The Ultimate Guide to High Availability with MariaDB

Comments - VERSION

6 years, 5 months ago Franye Ortiz
Re: VERSION

Hello, i have de following situetion:

I did the following form in php:

<?php try{ require_once('bd_conexion.php'); }catch(Exception $e){ $error = $e->getMessage(); }

?>

<!DOCTYPE html> <html> <head> <meta charset="utf-8"> <title>Contactos</title> <link rel="stylesheet" type="text/css" href="EstilosJuan.css" media="screen" > </head> <body> <div class="contenedor"> <h1>Agenda</h1> <DIV class="contenido"> <h2>Nuevo contacto</h2> <form action="crear.php" method="post"> <div class="campo"> <label for="nombre">Nombre <input type="text" name="nombre" id="nombre" placeholder="nombre"> </label> </div> <div class="campo"> <label for="numero">Numero <input type="text" name="numero" id="numero" placeholder="numero"> </label> </div> <input type="submit" value="Agregar"> </form> </DIV> </div> </body> </html>

/ crear.php / <?php if(isset($_POST['nombre'])){ $nombre = $_POST['nombre']; } if(isset($_POST['numero'])){ $numero = $_POST['numero']; } try{ require_once('bd_conexion.php'); $sql = "INSERT INTO 'contactos' ('id', 'nombre', 'telefono') "; contactos es el nombre de la tabla que vamos a usas de la base de datos $sql .= "VALUES(NULL, '{$nombre}','$numero'); " ;concateno a la consulta anterior $resultado = $conn->query($sql); }catch(Exception $e){ $error = $e->getMessage(); }

?>

<!DOCTYPE html> <html> <head> <meta charset="utf-8"> <title>Contactos</title> <link rel="stylesheet" type="text/css" href="EstilosJuan.css" media="screen" > </head> <body> <div class="contenedor"> <h1>Agenda</h1> <DIV class="contenido"> <?php if($resultado){ echo "contacto creado"; }else{ echo "Hay un Error " . $conn->error; } ?> </br> <a class="volver" href="Contactos.php"> Volver </a> </DIV> </div> <?php $conn->close(); ?> </body> </html>

/ bd_conexion.php /

<?php $conn = new mysqli('localhost','root','','contactos'); if($conn->connect_error){ echo $error = $conn->connect_error; }

?>

But when I try the functioning of my form, de browser show me this error:

" You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''contactos' ('id', 'nombre', 'telefono') VALUES(NULL, 'Mami','04169175877')' at line 1 "

Really i don'd know what I do, please help me

 
6 years, 5 months ago Franye Ortiz
Re: VERSION

Hello friends!

I see the error!!

When i put:

$sql = "INSERT INTO 'contactos' ('id', 'nombre', 'telefono') "

We don't use simplfy quotation maks or double quotation marks, y must use this quotion marks: ``. If you don't use this, the form make error!!

 
5 years, 9 months ago douglasryanadams_g
Re: VERSION

Just wanted to mention, in case other folks stumble here, that this is not the way you should structure your DB queries in PHP.

http://php.net/manual/en/security.database.sql-injection.php

 
Content reproduced on this site is the property of its respective owners, and this content is not reviewed in advance by MariaDB. The views, information and opinions expressed by this content do not necessarily represent those of MariaDB or any other party.