lieffenno Posted July 4, 2008 Share Posted July 4, 2008 hi! this is my first post here, but it won't be my last. i'm working on something simple...inserting data from a POST into a new mysql table row. i get the error "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@emailaddresshere" followed by the rest of the data to be inserted. the column type for the email address is char with a length 50. the query is: $query = "INSERT INTO users_editors (fname, lname, email, phone1, phone2, hyear, cmail) VALUES($fname,$lname,$email,$phone1,$phone2,$hyear,$cmail)"; mysql_query($query) or die(mysql_error()); when i eliminate that variable, it then gives me the same error, but up to where there is a space in the data. it sounds like i'm not doing something needed to process the input before it goes into the table, but @ and spaces aren't escapable characters that i could find. help! thanks! lief Link to comment https://forums.phpfreaks.com/topic/113182-new-to-php-and-mysql-problem-inserting-into-database/ Share on other sites More sharing options...
allenskd Posted July 4, 2008 Share Posted July 4, 2008 Add quotes in the values $query = "INSERT INTO users_editors (fname, lname, email, phone1, phone2, hyear, cmail) VALUES('$fname','$lname','$email','$phone1','$phone2','$hyear','$cmail')"; mysql_query($query) or die(mysql_error()); P.S also remember to escape all data ( addslashes() ), else we'll be walking in circles Link to comment https://forums.phpfreaks.com/topic/113182-new-to-php-and-mysql-problem-inserting-into-database/#findComment-581512 Share on other sites More sharing options...
lieffenno Posted July 4, 2008 Author Share Posted July 4, 2008 HAHAHAHA amazing! i knew it was something simple. thanks so much!!! lief Link to comment https://forums.phpfreaks.com/topic/113182-new-to-php-and-mysql-problem-inserting-into-database/#findComment-581514 Share on other sites More sharing options...
DarkWater Posted July 4, 2008 Share Posted July 4, 2008 Add quotes in the values $query = "INSERT INTO users_editors (fname, lname, email, phone1, phone2, hyear, cmail) VALUES('$fname','$lname','$email','$phone1','$phone2','$hyear','$cmail')"; mysql_query($query) or die(mysql_error()); P.S also remember to escape all data ( addslashes() ), else we'll be walking in circles Actually, you'll want mysql_real_escape_string, not addslashes(). Link to comment https://forums.phpfreaks.com/topic/113182-new-to-php-and-mysql-problem-inserting-into-database/#findComment-581515 Share on other sites More sharing options...
Daniel0 Posted July 4, 2008 Share Posted July 4, 2008 Add quotes in the values $query = "INSERT INTO users_editors (fname, lname, email, phone1, phone2, hyear, cmail) VALUES('$fname','$lname','$email','$phone1','$phone2','$hyear','$cmail')"; mysql_query($query) or die(mysql_error()); P.S also remember to escape all data ( addslashes() ), else we'll be walking in circles Actually, you'll want mysql_real_escape_string, not addslashes(). That doesn't really matter. The primary concern with SQL injection is the quotes. Therefore, if you do not care about line breaks and such then you will have no problem whatsoever with using addslashes() instead. If you take a look ad addslashes()'s manual entry, then you will see that is says: An example use of addslashes() is when you're entering data into a database. Link to comment https://forums.phpfreaks.com/topic/113182-new-to-php-and-mysql-problem-inserting-into-database/#findComment-581612 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.