Solved

is there a syntax error in my php sql statement

Posted on 2008-10-22
5
179 Views
Last Modified: 2013-12-13
hello:

i'm using the follwoing code insert data to a table. i'm using odbc connection in ms sql 2005

but the insert statement is failed to exected.

the error is : SQL state 00000 in SQLExecDirect  in line : odbc_exec($dbconnect, $SQL);

i tried both
 odbc_execute ($query, $parameters);
odbc_exec($dbconnect, $SQL);

it's just not working...

could some expert here help me? thank you so much !

$SQL = "INSERT INTO myProject (Project_Title, Time_Location_Group, Subject_Area, Professor_Name,

Professor_Email,Project_Description, Student_Qualifications, Hours, Credits,

Credit_Hours, Status, Affiliation_Centers, Project_Links, Entry_Date) VALUES 

		('{$projtitle}','{$projlocation}','{$subjectarea}','{$profname}',

		'{$email}',	'{$projdesc}','{$quals}','{$hours}','{$credits}','{$credithours}',

	'{$status}','{$DPs}','{$websites}', '{$date}')";

	

/*$parameters = array($projtitle,$projlocation,$subjectarea,$profname,

					$email,	$projdesc,$quals,$hours,$credits,$credithours,

					$status,$DPs,$websites, $date); 

$query=odbc_prepare($dbconnect, $SQL);

odbc_execute ($query, $parameters); */

odbc_exec($dbconnect, $SQL);

odbc_close($dbconnect);

Open in new window

0
Comment
Question by:lilyyan
  • 3
  • 2
5 Comments
 
LVL 82

Assisted Solution

by:hielo
hielo earned 500 total points
ID: 22781057
are you escaping the values in those variables. For example, if one of those values contains an apostrophe then the sql statement will not be valid.
So instead of something like:
$projtitle=$_POST['title'];

you need:
$projtitle= str_replace("'", "''",$_POST['title']);

the same applies for the other variables.
0
 
LVL 82

Accepted Solution

by:
hielo earned 500 total points
ID: 22781135
try:
<?php

$SQL = sprintf("INSERT INTO myProject (Project_Title, Time_Location_Group, Subject_Area, Professor_Name,Professor_Email,Project_Description, Student_Qualifications, Hours, Credits,Credit_Hours, Status, Affiliation_Centers, Project_Links, Entry_Date) VALUES('%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s')"

		,str_replace("'","''",$projtitle)

		,str_replace("'","''",$projlocation)

		,str_replace("'","''",$subjectarea)

		,str_replace("'","''",$profname)

		,str_replace("'","''",$email)

		,str_replace("'","''",$projdesc)

		,str_replace("'","''",$quals)

		,str_replace("'","''",$hours)

		,str_replace("'","''",$credits)

		,str_replace("'","''",$credithours)

		,str_replace("'","''",$status)

	 	,str_replace("'","''",$DPs)

	 	,str_replace("'","''",$websites)

	 	,str_replace("'","''",$date)

		);
 

odbc_exec($dbconnect, $SQL);

odbc_close($dbconnect);
 

?>

Open in new window

0
 

Author Comment

by:lilyyan
ID: 22781319
well, i tried. it still shows same error: odbc_exec($dbconnect, $SQL);

myhost server has turned the magic_quotes_gpc, so by default, apostrophe will be escaped as \'
so i don't think i should use : str_replace("'","''",$projtitle).

am i right? thank you so much !!
0
 
LVL 82

Expert Comment

by:hielo
ID: 22781747
OK, then the other question is, are actually connecting to the db? I don't see where you are setting the $dbconnect variable.
0
 

Author Comment

by:lilyyan
ID: 22785249
thank you for your reply!

about apostrophe sign, should i strip of magic_quotes_gpc and then use str_replace("'","''",$projtitle). ?

the connection is like the following.
<?php 

//Set up Variables

//connect to MS SQL 2005 Dev

$dbHost = "hostServer"; 

$dbUser = 'clientUser';

$dbPass = 'myPass';

$dsn= 'myDataSource';   //datasources
 

// Open DB connection

$dbconnect =odbc_connect($dsn, $dbUser, $dbPass, SQL_CUR_USE_ODBC)

     or DIE ("DATABASE FAILED TO RESPOND.");
 

?>

Open in new window

0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Both Easy and Powerful How easy is PHP? http://lmgtfy.com?q=how+easy+is+php (http://lmgtfy.com?q=how+easy+is+php)  Very easy.  It has been described as "a programming language even my grandmother can use." How powerful is PHP?  http://en.wikiped…
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now