the database looks like this

the database is called
username_tpp (not really just using username as a sub)
the table is called
home
it has
field 1 : varchar(50) | latin1_swedish_ci | no attributes | null = no |
default = (nothing) | extra = (nothing) | action = primary key |
comments = h

field 2 : text | latin1_swedish_ci | no attributes | null = no |
default = (nothing) | extra = (nothing) | action = text | comments = b

all i am trying to achive is to have someone post what they want to
appear on their website on this page as in the header and the body of
their site (i will do xhtml formating to make it look nicer if the
script ever works)

<?php // update_site.php
// This script adds a entry to the database.

// Address error handling.
ini_set ('display_errors', 1);
error_reporting (E_ALL & ~E_NOTICE);

if (isset ($_POST['submit'])) { // Handle the form.

// Connect and select.
if ($dbc = @mysql_connect ('localhost', username', password)) {

if (!@mysql_select_db ('username_tpp')) {
die ('<p>Could not select the database because:
<b>' . mysql_error()
.. '</b></p>');
}

} else {
die ('<p>Could not connect to MySQL because: <b>' .
mysql_error() .
'</b></p>');
}

// Define the query.
$query = "INSERT INTO home (1) VALUE ('{$_POST['header']}')";
"INSERT
INTO home (2) VALUE '{$_POST['body']}'";

// Execute the query.
if (@mysql_query ($query)) {
print '<p>The blog entry has been added.</p>';
} else {
print "<p>Could not add the entry because: <b>" .
mysql_error() .
"</b>. The query was $query.</p>";
}

mysql_close();

}

// Display the form.
?>
<form action="update_site.php" method="post">
<p>Page Header: <input type="text" name="header" size="40"
maxsize="100" /></p>
<p>Page Body :&nbsp;&nbsp;
<textarea name="body" cols="40" rows="5"></textarea></p>
<input type="submit" name="submit" value="Update My Website" />
</form>

i get this error...

Could not add the entry because: You have an error in your SQL syntax;
check the manual that corresponds to your MySQL server version for the
right syntax to use near '1) VALUE ('hello')' at line 1. The query was
INSERT INTO home (1) VALUE ('hello').

then i have another script that is not working
either which is:

this is the script for their home page that retirves the data that this
one posts into the table.

<?php // index.php
// This script retrieves header and body text from the database.

// Address error handing.
ini_set ('display_errors', 1);
error_reporting (E_ALL & ~E_NOTICE);

// Connect and select.
if ($dbc = @mysql_connect ('localhost', 'username', 'password')) {

if (!@mysql_select_db ('username_tpp')) {
die ('<p>Could select the database because: <b>' .
mysql_error() .
'</b></p>');
}

} else {

die ('<p>Could not connect to MySQL because: <b>' .
mysql_error() .
'</b></p>');

}

// Define the query.
$query = 'SELECT * FROM home';

if ($r = mysql_query ($query)) { // Run the query.

>>>>this is not in the actual script but im sure this is where im going wrong<<<<<<

// Retrieve and print every record.
while ($row = mysql_fetch_array ($r)) {
print "<p><h3>{$row['1']}</h3>
{$row['2']}<br />
</p><hr />\n";
}

} else { // Query didn't run.

die ('<p>Could create the table because: <b>' . mysql_error() .
"</b>.
The query was $query.</p>");

} // End of query IF.

mysql_close(); // Close the database connection.
?>

could you please help me ive been debugging for days now and my head is
going to explode

-thank you, philip (kirewire.com, leetmachines.com, pealtech.com,
leetbargains.com)

kkddrpg@gmail.com wrote:
> the database looks like this
>
<lots of code snipped>
>
> -thank you, philip (kirewire.com, leetmachines.com, pealtech.com,
> leetbargains.com)
>

Are your columns actually named '1' and '2'? These aren't normal column
names - normally you name them something descriptive, like 'name', or
'firstname', etc. In fact, these are invalid names according to the SQL
standard, although you might coax MySQL to accept them.

What does the actual CREATE TABLE statement you used look like?

