Where did the parens come from

[bill]

this works, but...
---------------------------------------------
echo basename(__FILE__).": " . __LINE__ . "-> " . __FUNCTION__ ."
|<pre>";
print_r($postData);
echo "</pre>";

$sql = "INSERT INTO `dogs`
(`hName`,
`street`,
`city`,
`state`,
`zip`,
`hPhone`,
`wPhone`,
`mPhone`,
`email`
)
VALUES (
'$connection->real_escape_string({$postData['hName']})',
'$connection->real_escape_string({$postData['hName']})',
'$connection->real_escape_string({$postData['hName']})',
'$connection->real_escape_string({$postData['hName']})',
'$connection->real_escape_string({$postData['hName']})',
'$connection->real_escape_string({$postData['hName']})',
'$connection->real_escape_string({$postData['hName']})',
'$connection->real_escape_string({$postData['hName']})',
'$connection->real_escape_string({$postData['hName']})'
)
";
echo basename(__FILE__) . ": " . __LINE__ . ": sql=>$sql<br />";

------------------------------------

the test data:
ogs-basic.php: 251-> mSavePersonData |

Array
(
[org] => IWROM
[hName] => my name
[street] => 123 willoughby
[city] => MASON
[state] => MI
[zip] => 44444
[hphone] => home
[wphone] => work
[cphone] => (517* 881-6007
[email] => yad@yada
)

dogs-basic.php: 277: sql=>INSERT INTO `dogs`
(`hName`, `street`, `city`, `state`, `zip`, `hPhone`, `wPhone`,
`mPhone`, `email` )
VALUES (
'(my name)', '(my name)', '(my name)', '(my name)', '(my
name)', '(my name)', '(my name)', '(my name)', '(my name)' )

The sql produced has parens around all the values to be saved
(and it shouldn't) and I can't figure out where they come form.

yes, I know that I am saving the same value into each cell, it is
just test data

bill

[J.O. Aho]

On 07/10/17 20:19, bill wrote:

> '$connection->real_escape_string({$postData['hName']})'

> '(my name)'

> The sql produced has parens around all the values to be saved (and it
> shouldn't) and I can't figure out where they come form.

I would guess it's your { and } which generates the parentheses, try with

"$connection->real_escape_string($postData['hName'])"

--

//Aho

[Jerry Stuckle]

Are you sure this is the code you're using? If so, look at the source
code for your page.

The code you showed does not match the output you displayed.

--
==================
Remove the "x" from my email address
Jerry Stuckle
jstu...@attglobal.net
==================

[R.Wieser]

Bill,

> has parens around all the values to be saved (and it shouldn't)

Are you sure (and why) ?

From https://www.w3schools.com/PHP/php_mysql_insert.asp

[quote]
Here are some syntax rules to follow:
...
String values inside the SQL query must be quoted
[/quote]

To me it looks as if your PHP environment just tries to be helpful (by
adding those quotes) ...

Regards,
Rudy Wieser


-- Origional message:
bill <wil...@TechServSys.com> schreef in berichtnieuws
ok0gfs$1pkp$1...@gioia.aioe.org...

[bill]

I acknowledge I am a terrible proofreader, but I did not edit the
output before I cut/pasted it here.
Where do you see the mismatch ?
bill

[bill]

This results in:
PHP Parse error: syntax error, unexpected '$connection'
(T_VARIABLE) in
/home/michigan/public_html/IrishWolfhoundRescue.org/application/dogs-basic.php
on line 268

[bill]

On 7/10/2017 6:53 PM, Jerry Stuckle wrote:

Jerry, here is the full source code of the function

//---------------------------------------------------------page 1
of a dog needs help -------------------

function mSavePersonData($postData) { // mSavePersonData
global $connection;
// $postData contains the $_POST data from rescueDog1.php

echo basename(__FILE__).": " . __LINE__ . "-> " . __FUNCTION__ ."
|<pre>";
print_r($postData);
echo "</pre>";
$sql = "INSERT INTO `dogs`

