im having the same issue with the above "You have an error in your SQL syntax; check the manual that corresponds to your MySQL...line 1"..help!
myform2.php
<? ob_start(); ?>
session_start();
<?php
$labels = array ( "comment" => "comment",
"condition" => "condition",
"cartype" => "cartype");
?>
<?php
if($_POST['Submit'] == "Submit")
{
$errorMessage = "";
if(empty($_POST['comment']))
{
$errorMessage .= "<li>You forgot to enter a comment!</li>";
}
if(empty($_POST['condition']))
{
$errorMessage .= "<li>You forgot to enter a condition</li>";
}
if(empty($_POST['cartype']))
{
$errorMessage .= "<li>You forgot to select your cartype</li>";
}
$varcomment = $_POST['comment'];
$varcondition = $_POST['condition'];
$varcartype = $_POST['cartype'];
if(empty($errorMessage))
{
}
}
// function: PrepSQL()
// use stripslashes and mysql_real_escape_string PHP functions
// to sanitize a string for use in an SQL query
//
// also puts single quotes around the string
//
function PrepSQL($value)
{
// Stripslashes
if(get_magic_quotes_gpc())
{
$value = stripslashes($value);
}
// Quote
$value = "'" . mysql_real_escape_string($value) . "'";
return($value);
}
?>
<html>
<head>
<title>PHP Form processing example</title>
<!-- define some style elements-->
<style>
label,a
{
font-family : Arial, Helvetica, sans-serif;
font-size : 12px;
}
</style>
</head>
<body>
<?php
if(!empty($errorMessage))
{
echo("<p>There was an error with your form:</p>\n");
echo("<ul>" . $errorMessage . "</ul>\n");
}
?>
<form action="savetire.php" method="post">
<p>
<label for='comment'>Which is your comment?</label><br/>
<input type="text" name="comment" maxlength="50" value="<?=$varcomment;?>" />
</p>
<p>
<label for='condition'>What is your condition?</label><br/>
<input type="text" name="condition" maxlength="50" value="<?=$varcondition;?>" />
</p>
<p>
<label for='cartype'>What is your cartype?</label><br/>
<select name="cartype">
<option value="">Select...</option>
<option value="toyota"<? if($varcartype=="toyota") echo(" selected=\"selected\"");?>>toyota</option>
<option value="chev"<? if($varcartype=="chev") echo(" selected=\"selected\"");?>>chev</option>
</select>
</p>
<input type="submit" value="Submit" />
</form>
</body>
</html>
<? ob_flush(); ?>
savetire php starts here
<? ob_start(); ?>
<?php
/* Program name: savetire.php
* Description: Program checks all the form fields for
* blank fields and incorrect format. Saves the
* correct fields in a database.
*/
?>
<html>
<head><title>Member tire</title></head>
<body>
<?php
/* set up array of field labels */
$labels = array( "comment" => "comment",
"condition" => "condition",
"cartype" => "cartype");
/* Check information from form */
foreach($_POST as $field => $value)
{
/* check each field for blank fields */
if( $value == "" )
{
$blank_array[] = $field;
}
/* check format of each field */
elseif( ereg("(comment)",$field) )
{
if(!ereg("^[A-Za-z' -]{1,50}$",$value) )
{
$bad_format[] = $field;
}
}
}
// end of foreach for $_POST
/* if any fields were not okay, display error message and form */
if(@sizeof($blank_array) > 0 or @sizeof($bad_format) > 0)
{
if(@sizeof($blank_array) > 0)
{
/* display message for missing information */
echo "<b>You didn't fill in one or more required fields.
You must enter:</b><br>";
/* display list of missing information */
foreach($blank_array as $value)
{
echo " {$labels[$value]}<br>";
}
}
if(@sizeof($bad_format) > 0)
{
/* display message for bad information */
echo "<b>One or more fields have information that appears to
be incorrect. Correct the format for:</b><br>";
/* display list of bad information */
foreach($bad_format as $value)
{
echo " {$labels[$value]}<br>";
}
}
/* redisplay form */
echo "<p><hr />";
echo "<h3>Please enter your comments.</h3>";
echo "<form action='savetire.php' method='POST'>
<table>";
foreach($labels as $field => $label)
{
$good_data[$field]=strip_tags(trim($_POST[$field]));
echo "<tr>
<td style='text-align: right; font-weight: bold'>
$label</td>
<td><input type='text' name='$field' size='65'
maxlength='65' value='$good_data[$field]'></td>
</tr>";
}
echo "<tr>
<td colspan='2' style='text-align: center'>
<input type='submit' value='comments'>";
echo "</td></tr></table>
</form>";
exit();
}
else //if data is okay
{
$user="xxxxxx";
$host="uniontire..com";
$passwd="xxxxxx";
$dbname="alpha";
$cxn = mysql_connect('uniontire.com', 'xxxxxx', 'xxxxxx'); if (!$cxn) { die('Could not connect: ' . mysql_error()); } echo 'Connected successfully'; mysql_select_db(alpha);
foreach($labels as $field => $value)
$fields_all = array_keys($labels);
foreach($fields_all as $field)
{
$good_data[$field] = strip_tags(trim($_POST[$field]));
if($field == "phone")
{
$good_data[$field] = ereg_replace("[)( .-]","",$good_data[$field]);
}
$good_data[$field] = mysql_real_escape_string($good_data[$field],$cxn);
}
$query = "INSERT INTO details (good_data[comment],good_data[condition],
good_data[cartype]) VALUES ('$good_data[comment]','$good_data[condition]',
'$good_data[cartype]')";
echo $good_data[comment]."<br>";
echo $good_data[condition]."<br>";
echo $good_data[cartype]."<br>";
$result = mysql_query($query,$cxn)
or die("Couldn't execute ? query: " . mysql_error());
echo "<h4>New Member added to database</h4>";
}
?>
</body></html>
<? ob_flush(); ?>