0

i got a problem with my post script. Its giving a syntax error, what i cannot found since yesterday, may i am just blind or something else. But where is the error?

Problem:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1')' at line 1

functions.php 

function addPost($pName, $pAuthor, $pContent, $pCat = null) {
$query = mysql_query("INSERT INTO cm_posts VALUES(null,'$pName','$pAuthor','$pContent,'$pCat')") or die(mysql_error());
}

doAddPost.php

<?php
include('./includes/functions.php');

if(isset($_POST['submit'])) {
if(isset($_POST['PostName'])) {
    if(isset($_POST['PostContent'])) {
        addPost($_POST['PostName'], $_POST['PostAuth'], $_POST['PostContent'], $_POST['postCategory']);
        header("Location: posts.php");
    } else {
        echo "Please edit it Marcell";
    }
    } else {
        echo "please set a post name!";
        include('addpost.php');
    }
} else {
header("Location: addpost.php");
}
?>

addpost.php

<?php include_once("./includes/functions.php"); ?>
<form action="doAddPost.php" method="post">
<table>
<tr>
    <td><label for="PostName">Name</label></td><td><input type="text" name="PostName" /></td>
</tr>
<tr>
    <td><label for="PostAuth">Ath</label></td><td><input type="text" name="PostAuth" /></td>
</tr>
<tr>
    <td><label for="PostContent">Content</label></td>
    <td><textarea name="PostContent"></textarea></td>
</tr>
<label for="postCategory">Category</label>
<select class="form-control" name="postCategory">
<?php
$result = mysql_query("SELECT * FROM cm_categories");
while($cat = mysql_fetch_assoc($result)) {
?>
<option value="<?php echo $cat['ID']; ?>"><?php echo $cat['Title']; ?></option>
<?php
}
?>
</select>           
<tr>
    <td colspan="2"><input type="submit" name="submit" /></td>
</tr>
</table>
</form>

Any idea?

Marcell
  • 500
  • 1
  • 4
  • 19
  • 1
    do some simple debug : echo the query inside the function and see what you get.. this would give you better idea what query its trying to execute. – Abhik Chakraborty Aug 06 '15 at 08:58
  • addPost($_POST['PostName'], $_POST['PostAuth'], $_POST['PostContent'], $_POST['postCategory']); Looks like the execute die after this one. – Marcell Aug 06 '15 at 09:01
  • 1
    just `echo "INSERT INTO cm_posts VALUES...."; die();` inside the function and see what you are getting. – Abhik Chakraborty Aug 06 '15 at 09:02
  • I agree with @AbhikChakraborty - just show us how the query-string looks (since you are getting a mysql-error). **plus:** I hope you know that the **php mysql functions are deprecated** and you shouldn't use them anymore, see this question: http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php – low_rents Aug 06 '15 at 09:05
  • sorry, but i dont understand how could i echo it?! if i echo'ing it, then query will not run. yes, i will fix them too :) – Marcell Aug 06 '15 at 09:09
  • nevermind, solved that part of problem. – Marcell Aug 06 '15 at 09:16

1 Answers1

1

you are missing a simple quote in your sql syntax.

Yours : 

function addPost($pName, $pAuthor, $pContent, $pCat = null) {
$query = mysql_query("INSERT INTO cm_posts VALUES(null,'$pName','$pAuthor','$pContent,'$pCat')") or die(mysql_error());
}

Correct :

function addPost($pName, $pAuthor, $pContent, $pCat = null) {
$query = mysql_query("INSERT INTO cm_posts VALUES(null,'$pName','$pAuthor','$pContent','$pCat')") or die(mysql_error());
}

Be careful that all your datas are escape from any simple quote or you will be the target of potential mysql injection.

Mayous
  • 2,063
  • 3
  • 13
  • 18
  • Thanks, now i got no error, but somewhy post hasn't been added :S – Marcell Aug 06 '15 at 09:12
  • what king of mysql interface are you using? PhpMyAdmin? Can you print the query before execute? function addPost($pName, $pAuthor, $pContent, $pCat = null) { echo $sql = "INSERT INTO cm_posts VALUES(null,'$pName','$pAuthor','$pContent,'$pCat')"; $query = mysql_query($sql) or die(mysql_error()); } – Mayous Aug 06 '15 at 09:15
  • Parse error: syntax error, unexpected '{' in D:\xampp\htdocs\cm_admin\addpost_c.php on line 7 (this line, what you sent.) – Marcell Aug 06 '15 at 09:17
  • ok, I forgot the simple quote correction ^^ `code function addPost($pName, $pAuthor, $pContent, $pCat = null) { echo $sql = "INSERT INTO cm_posts VALUES(null,'$pName','$pAuthor','$pContent','$pCat')"; $query = mysql_query($sql) or die(mysql_error()); } ` – Mayous Aug 06 '15 at 09:19
  • Great thanks, but still not the best :( http://prntscr.com/81g81r as you can see looks like columns are slide a bit – Marcell Aug 06 '15 at 09:25
  • and @CsendesMarcell shouldn't use mysql-functions anyways, see: http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php – low_rents Aug 06 '15 at 09:25
  • Do you see the query with the previous echo? if not, just add 'die()' after the echo line, juste to have a look at the final query, maybe we will see some emtpy fields here ! – Mayous Aug 06 '15 at 09:28
  • Ok @CsendesMarcell, great ;) – Mayous Aug 06 '15 at 09:29