Home/ Questions/Q 8105285
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-06T00:07:22+00:00

I know there isn’t enough validation in here just going through some testing. $result

  • 0

I know there isn’t enough validation in here just going through some testing. $result always returns empty? Is my query bad? I’m new to PHP and concatenating variables into strings is not something I have grasped full. Going with the OOP form since I’m pretty familiar with it and the concepts.

Also, I know this code is terribly sloppy… just trying to dive right in =)
`

$page = new Page();

$page->title = "Add a New Item";
$page->DisplayHeader();
$page->DisplaySidebar();

if (isset($_POST['submit']))
{
    // make short variable names
    $name = trim($_POST['name']);
    $level = intval($_POST['level']);
    $slot = strtolower($_POST['slot']);
    $hp = intval($_POST['hp']);
    $mana = intval($_POST['mana']);
    $mvs = intval($_POST['mvs']);
    $int = intval($_POST['int']);
    $wis = intval($_POST['wis']);
    $str = intval($_POST['str']);
    $dex = intval($_POST['dex']);
    $con = intval($_POST['con']);
    $p_ac = intval($_POST['p_ac']);
    $m_ac = intval($_POST['m_ac']);
    $saves = intval($_POST['saves']);
    $hit = intval($_POST['hit']);
    $dam = intval($_POST['dam']);


    $queryOk = 1;

    if (empty($name) || empty($level) || empty($slot))
    {
        echo '<h3>Please enter all the required fields</h3>';
        $queryOk = 0;
    }

    // Instantiate database object and connect
    @ $db = new mysqli('*host*', '*user*', '*pass*', '*database*');

    // Check connection to 
    if (mysqli_connect_errno()) {
        echo 'Error:  Could not connect to database, try again later';
    }

    $query = "INSERT INTO items (name, level, slot, hp, mana, mvs, int, wis, str, dex, con, p_ac, m_ac, saves, hit, dam)".
    "V ALUES ('$name', $level, '$slot', $hp, $mana, $mvs, $int, $wis, $str, $dex, $con, $p_ac, $m_ac, $saves, $hit, $dam)";

    $result = $db->query($query);

    if (!$result)
    {
        echo '<h3>Error:  Item was not entered.  (Your webmaster sucks)</h3>';
    }
    else    {
        echo "<p>The items \"$name\" was successfully entered into the database.  <a href=\"equipment.php\>Back to Equipment or add another item.</a></p>";
    }

    $db->close();
}`
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    int is a reserved word in mysql, and you’re using it as a fieldname. You’ll have to escape it with backticks:

    INSERT INTO ... (..., `int`, ...)
                      ^---^-- escapes

    your query:

    INSERT INTO items (name, level, slot, hp, mana, mvs, int, wis, str, dex, con, p_ac, m_ac, saves, hit, dam)
                                                     ^^^^--- problem here
VALUES ('$name', $level, '$slot', $hp, $mana, $mvs, $int, $wis, $str, $dex, $con, $p_ac, $m_ac, $saves, $hit, $dam)";
                                                   ^^^^^---NOT here
    • 0