(`status`,

`hName`,
`street`,
`city`,
`state`,
`zip`,
`hPhone`,
`wPhone`,
`mPhone`,
`email`
)
VALUES (

'new',
'$connection->real_escape_string($postData["hName"])',
'$connection->real_escape_string($postData["hName"])',
'$connection->real_escape_string($postData["hName"])',
'$connection->real_escape_string($postData["hName"])',
'$connection->real_escape_string($postData["hName"])',
'$connection->real_escape_string($postData["hName"])',
'$connection->real_escape_string($postData["hName"])',
'$connection->real_escape_string($postData["hName"])',
'$connection->real_escape_string($postData["hName"])'

)
";
echo basename(__FILE__) . ": " . __LINE__ . ": sql=>$sql<br />";

$result =mysqli_query($connection, $sql);
if (!$result) die("MySql ERROR in dogs-basic: ".__FUNCTION__."
on line " . __LINE__ . " " . $connection->error);

} //mSavePersonData

[Jerry Stuckle]

When trying to run your code I get the following:

Parse error: syntax error, unexpected '"', expecting '-' or identifier
(T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING)

This occurs on your first

'$connection->real_escape_string($postData["hName"])',

line.

This is with PHP 7.1.4.

[bill]

Sorry, that was the code J.O. Aho suggested.
Here is the current code.
----------------------

//---------------------------------------------------------page 1
of a dog needs help -------------------
function mSavePersonData($postData) { // mSavePersonData
global $connection;
// $postData contains the $_POST data from rescueDog1.php

$sql = "INSERT INTO `dogs`
(`hName`,
`street`,
`city`,
`state`,
`zip`,
`hPhone`,
`wPhone`,

`cPhone`,

`email`
)
VALUES (
'$connection->real_escape_string({$postData['hName']})',
'$connection->real_escape_string({$postData['hName']})',
'$connection->real_escape_string({$postData['hName']})',
'$connection->real_escape_string({$postData['hName']})',
'$connection->real_escape_string({$postData['hName']})',
'$connection->real_escape_string({$postData['hName']})',
'$connection->real_escape_string({$postData['hName']})',
'$connection->real_escape_string({$postData['hName']})',
'$connection->real_escape_string({$postData['hName']})'
)
";
echo basename(__FILE__) . ": " . __LINE__ . ": sql=>$sql<br />";

$result =mysqli_query($connection, $sql);
if (!$result) die("MySql ERROR in dogs-basic: ".__FUNCTION__."
on line " . __LINE__ . " " . $connection->error);

----------------------

interestingly, when the function runs the sql row generated has
the parens.

This is with php 5.x (.5 I think)
-bill

[J.O. Aho]

Maybe it's better to have it outside the string:

. $connection->real_escape_string($postData['hName']) . ", "


--

//Aho

[Peter H. Coffin]

For giggles, try this:

Because that's how it's shown on the manual page for the string types.
There are no object variables that I can see that are both interpreted
inside quoted strings that aren't also brace-wrapped at the object
level.

It's also killing me inside that all the indexes are 'hName' and not
'street', 'city', etc.

--
"This system operates under martial law. The constitution is suspended.
You have no rights except as declared by the area commander. Violators
will be shot. Repeat violators will be repeatedly shot...."
-from "A_W_O_L"

[Peter H. Coffin]

On Tue, 11 Jul 2017 12:55:17 -0500, Peter H. Coffin wrote:
> '{$connection->real_escape_string({$postData['hName']})}',

> '{$connection->real_escape_string({$postData['hName']})}',
> '{$connection->real_escape_string({$postData['hName']})}',
> '{$connection->real_escape_string({$postData['hName']})}',
> '{$connection->real_escape_string({$postData['hName']})}',
> '{$connection->real_escape_string({$postData['hName']})'

I missed one here ---------------------------------------^
> )
> ";

--
Tomorrow is the first day of the rest of your life in a career where, if
you really suck, 100% of your work fails and if you're really good and
really lucky only 99% of it is a complete waste of time. - Hal Bogerd

