dropfaith Posted September 26, 2008 Share Posted September 26, 2008 Error in query: INSERT INTO reviews (Name, Date, Rating, Order, Comment) VALUES('My House','dfh','.5','dfh','dfh'). You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Order, Comment) VALUES('My House','dfh','.5','dfh','dfh')' at line 1 <? // form not yet submitted // display initial form if (!isset($_POST['submit'])) { ?> heres the form <fieldset> <legend>Add Review</legend> <form action="<? echo $_SERVER['PHP_SELF']; ?>" method="POST"> <? // includes include("../template/conf.php"); // open database connection $connection = mysql_connect($host, $user, $pass) or die ("Unable to connect!"); // select database mysql_select_db($db) or die ("Unable to select database!"); // generate and execute query $Name = mysql_escape_string($_GET['Name']); $query = "SELECT * FROM food WHERE Name = '$Name'"; $result = mysql_query($query) or die ("Error in query: $query. " . mysql_error()); // if records present if (mysql_num_rows($result) > 0) { // iterate through resultset // print article titles while($row = mysql_fetch_object($result)) { ?> <input type=hidden name="Name" value="<? echo $row->Name; ?>"> <? } } // if no records present // display message else { ?> <p>No press releases currently available</p> <? } // close database connection mysql_close($connection); ?> <label>Date</label> <input type=text name="Date" size="28"> </p> <p> <label>Rating</label> <select name="Rating"> <option value=".5">.5</option> <option value="1">1</option> <option value="1.5">1.5</option> <option value="2">2</option> <option value="2">2.5</option> <option value="3">3</option> <option value="4">3.5</option> <option value="4">4</option> <option value="5">4.5</option> <option value="5">5</option> <option value="6">5.5</option> <option value="6">6</option> <option value="7">6.5</option> <option value="7">7</option> <option value="8">7.5</option> <option value="8">8</option> <option value="9">8.5</option> <option value="9">9</option> <option value="10">10</option> </select> </p> <p> <label>Order</label> <input type=text name="Order" size="28"> </p> <p> <label>Comments</label> <textarea name="Comment" rows="5" cols="25"></textarea> </p> <input type="Submit" name="submit" value="Add"> </form> </fieldset> <?php } else { // includes include("../template/conf.php"); // set up error list array $errorList = array(); $count = 0; // validate text input fields $Name = mysql_escape_string($_POST['Name']); $Date = mysql_escape_string($_POST['Date']); $Rating = mysql_escape_string($_POST['Rating']); $Order = mysql_escape_string($_POST['Order']); $Comment = mysql_escape_string($_POST['Comment']); // check for errors // if none found... if (sizeof($errorList) == 0) { // open database connection $connection = mysql_connect($host, $user, $pass) or die ("Unable to connect!"); // select database mysql_select_db($db) or die ("Unable to select database!"); // generate and execute query $query = "INSERT INTO reviews (Name, Date, Rating, Order, Comment) VALUES('$Name','$Date','$Rating','$Order','$Comment')"; $result = mysql_query($query) or die ("Error in query: $query. " . mysql_error()); // print result echo "<font size=-1>Update successful.<a href=index.php>Go Home</a>.<br /> <a href=addride.php>Add Another</font>"; // close database connection mysql_close($connection); } else { // errors found // print as list echo "<font size=-1>The following errors were encountered: <br>"; echo "<ul>"; for ($x=0; $x<sizeof($errorList); $x++) { echo "<li>$errorList[$x]"; } echo "</ul></font>"; } } ?> Link to comment https://forums.phpfreaks.com/topic/125899-solved-whats-wrong-with-this-insert/ Share on other sites More sharing options...
dropfaith Posted September 26, 2008 Author Share Posted September 26, 2008 i broke it into the three sections to make it easier to understand the parts are all in order the actual insert is in the third part Link to comment https://forums.phpfreaks.com/topic/125899-solved-whats-wrong-with-this-insert/#findComment-651028 Share on other sites More sharing options...
F1Fan Posted September 26, 2008 Share Posted September 26, 2008 "date" and "order" are both keywords in SQL, so they need double quotes around them. Link to comment https://forums.phpfreaks.com/topic/125899-solved-whats-wrong-with-this-insert/#findComment-651029 Share on other sites More sharing options...
F1Fan Posted September 26, 2008 Share Posted September 26, 2008 $query = "INSERT INTO \"reviews\" (\"Name\", \"Date\", \"Rating\", \"Order\", \"Comment\") VALUES('$Name','$Date','$Rating','$Order','$Comment')"; Actually, comment is, too. You could just always put quotes around them if you're not sure. Link to comment https://forums.phpfreaks.com/topic/125899-solved-whats-wrong-with-this-insert/#findComment-651031 Share on other sites More sharing options...
dropfaith Posted September 26, 2008 Author Share Posted September 26, 2008 damn i knew nothing was wrong wioth the code i didnt even think about keywords those are my current fields ill just change them seems like a less hassle in the long run approach thanks Link to comment https://forums.phpfreaks.com/topic/125899-solved-whats-wrong-with-this-insert/#findComment-651033 Share on other sites More sharing options...
kenrbnsn Posted September 26, 2008 Share Posted September 26, 2008 You don't want double quotes, but backticks " ` " <?php $query = "INSERT INTO `reviews` (`Name`, `Date`, `Rating`, `Order`, `Comment`) VALUES('$Name','$Date','$Rating','$Order','$Comment')"; ?> Ken Link to comment https://forums.phpfreaks.com/topic/125899-solved-whats-wrong-with-this-insert/#findComment-651035 Share on other sites More sharing options...
Stooney Posted September 26, 2008 Share Posted September 26, 2008 You should use backdrops over double quotes. I don't know if double quotes even work, but if they do you still need to escape them all. Just use backdrops (`) in my opinion. <?php $query = "INSERT INTO reviews (`Name`,` Date`, `Rating`, `Order`, `Comment`) VALUES('$Name','$Date','$Rating','$Order','$Comment')"; ?> Link to comment https://forums.phpfreaks.com/topic/125899-solved-whats-wrong-with-this-insert/#findComment-651036 Share on other sites More sharing options...
F1Fan Posted September 26, 2008 Share Posted September 26, 2008 kenrbnsn -> is that a generic SQL thing, or just MySQL? My company uses PosgreSQL and I've never tried backticks, just always used double quotes without a problem. Link to comment https://forums.phpfreaks.com/topic/125899-solved-whats-wrong-with-this-insert/#findComment-651038 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.