.$_POST[awards].','.')';
echo($test);
echo($test1);
echo($test2); 


In these examples I am trying to build a string to pass to a MYSQL process.

Because the string $test begins and ends with double quotes, with no other double quotes, then the entire contents are considered to be part of the string.

In $test1 it does not consider the entire contents as part of the string, it considers everything between the first single quote and the second as part of the string, it then evaluates the first POST variable and tries to continue with the next string and so on. This will tend to produce a T_VARIABLE.

In $test2 because of the fullstops/periods the string is calculated correctly because each part of the string is being concatenated.

In the above examples $test & $test2 produce the same results.

Sorry if this is as clear as fog, but I hope you get the meaning of the post

[Keleth]

IIn the above examples $test & $test2 produce the same results.

Still worth pointing out that while they might produce the same results, its an unsafe way to code, and should be avoided. If you want to join a variable to a string, always concatenate with '.'.

[heavensgate15]

What does T_VARIABLE mean? is it an error?

[forum_amnesiac]

T_VARIABLE is normally associated with some type of PHP error messages.

Have a look at this link which explains how PHP treats lines of code.

http://tut.php-quake.net/en/error.html

[SMartin91]

Hey, wow, sorry for the long delay in response. I had kind of given up since the thread had no answers for a while there. But I got it working. It was what both forum_amnesiac and heavensgate15 said. I separated the line into two lines and changed the way the quotes worked and that seemed to fix it. Too bad I didn't see that on here first to help speed up the solution.

In case any future poster with a similar problem might benefit from seeing the fixed code and the original code, here it is:

PHP Code:

$query = "INSERT INTO Staff (fname, lname, grade, position, awards, id)
VALUES ( '$fName', '$lName', '$grade', '$position', '$awards', NULL)";

$result= mysql_query ($query) or die(mysql_error()); 


Also, as heavensgate15 asked, I do have an ID column set to auto_increment. But I figured since it was set to auto_increment, there was no need to add it. I figured since it was suggested I had better add it to be safe.