jmoudy77 Posted August 18, 2009 Share Posted August 18, 2009 Hi, I'm a little new to php, but I've been using SQL syntax with VB for a while. I can't figure out why I'm getting this error: Error adding submitted property: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Long, Date1, Time, Price, Footage, Beds, Baths) VALUES ('Laurie Moud' at line 2 Here's my SQL: if(! get_magic_quotes_gpc() ) { $name=mysql_real_escape_string(addslashes ($_POST[name])); $street=mysql_real_escape_string(addslashes ($_POST[street])); $city=mysql_real_escape_string(addslashes ($_POST[city])); $state=mysql_real_escape_string(addslashes ($_POST[state])); $zip=mysql_real_escape_string(addslashes ($_POST[zip])); $date=mysql_real_escape_string(addslashes ($_POST[date])); $time=mysql_real_escape_string(addslashes ($_POST[time])); $price=mysql_real_escape_string(addslashes ($_POST[price])); $footage=mysql_real_escape_string(addslashes ($_POST[footage])); $beds=mysql_real_escape_string(addslashes ($_POST[beds])); $baths=mysql_real_escape_string(addslashes ($_POST[baths])); $address1=mysql_real_escape_string(addslashes ($_POST[address1])); $address2=mysql_real_escape_string(addslashes ($_POST[address2])); $cccity=mysql_real_escape_string(addslashes ($_POST[cccity])); $ccstate=mysql_real_escape_string(addslashes ($_POST[ccstate])); $cczip=mysql_real_escape_string(addslashes ($_POST[cczip])); $email=mysql_real_escape_string(addslashes ($_POST[email])); $phone=mysql_real_escape_string(addslashes ($_POST[phone])); $ccnumber=mysql_real_escape_string(addslashes ($_POST[ccnumber])); $ccname=mysql_real_escape_string(addslashes ($_POST[ccname])); $ccdate=mysql_real_escape_string(addslashes ($_POST[ccdate])); $cccode=mysql_real_escape_string(addslashes ($_POST[cccode])); $paytype=mysql_real_escape_string(addslashes ($_POST[paytype])); }Else{ $name=mysql_real_escape_string($_POST[name]); $street=mysql_real_escape_string($_POST[street]); $city=mysql_real_escape_string($_POST[city]); $state=mysql_real_escape_string($_POST[state]); $zip=mysql_real_escape_string($_POST[zip]); $date=mysql_real_escape_string($_POST[date]); $time=mysql_real_escape_string($_POST[time]); $price=mysql_real_escape_string($_POST[price]); $footage=mysql_real_escape_string($_POST[footage]); $beds=mysql_real_escape_string($_POST[beds]); $baths=mysql_real_escape_string($_POST[baths]); $address1=mysql_real_escape_string($_POST[address1]); $address2=mysql_real_escape_string($_POST[address2]); $cccity=mysql_real_escape_string($_POST[cccity]); $ccstate=mysql_real_escape_string($_POST[ccstate]); $cczip=mysql_real_escape_string($_POST[cczip]); $email=mysql_real_escape_string($_POST[email]); $phone=mysql_real_escape_string($_POST[phone]); $ccnumber=mysql_real_escape_string($_POST[ccnumber]); $ccname=mysql_real_escape_string($_POST[ccname]); $ccdate=mysql_real_escape_string($_POST[ccdate]); $cccode=mysql_real_escape_string($_POST[cccode]); $paytype=mysql_real_escape_string($_POST[paytype]); } $sql1 = "INSERT INTO Listings (Username, Street, City, State, Zip, Lat, Long, Date1, Time, Price, Footage, Beds, Baths) VALUES ('$name', '$street', '$city', '$state', '$zip', '$lat', '$long', '$date', '$time', '$price', '$footage', '$beds', '$baths')"; $sql2 = "INSERT INTO Users (My_Name, Username, Street, PO_Box, City, State, Zip, Email, Phone, Client_Type, Brokerage, Join_Date) VALUES ('$name', '$name', '$address1', '$address2', '$cccity', '$ccstate', '$cczip', '$email', '$phone', 'Single')"; $sql3 = "INSERT INTO Billing (Username, Street, PO_Box, City, State, Zip, Credit_Card_#, Name_on_Card, Expiration, SID, Last_Payment, Payment_Type) VALUES ('$name', '$address1', $address2', '$cccity', '$ccstate', '$cczip', '$ccnumber', '$ccname', '$ccdate', '$cccode', CURDATE(), '$paytype')"; if ((mysql_query($sql1)) && (mysql_query($sql2)) && (mysql_query($sql3))) { echo("Your property has been added."); } else { echo("Error adding submitted property: " . mysql_error() . "<br><br>" . "<a href='one_time.html' onClick='return myPopup(this, 'notes')'> Return to listing form.</a>"); } Quote Link to comment Share on other sites More sharing options...
rhodesa Posted August 18, 2009 Share Posted August 18, 2009 First, you don't need mysql_real_escape_string() AND addslashes()...just mysql_real_escape_string() should be fine... As for the error, Long is a reserved word in MySQL: http://dev.mysql.com/doc/refman/5.1/en/reserved-words.html I would recommend changing the column name to something else...but if you can't, just put backticks around it: $sql1 = "INSERT INTO Listings (Username, Street, City, State, Zip, Lat, `Long`, Date1, Time, Price, Footage, Beds, Baths) VALUES ('$name', '$street', '$city', '$state', '$zip', '$lat', '$long', '$date', '$time', '$price', '$footage', '$beds', '$baths')"; Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.