Domanda

Ok, second question in two days... i am probably making a newb mistake here but i am stuck.

trying to insert a domain name into a table under the "name" column. all of my variables echo out so i know they are being passed and set.

the insert is as follows:

$newDomain = $_POST['newDomain']; //Get domain name
$newDomain_query =  mysql_query("INSERT INTO virtual_domains (name) VALUES ($newDomain)");
header("Location: domain_detail.php?domain=".$newDomain);

I have tried many ways of writing this script but everytime i get the same result when i include the:

or die(mysql_error)

in the script. the query does not run and when i take out the die part it just jumps to the header location.

È stato utile?

Soluzione

You need to make sure that you enclose strings with quotes on your insert statement.

Try this instead:

$newDomain = $_POST['newDomain']; //Get domain name
$newDomain_query =  mysql_query("INSERT INTO virtual_domains (name) VALUES ('$newDomain')");
header("Location: domain_detail.php?domain=".$newDomain);

Altri suggerimenti

You missing quotes around your value. The query should be:

"INSERT INTO virtual_domains (name) VALUES ('$newDomain')"

Expanding off of Ken's answer, it's a good idea to let mysql handle escaping of the quotes using mysql_real_escape_string (especially for data that is sent via post/get). You can do so with the following:

$newDomain = $_POST['newDomain']; //Get domain name
$newDomainEscaped = mysql_real_escape_string($newDomain);
$newDomain_query =  mysql_query("INSERT INTO virtual_domains (name) VALUES ('$newDomainEscaped')");
header("Location: domain_detail.php?domain=".$newDomain);

This will help prevent any errors if someone accidentally has an apostrophe in their "newDomain", or worse any SQL injection.

Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a StackOverflow
scroll top