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Jerry Stuckle wrote:
> kkddrpg@gmail.com wrote:
> > the database looks like this
> >
> <lots of code snipped>
> >
> > -thank you, philip (kirewire.com, leetmachines.com, pealtech.com,
> > leetbargains.com)
> >
>
> Are your columns actually named '1' and '2'? These aren't normal column
> names - normally you name them something descriptive, like 'name', or
> 'firstname', etc. In fact, these are invalid names according to the SQL
> standard, although you might coax MySQL to accept them.
>
> What does the actual CREATE TABLE statement you used look like?
>
> --
> ==================
> Remove the "x" from my email address
> Jerry Stuckle
> JDS Computer Training Corp.
> jstucklex@attglobal.net
> ==================

Is 'value' valid sql?. I thought you had to use 'values' regardless of
how much data you're inserting

strawberry wrote:
> Jerry Stuckle wrote:
>
>>kkddrpg@gmail.com wrote:
>>
>>>the database looks like this
>>>
>>
>><lots of code snipped>
>>
>>>-thank you, philip (kirewire.com, leetmachines.com, pealtech.com,
>>>leetbargains.com)
>>>
>>
>>Are your columns actually named '1' and '2'? These aren't normal column
>>names - normally you name them something descriptive, like 'name', or
>>'firstname', etc. In fact, these are invalid names according to the SQL
>>standard, although you might coax MySQL to accept them.
>>
>>What does the actual CREATE TABLE statement you used look like?
>>
>>--
>>==================
>>Remove the "x" from my email address
>>Jerry Stuckle
>>JDS Computer Training Corp.
>>jstucklex@attglobal.net
>>==================
>
>
> Is 'value' valid sql?. I thought you had to use 'values' regardless of
> how much data you're inserting
>

Good eye - I missed that one completely! You are totally, 100% and
beyond any doubt at all, correct! :-)

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

its from a books supporting website that code i got rid of the create
table part i described exactly how the data base is i made the database
in phpmyadmin
Jerry Stuckle wrote:
> strawberry wrote:
> > Jerry Stuckle wrote:
> >
> >>kkddrpg@gmail.com wrote:
> >>
> >>>the database looks like this
> >>>
> >>
> >><lots of code snipped>
> >>
> >>>-thank you, philip (kirewire.com, leetmachines.com, pealtech.com,
> >>>leetbargains.com)
> >>>
> >>
> >>Are your columns actually named '1' and '2'? These aren't normal column
> >>names - normally you name them something descriptive, like 'name', or
> >>'firstname', etc. In fact, these are invalid names according to the SQL
> >>standard, although you might coax MySQL to accept them.
> >>
> >>What does the actual CREATE TABLE statement you used look like?
> >>
> >>--
> >>==================
> >>Remove the "x" from my email address
> >>Jerry Stuckle
> >>JDS Computer Training Corp.
> >>jstucklex@attglobal.net
> >>==================
> >
> >
> > Is 'value' valid sql?. I thought you had to use 'values' regardless of
> > how much data you're inserting
> >
>
> Good eye - I missed that one completely! You are totally, 100% and
> beyond any doubt at all, correct! :-)
>
> --
> ==================
> Remove the "x" from my email address
> Jerry Stuckle
> JDS Computer Training Corp.
> jstucklex@attglobal.net
> ==================

what i am trying to say here is

// Define the query.
$query = "INSERT INTO home (1) VALUE ('{$_POST['header']}')";
"INSERT
INTO home (2) VALUE '{$_POST['body']}'";

the name of the table is home
and that table whas two fields 1 and 2 and field 1 is a varchar 50 for
the header and field to is text for the body of my site and 'header'
and 'body' are the values im useing b/c those are the names of the
fields in the form

"so many sites so little time" <kkddrpg@gmail.com> wrote:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This ain't cool. Please use your real name here.

> what i am trying to say here is
>
> // Define the query.
> $query = "INSERT INTO home (1) VALUE ('{$_POST['header']}')";
> "INSERT
> INTO home (2) VALUE '{$_POST['body']}'";
>
> the name of the table is home
> and that table whas two fields 1 and 2 and field 1 is a varchar 50 for
> the header and field to is text for the body of my site and 'header'
> and 'body' are the values im useing b/c those are the names of the
> fields in the form

1. this is invalid PHP: you assign the first string literal to $query
but the second is just standing there. Don't you get a PHP syntax
error here? I didn't look into PHP for a long time, but the curly
braces around $_POST[foo] look suspicious. It's much better style
to create the query string with sprintf().

2. this is invalid SQL: INSERT INTO table [(columns)] VALUES (values)
~~~
3. this is a strange schema. Did you call the columns of table `home`
`1` and `2`? Really? Bad thing!

4. if you have two columns `1` and `2`, you should insert values into
both columns at once. Otherwise you will get two totally unrelated
records in table `home`.

5. this opens the door for SQL injection. You must NEVER use GET/POST
variables without escaping them correctly.


XL
--
Axel Schwenke, Senior Software Developer, MySQL AB

Online User Manual: http://dev.mysql.com/doc/refman/5.0/en/
MySQL User Forums: http://forums.mysql.com/