I've compared the query to other example queries, and I still can't figure it out.
[php]
function post_news($post_title,$post_undertitle,$post_content,$post_time)
{
//insert data into table
prepnews($GLOBALS['mysql_user'],$GLOBALS['mysql_password'],$GLOBALS['mysql_host'],$GLOBALS['mysql_database']);
$query = "INSERT INTO news_data (title,undertitle,content,time) VALUES ($post_title,$post_undertitle,$post_content,$post_time)";
mysql_query($query) or die('Failed to execute query.'); //execute query
$query = "FLUSH PRIVILEGES";
mysql_query($query) or die('Failed flushing privelidges.');
//return user to main page
closenews();
}[/php]
I know the database is fine, I checked already. What is the problem?
Have you tried outputting the mysql_error() instead of just "Failed to execute query"?
Change it to this instead:
[php]or die( mysql_error() );[/php]
And tell us what error you get
Also, you'll want to enclose any strings you're writing to the table in quotes, like so:
[php].. VALUES('$post_title','$post_undertitle','$post_content','$post_time');"[/php]
You can also use \" if you want, however I find that to look a little more messy than '. Also, remember to escape special characters and html tags before putting it in the table, unless of course you want to allow that. Looking at your functions , it seems like this isn't something everyone will have access to, or be able to manipulate so it isn't that much of a security hole. There is however still the risk of accidentally putting in characters that could invalidate your query.
Use ` in the titles of the column's/tables if you feel like being cleaner about it.
Why are you flushing privileges?
Thanks for your help and sorry for the slow reply. Also, I removed that so don't worry
Sorry, you need to Log In to post a reply to this thread.