[Jerry Stuckle]

OK, I was able to duplicate it here. Very interesting. I haven't run
into this before because I really don't like trying to evaluate values
within a string. I changed it to the following, which is more my style.
It's a bit more of a hassle, but it works all the time.

function mSavePersonData($postData) { // mSavePersonData
global $connection;
// $postData contains the $_POST data from rescueDog1.php

$sql = "INSERT INTO `dogs`
(`hName`,
`street`,
`city`,
`state`,
`zip`,
`hPhone`,
`wPhone`,
`cPhone`,
`email`
)
VALUES (

'" . $connection->real_escape_string($postData['hName']) . "',
'" . $connection->real_escape_string($postData['hName']) . "',
'" . $connection->real_escape_string($postData['hName']) . "',
'" . $connection->real_escape_string($postData['hName']) . "',
'" . $connection->real_escape_string($postData['hName']) . "',
'" . $connection->real_escape_string($postData['hName']) . "',
'" . $connection->real_escape_string($postData['hName']) . "',
'" . $connection->real_escape_string($postData['hName']) . "',
'" . $connection->real_escape_string($postData['hName']) . "'

)
";
echo basename(__FILE__) . ": " . __LINE__ . ": sql=>$sql<br />";
$result =mysqli_query($connection, $sql);
if (!$result) die("MySql ERROR in dogs-basic: ".__FUNCTION__." on
line " . __LINE__ . " " . $connection->error);
} //mSavePersonData

Notice I've taken the function calls out of the quotes and just
concatenated them.

You could also use prepared statements and bound variables; some people
prefer doing it that way (and you don't need to escape the strings).

[bill]

That's nice

-bill

[Peter H. Coffin]

On Tue, 11 Jul 2017 14:57:31 -0400, Jerry Stuckle wrote:
> OK, I was able to duplicate it here. Very interesting. I haven't run
> into this before because I really don't like trying to evaluate values
> within a string. I changed it to the following, which is more my style.
> It's a bit more of a hassle, but it works all the time.

...

> '" . $connection->real_escape_string($postData['hName']) . "',
> '" . $connection->real_escape_string($postData['hName']) . "',
> '" . $connection->real_escape_string($postData['hName']) . "',

Yup, "build" the string instead of "interpret" the string.
That's exactly how I rewrote it first, but I couldn't think of a good
reason to throw out what SHOULD work just because it ... didn't. So I
went looking for a difference that might make a difference to the
interpretor/parser that wouldn't make a difference to me, and that's
where I got to the "Wait, all of these objects have braces around the
whole thing. It didn't SAY it was needed, but the ostensibly Smart
People are doing it..."

--
63. Bulk trash will be disposed of in incinerators, not compactors. And
they will be kept hot, with none of that nonsense about flames
going through accessible tunnels at predictable intervals.
--Peter Anspach's list of things to do as an Evil Overlord

[bill]

On 7/12/2017 2:51 PM, Peter H. Coffin wrote:
> On Tue, 11 Jul 2017 14:57:31 -0400, Jerry Stuckle wrote:
>> OK, I was able to duplicate it here. Very interesting. I haven't run
>> into this before because I really don't like trying to evaluate values
>> within a string. I changed it to the following, which is more my style.
>> It's a bit more of a hassle, but it works all the time.
>
> ...
>
>> '" . $connection->real_escape_string($postData['hName']) . "',
>> '" . $connection->real_escape_string($postData['hName']) . "',
>> '" . $connection->real_escape_string($postData['hName']) . "',
>
> Yup, "build" the string instead of "interpret" the string.
> That's exactly how I rewrote it first, but I couldn't think of a good
> reason to throw out what SHOULD work just because it ... didn't.

LOL

[Man of Your dreams]

Morning...

Check out new place for us for chatting:

yyyyyyyyyyyyyyyyyyyyyyyy.mywebcommunity.org/a.php


Have a nice day!