postgresql and INSERT variables

Question

I'm close but stuck. I pull the user name from drupal and store it in a variable called $username, I want to store this in a column called username. However the below code throws up an error

        $sql = "INSERT INTO sheet_tbl (site_id, user_id, eventdate, eventtime, username) VALUES ('$_POST[site_id]','$_POST[user_id]','$_POST[eventdate]','$_POST[eventtime]',$username)";

Error

warning: pg_query() [function.pg-query]: Query failed: ERROR: syntax error at or near ")" at character 112 in /var/www/html/drupal1/includes/common.inc(1743) : eval()'d code on line 30.

I pull the user name using:

 User Name: <?php 
 global $user;
 echo $user->name;
 $username = $user->name;
 ?>

If i echo this variable i get the result = admin

Try `echo $sql;`just after assigning the string and let us know the output — Oscar Pérez, Jul 22 '13 at 11:18
Record addedINSERT INTO sheet_tbl (site_id, user_id, eventdate, eventtime, username) VALUES ('14','1','29/06/2012','20:44',) — Tom, Jul 22 '13 at 11:21
That is with the results from the code in my question @OscarPérez — Tom, Jul 22 '13 at 11:21
See my answer. The problem is `,)`, as your username variable is empty — Oscar Pérez, Jul 22 '13 at 11:22

Oscar Pérez · Answer 1 · 2013-07-22T11:32:59.523

0

I'm not sure without vieweing the output of echo $sql;, but I guess the problem is the way you're accessing the $POST array.

Try this:

    $sql = "INSERT INTO sheet_tbl (site_id, user_id, eventdate, eventtime, \"username\")"
          ." VALUES ('$_POST[site_id]', "
          ."         '$_POST[user_id]',"
          ."         '$_POST[eventdate]',"
          ."         '$_POST[eventtime]',"
          ."          '$username')";

Edit: corrected syntax

edited Jul 22 '13 at 11:32

answered Jul 22 '13 at 11:20

Oscar Pérez

4,377
1
17
36

warning: pg_query() [function.pg-query]: Query failed: ERROR: array value must start with "{" or dimension information at character 150 in /var/www/html/drupal1/includes/common.inc(1743) : eval()'d code on line 33. – Tom Jul 22 '13 at 11:27
I just tried this $sql = "INSERT INTO sheet_tbl (site_id, user_id, eventdate, eventtime, username) VALUES ('$_POST[site_id]','$_POST[user_id]','$_POST[eventdate]','$_POST[eventtime]', username='$username')"; – Tom Jul 22 '13 at 11:33
i changed the syntax... could you give it a try? – Oscar Pérez Jul 22 '13 at 11:33
warning: pg_query() [function.pg-query]: Query failed: ERROR: column "username" does not exist at character 113 in /var/www/html/drupal1/includes/common.inc(1743) : eval()'d code on line 31. – Tom Jul 22 '13 at 11:33
Although I know the column does exist as i can see it – Tom Jul 22 '13 at 11:33
Do you have a `username`column in your `shet_tbl` table? – Oscar Pérez Jul 22 '13 at 11:33
If so, use `"username"` as column name – Oscar Pérez Jul 22 '13 at 11:34

score 0 · Accepted Answer · edited May 23 '17 at 12:03

0

You did not put username in quotes. Replace

,$username)";

with

,'$username')";

And BTW you should not put unescaped user input in your SQL statements. That can lead to SQL injections. See here

edited May 23 '17 at 12:03

Community

1
1

answered Jul 22 '13 at 11:31

juergen d

201,996
37
293
362

postgresql and INSERT variables

2 Answers2