Re: Trouble with $_POST data

---

• From: Jerry Stuckle <jstucklex@xxxxxxxxxxxxx>
• Date: Sun, 01 Jul 2007 10:39:23 -0400

---

daGnutt wrote:

On 1 Juli, 14:26, Todd Michels <t...@xxxxxxxxxxxx> wrote:

Hi all,

I am trying to send data from a form and insert it into a MSSQL DB.

When I submit the data I get: Warning: mssql_query()
[function.mssql-query]: message: The name "Todd" is not permitted in
this context. Valid expressions are constants, constant expressions, and
(in some contexts) variables. Column names are not permitted. (severity
15) in "Myfile"

If I don't use the POST data and write the query explicitly, it works.

Any help is appreciated.

Thanks,
Todd

WinXP SP2
MSSQL Express 2005
IIS 5.1
PHP 5.2.1

It's a basic form:

<body>
<form id="form1" name="form1" method="post" action="flextest.php">
<label>User Name
<input name="username" type="text" id="username" />
</label>
<label>Email Address
<input name="emailaddress" type="text" id="emailaddress" />
</label>
<p>
<input type="submit" name="Submit" value="Submit" />
</p>
</form>
</body>

And here is the MSSQL insert:

if( $_POST["emailaddress"] AND $_POST["username"])
{
//add the user
$Query = sprintf('INSERT INTO users (username, emailaddress)
VALUES (%s, %s)', $_POST["username"], $_POST["emailaddress"]);

$Result = mssql_query($Query);

}

I personally dont know mssql, but it mySQL, the error would lie in
that non-numerical entires must be surrounded by '"' so try
$Query = sprintf(INSERT INTO users (username, emailaddress)
VALUES(\"%s\", \"%s\")', $_POST["username"], $_POST["emailaddress"]);

Actually, using double quotes (") is a non-standard MySQL extension to the SQL standard. It also will fail if MySQL is running in strict mode and with most other databases.

Single quote (') is the correct delimiter for MySQL and standard SQL. It should work with MSSQL, also.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@xxxxxxxxxxxxx
==================
.

---

• References:
  • Trouble with $_POST data
    • From: Todd Michels
  • Re: Trouble with $_POST data
    • From: daGnutt

• Prev by Date: Re: To allow access only from the designated site.
• Next by Date: Re: The structure of PHP/Web Application coding.
• Previous by thread: Re: Trouble with $_POST data
• Next by thread: Re: Trouble with $_POST data
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Trouble with $_POST data ... I am trying to send data from a form and insert it into a MSSQL DB. ... If I don't use the POST data and write the query explicitly, ... $Query = sprintf('INSERT INTO users (username, emailaddress) ... Obviously from his question the op was not aware of the possibilities of SQL injection. ... (comp.lang.php) Re: Trouble with $_POST data ... Rami Elomaa wrote: ... I am trying to send data from a form and insert it into a MSSQL DB. ... If I don't use the POST data and write the query explicitly, ... The OP didn't ask about SQL injections, he asked why his query was failing. ... (comp.lang.php) Re: date problem ... I store a date (format mm/dd/yyyy) on MsSQL in a datetime field. ... mysql> CREATE TABLE test2; ... Query OK, ... (comp.lang.php) Re: Trouble with $_POST data ... I am trying to send data from a form and insert it into a MSSQL DB. ... If I don't use the POST data and write the query explicitly, ... $Query = sprintf('INSERT INTO users (username, emailaddress) ... (comp.lang.php) Problem with sybase_fetch_array() ... I am extracting data from MSSQL with the usual system: ... sybase_queryto execute the query ... except when the query does not fetch any rows. ... Scripts are the same on both pc, the MSSQL database is the same, also ... (comp.lang.php)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)