Geek asks and answers

Mysql query INSERT INTO and SET problems

I scratched my head for an hour or so, but I can’t understand what I did wrong. Hope someone can point me in the right direction.

I am trying to insert some data into an SQL database using the INSERT INTO method, but it just doesn't work. I turned on a lot of echoes to see an example of exactly where the error might be. From this, I know that the code is fine until the INSERT INTO part is called. In addition, checking the online details of the database that the information is not added ... In the online database there are 3 tables, “noise”, “wave” and “impulse”. In addition, all fields are present, so I really can not understand why this code does not work.

<?php
//Connect To Database
$hostname='myhostname';
$username='myusername';
$password='mypassword';
$dbname='dbname';
mysql_connect($hostname,$username, $password) OR DIE ('Unable to connect to database! Please try again later.');
mysql_select_db($dbname);

// test to see what kind of instrument is being uploaded.

$type=strip_tags($_GET['TYPE']);

if($type == 'noise') {
    $audio=strip_tags($_GET['AUDIO']); 
    echo $audio;
    $automate=strip_tags($_GET['AUTOMATE']);
    echo $automate;
    $by=strip_tags($_GET['BY']);
    echo $by;
    $envelope=strip_tags($_GET['ENVELOPE']);
    echo $envelope;
    $length=strip_tags($_GET['LENGTH']);
    echo $length;
    $name=strip_tags($_GET['NAME']);
    echo $name;
    $notes=strip_tags($_GET['NOTES']);
    echo $notes;
    $output=strip_tags($_GET['OUTPUT']);
    echo $output;
    $patchname=strip_tags($_GET['PATCH_NAME']);
    echo $patchname;
    $s_cmd=strip_tags($_GET['S_CMD']);
    echo $s_cmd;
    $shape=strip_tags($_GET['SHAPE']);
    echo $shape;
    $table=strip_tags($_GET['TABLE']);
    echo $table;
    $table0=strip_tags($_GET['table0']);
    echo $table0;
    $table1=strip_tags($_GET['table1']);
    echo $table1;
    $table2=strip_tags($_GET['table2']);
    echo $table2;
    $table3=strip_tags($_GET['table3']);
    echo $table3;
    $table4=strip_tags($_GET['table4']);
    echo $table4;
    $table5=strip_tags($_GET['table5']);
    echo $table5;
    $table6=strip_tags($_GET['table6']);
    echo $table6;
    $table7=strip_tags($_GET['table7']);
    echo $table7;
    $table8=strip_tags($_GET['table8']);
    echo $table8;
    $table9=strip_tags($_GET['table9']);
    echo $table9;
    $tableA=strip_tags($_GET['tableA']);
    echo $tableA;
    $tableB=strip_tags($_GET['tableB']);
    echo $tableB;
    $tableC=strip_tags($_GET['tableC']);
    echo $tableC;
    $tableD=strip_tags($_GET['tableD']);
    echo $tableD;
    $tableE=strip_tags($_GET['tableE']);
    echo $tableE;
    $tableF=strip_tags($_GET['tableF']);
    echo $tableF;

    //input this info into the SQL noise instrument table
    $request = mysql_query("INSERT INTO `noise` SET
        AUDIO = '$audio', 
        AUTOMATE = '$automate', 
        BY = '$by', 
        ENVELOPE = '$envelope', 
        LENGTH = '$length', 
        NAME ='$name', 
        NOTES = '$notes', 
        OUTPUT = '$output', 
        PATCH_NAME = '$patchname', 
        S_CMD = '$s_cmd', 
        SHAPE = '$shape', 
        TABLE = '$table', 
        table0 = '$table0', 
        table1 = '$table1', 
        table2 = '$table2', 
        table3 = '$table3', 
        table4 = '$table4',
        table5 = '$table5', 
        table6 = '$table6', 
        table7 = '$table7', 
        table8 = '$table8', 
        table9 = '$table9', 
        tableA = '$tableA', 
        tableB = '$tableB', 
        tableC = '$tableC', 
        tableD = '$tableD', 
        tableE = '$tableE',
        tableF = '$tableF',
        TYPE = '$type';" );
if($request) {
    echo "Your patch has been successfully uploaded.";
    echo "Thanks for contributing!";
}
else {
    echo "there has been a problem";
    }
}
?>

When I download this URL from my iPhone application:

NSString *website = [NSString stringWithFormat:@"http://mywebsite/problem.php?AUDIO=%@&AUTOMATE=%@&BY=%@&ENVELOPE=%@&LENGTH=%@&NAME=%@&NOTES=%@&OUTPUT=%@&PATCH_NAME=%@&S_CMD=%@&SHAPE=%@&TABLE=%@&table0=%@&table1=%@&table2=%@&table3=%@&table4=%@&table5=%@&table6=%@&table7=%@&table8=%@&table9=%@&tableA=%@&tableB=%@&tableC=%@&tableD=%@&tableE=%@&tableF=%@&TYPE=%@", audio, automate, by, envelope, length, name, notes, output, patch_name, s_cmd, shape, table, table0, table1, table2, table3, table4, table5, table6, table7, table8, table9, tableA, tableB, tableC, tableD, tableE, tableF, type];
    [BackgroundLoader loadRequest:[NSURLRequest requestWithURL:[NSURL URLWithString:website]]];

The output I get is:

AUDIOAUTOMATEBYENVELOPELENGTHNAMENOTESOUTPUTPATCH_NAMES_CMDSHAPETABLETABLE0...TABLEFthere has been a problem

- , ?

.

+3
6

, BY, TABLE, TYPE, . :

`BY` = '$by',
...

`TABLE` = '$table',
...

`TYPE` = '$type' ;" );
+1

mysql

,

if (mysql_error()) {
   die (mysql_error());
}

, , php

. , , , TYPE , TYPE

script SQL-. $value = mysql_real_escape_string ($ _ GET ['value']),

+4

SET :

INSERT INTO `noise` VALUES(
    $value,
    ....
)

EDIT:
, :

INSERT INTO `noise` 
(field1, field2, ....)
VALUES(
    $value1,
    $value2,
    ....
)
+1

INSERT... SET. INSERT.. VALUES :

INSERT INTO <table name> ( `FIELD1`, `FIELD2` )
VALUES ( VALUE1, VALUE2 )

- , , , . (`), MySQL. :.

`TYPE` = ...
+1

The problem is that you are mixing numbers with strings, and strings must be specified. I had a lot of problems with this, and I returned to using value syntax.

0
source

I suggest intercepting all this and using prepared statements in conjunction with PDO. Your current code is vulnerable to SQL injection attacks.

0
source

More articles:


All Articles