I am really stumped by this and need help. I have checked item by item and can find no open parentheses, braces, or brackets and no unclosed statements. Maybe I missed something. I am trying to learn the basics of PHP from an on online location and cannot get this to work. This is their code and it is exactly what the program sent as a learning file. When I load their programs into the localhost I get the exact same result. Would someone please give this a look? thanks! <?php require_once("includes/connection.php"); ?> <?php require_once("includes/functions.php"); ?> <?php $errors = array(); if(!isset($_POST['menu_name'])|| empty($_POST['menu_name'])) { $errors[] = 'menu_name'; if(!isset($_POST['position']) || empty($_POST['menu_name'])) { $errors[] = 'position'; } if (!empty($errors)){ redirect_to(" new_subject.php"); exit; } } $required_fields = array('menu_name', 'position' , 'visible'); foreach($required_fields as $fieldname) { if(!isset($_POST[$fieldname]) || empty($_POST[$fieldname])) { $errors[] = $fieldname; } } $fields_with_lengths = array('menu_name =>30'); foreach($fields_with_lengths as $fieldname => $maxlength) { if(strlen(trim(mysql_prep($_POST[$fieldname]))) > $maxlength) { $errors[] = $fieldname; } if (!empty($errors)){ redirect_to(" new_subject.php"); exit; } } $menu_name = mysql_prep($_POST['menu_name']); $postion = mysql_prep($_POST ['position']); $visible = mysql_prep($_POST ['visible']); ?> <?php $query = "INSERT INTO subjects (menu_name, position, visible) VALUES ('{$menu_name}', {$position}, {$visible})"; if ( mysql_query($query, $connection)) { redirect_to(" content.php"); exit; }else{ echo "<p>Subject creation failed</p>"; echo"<p>" . mysql_error() . "</p>"; } ?> <?php mysql_close($connection); ?> PHP:
Please print all the errors you are getting. It might not be this file, and if it is. The only thing I think might cause problems are the brackets inside the quotes. A good rule of thumb is "variables outside of quotes". Because I don't know the line number it's hard to determine exactly where the problem lies. My PHP editor doesn't report a bug either so that's why i'm guessing it's those brackets. They may or may not work depending on your PHP configuration. $query = "INSERT INTO subjects (menu_name, position, visible) VALUES ('$menu_name', '$position', '$visible')"; PHP: Perhaps the problem was in the fac that those brackets meant execute the variable, and since there was no quotes it could have pretty much broken ... well whatever this code was supposed to do. Do yourself a favor ... use variables outside of quotes. $query = "INSERT INTO subjects (menu_name, position, visible) VALUES ('".$menu_name."', '".$position."', '".$visible."')"; PHP:
Because I don't know the line number it's hard to determine exactly where the problem lies. My PHP editor doesn't report a bug either so that's why i'm guessing it's those brackets. They may or may not work depending on your PHP configuration. $query = "INSERT INTO subjects (menu_name, position, visible) VALUES ('$menu_name', '$position', '$visible')"; PHP: Perhaps the problem was in the fac that those brackets meant execute the variable, and since there was no quotes it could have pretty much broken ... well whatever this code was supposed to do. Do yourself a favor ... use variables outside of quotes. $query = "INSERT INTO subjects (menu_name, position, visible) VALUES ('".$menu_name."', '".$position."', '".$visible."')"; PHP: [/quote] Thank you!! This did it. I haven't seen the syntax ' ".$variable. " ' before. is the idea that the ". ." replaces the curly braces {} ? and do you have a resource I can check to learn more? Thank You Again.
Well you won't find any tutorials on it because technically speaking you are using one technique twice. The . allows you to basically join 2 strings together. So: $a = 'Hello'; $b = 'World.' echo $a.$b; # HelloWorld. echo $a.' '.$b; # Hello World. PHP: The second technique adds a custom string in between 2 strings. $variable = " inject into string"; $string = "QUERY ".$variable." ENDQUERY"; echo $string; PHP: So when we say "outside quotes" we essentially mean. Don't let a string execute code. Because that would allow people who insert code into your SQL for example POST data, to cause problems with your script. When you join a variable at the end of another string you avoid actually executing code inside a string, thereby preventing unwanted execution.