0

I am trying to INSERT some data into a database. I can do this on one FIELD just not on multiple. It seems to be a simple syntax issue. The error I get is:

Parse error: syntax error, unexpected ',', expecting ']'

The error is on the INSERT line:

<?php
$con = mysql_connect("local","username","password");
if (!$con)
{die('Could not connect: ' . mysql_error());}

mysql_select_db("npsreviews", $con);

$sql="INSERT INTO burkett (DATE, STORE, 5STAR, 4STAR, 3STAR, 2STAR, 1STAR, TOTAL, NPS) VALUES ('$_POST[DATE]', '$_POST[STORE]', '$_POST[5STAR]', '$_POST[4STAR]', '$_POST[3STAR]', '$_POST[2STAR]', '$_POST[1STAR]', '$_POST[TOTAL]', '$_POST[NPS]')";

if (!mysql_query($sql,$con)){die('Error: ' . mysql_error());}

mysql_close($con)
?>

Thanks in advance, I cannot find the answer when looking for Multiple $POST.

Improve this question
6
  • What is a "multiple $_POST"? Can you explain more? Are you talking about $_POST values that are arrays? Also, please read about SQL injection, a vulnerability that your code suffers from. Commented Feb 13, 2012 at 23:33
  • Shouldn't it be '$_POST["3STAR"]', etc? Commented Feb 13, 2012 at 23:34
  • 2
    Your are opening yourself to hilariously awful SQL injection. Throw this entire block of code out, it is absolutely unsalvageable, and start over using PDO. Whatever tutorial you've used to produce this code is terribly out of date. Commented Feb 13, 2012 at 23:35
  • @Charles I am VERY new to php and sql sorry for the confusion. I meant simply I need to POST all that data, so I assumed I say multiple times. Commented Feb 13, 2012 at 23:36
  • @meager php.net/manual/en/function.mysql-connect.php for part of it Commented Feb 13, 2012 at 23:40

3 Answers 3

Reset to default
3

First of all, you're missing quotes around the array indices; It should be $_POST["STORE"], not $_POST[STORE]. Secondly, you can't index arrays this way with string interpolation. You'll need to use {$...} syntax:

$x = array("key" => "value");

echo "The value of 'key' is '{$x["key"]}'";

Or concatenate the pieces of the string:

echo "The value of 'key' is '" . $x["key"] . "'";

Either method will produce:

The value of 'key' is 'value'

Note: I've answered your question as a simple syntax error, but this does not solve your real problem, which is rampant SQL injection vulnerability.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Ok ill look into that as well, this is to be used as an internal database.
The simplest, not the best, solution to the injection problem would be to use the second format (concatenate) and mysql_real_escape_string() functions. Thus echo "the value of 'key' is '" . mysql_real_escape_string($x["key"]) . "'";
1

SQL query should look like this

$sql="INSERT INTO burkett (DATE, STORE, 5STAR, 4STAR, 3STAR, 2STAR, 1STAR, TOTAL, NPS) VALUES ('{$_POST["DATE"]}', 
'{$_POST["STORE"]}', '{$_POST["5STAR"]}', '{$_POST["4STAR"]}', '{$_POST["3STAR"]}', '{$_POST["2STAR"]}', 
'{$_POST["1STAR"]}', '{$_POST["TOTAL"]}', '{$_POST["NPS"]}')";

But in all your SQL query is prone to SQL Injection so I would recommend to clean your POST before doing something with it

read more about SQL injections here

You can clean your $_POST using this

$_POST = array_map('mysql_real_escape_string',$_POST);

Or use PDO and use prepared statements to accomplish sql INSERTS, UPDATES etc

Improve this answer

2 Comments

Thank you Jaspreet for the link.
No Probs. Just letting you know that PDO is by far the best way you can go about writing queries for mysql using php. Read more here php.net/manual/en/book.pdo.php
0

escape it as so:

$sql= "INSERT INTO burkett (DATE, STORE, 5STAR, 4STAR, 3STAR, 2STAR, 1STAR, TOTAL, NPS) VALUES ('" . $_POST['DATE'] . "', '" . $_POST['STORE'] . "', '" . $_POST['5STAR'] . "', '" . $_POST['4STAR'] . "', '" . $_POST['3STAR'] . "', '" . $_POST['2STAR'] . "', '" . $_POST['1STAR'] . "', '" . $_POST['TOTAL'] . "', '" . $_POST['NPS'] . "')";
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.