0

Hey guys im getting really stuck and could use some help,

I have a query that runs like this

$query = sprintf("SELECT TN,point,source FROM table LIMIT ".$_POST['cases']."");
$result = mysql_query($query);

Then in the while loop i am able to echo

echo "&nbsp;&nbsp;&nbsp;&nbsp;".$row['0']." and ".$row['1']." and ".$row['2']."<br>";

And get the proper result for each $row['']

My problem is when adding these into the insert statement.

mysql_query("INSERT INTO assigned (TN,point,date1,dude,test,row,rows) VALUES (".$row['0'].",".$row['1'].",'$date','$df','$dx','$num',".$row['2'].")");

The only thing holding the queryback is the $row['2'], if i remove and make it '123' it will properly insert row 0 and 1 and the rest of the data. Ive tried almost all combination to get this to work and im having no luck.

Improve this question
7
  • 1
    Not strong with PHP, but I sure hope sprintf() sanitizes input Commented Jul 30, 2014 at 19:16
  • 3
    I'll just come out and say it's probably due to an sql injection attack vulnerability, plus a serious case of cargo-cult programming. Combined with a total lack of any kind of error handling, perfect recipe for this kind of question. Commented Jul 30, 2014 at 19:16
  • @SterlingArcher: it does nothing. it's a useless call too, since there's no % placeholders in the target string. Commented Jul 30, 2014 at 19:16
  • @MarcB oh it's like python's format almost (conceptually) Commented Jul 30, 2014 at 19:17
  • @SterlingArcher: it's a direct equivalent of C's sprintf. Most of PHP is just a wrapper around equivalent underlying libc calls. Commented Jul 30, 2014 at 19:17

1 Answer 1

Reset to default
2

Try to add single quotation marks around $row['2'], like this:

mysql_query("INSERT INTO assigned (TN,point,date1,dude,test,row,rows) VALUES (".$row['0'].",".$row['1'].",'$date','$df','$dx','$num','".$row['2']."')");
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

mysql_* is deprecated as of PHP 5.5. Use mysqli or PDO instead.
@raidenace Using a deprecated function is usually a bad practice, no matter the question asked. I believe that answers should mention these issues (at least when it's possible to do so), even if they seem irrelevant.
Alex Thanks a million!!! havnt got a clue why that works but it does.. and StathisG, Its an update for app on an old server. Thanks Guys For all the help.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.