[thelist] PHP Events Calendar - URGENT HELP NEEDED!!!

Tue Apr 5 08:31:08 CDT 2005

No offense, but you got a bunch of problems here.

1) One way to add a new table is through code, such as
mysql_query("CREATE TABLE departments (deptID INTEGER, deptname
VARCHAR(20))"). Of course this would be in a separate script that you
only run once.

2) I don't see why you need to define $TBL_PR = "events" in config.php,
especially since you define it again in your code, then assign it to
$dbt_table and use that instead anyway! I'd just "hard-code" the table
name into the $sql string (since it's specific to this table anyway) and
dispense with $TBL_PR and $db_table altogether. They're not necessary,
and led to your confusion about needing to do something in config.php to
create a new table, which you don't really.

3) You should never use $_POST or $_GET values directly without
filtering them for "SQL Injection" attacks. This list has now had two
recent discussions about this, and this is exactly the situation they
are talking about!

4) A design question: Why is the event date split up into separate
fields for day, month, year, and time? The mySQL date/time fields
incorporate all these in a single field, and provide nice functions like
data arithmetic and formatting. Plus, you give field names of day,
month, year, and time, but then values of day, month, year hour, and
minute. See http://dev.mysql.com/doc/mysql/en/index.html for the mySQL
documentation.

5) Just a style thing: You don't need to surround your field names with
backquotes.

6) If you do a select statement from multiple tables, you probably need
to limit the match conditions, either with a WHERE clause, or INNER JOIN
... ON ... clause. Again, see the mySQL documentation for syntax, or
Google something like "sql inner join" for the theory or tutorials.
Without any conditions, you will get a "cartesian join", which means
every combination of every record from every table with every other
record from every table. Probably not what you want.

Sounds like you might benefit from an introductory book on SQL, as well.

Good luck, and have fun!

- John
-- 

This message may contain information which is private, privileged or confidential and is intended solely for the use of the individual or entity named in the message. If you are not the intended recipient of this message, please notify the sender thereof and destroy / delete the message. Neither the sender nor Sappi Limited (including its subsidiaries and associated companies) shall incur any liability resulting directly or indirectly from accessing any of the attached files which may contain a virus or the like.