[SOLVED] Syntax Error

[cisclem]

Please help - being relatively new to php I am struggling with the syntax. I am attempting to insert a new record in a table on a mySQL table but keep getting an incorrect syntax message. The data is picked up from a submit form as follows...

$mysqli = mysqli_connect("localhost", "username", "password", "database");
$name=$_POST['name'];
$url=$_POST['url'];
$sql="INSERT INTO tablename (name, url) VALUES ('"$_POST[name]"','"$_POST[url]"')";
if (!mysqli_query($sql,$mysqli))
  {
  die('Error: ' . mysql_error());
  }
echo "1 record added";

All I get when I run this code is an inavlid syntax error message. Could you please tell me what is wrong with the syntaxt I have used, I have tried multi variations but can not get it right

[thebadbad]

$name = mysql_real_escape_string($_POST['name']);
$url = mysql_real_escape_string($_POST['url']);
$sql = "INSERT INTO `tablename` (`name`, `url`) VALUES ('$name', '$url')";

And if you've got the time, read this post: or die() must die

[cisclem]

Thank you for your example - I have tried it and although I do not get the syntaxt error now instead I am advised that database can not be found. My code is as follows...

 

$mysql = mysql_connect("host", "username", "password", "database");

$name = mysql_real_escape_string($_POST['name']);

$url = mysql_real_escape_string($_POST['url']);

$sql = "INSERT INTO tablename ('name', 'url') VALUES ('$name', '$url')";

 

The database name I have used is correct so I suspect I am still not wording it correctly

[thebadbad]

You're not using the backticks (`) from my code. Either use them or don't, you can't use single quotes around table and field names as far as I know.

[cisclem]

If you are referring to the absence of the back ticks in the tablename I have already tried it with these but the result is the same. The example I sent was my last attempt where I omitted them in an attempt to get it to work

[PFMaBiSmAd]

You are not selecting a database because the 4th parameter of mysql_connect() is NOT the database. Why did you switch from using mysqli to just mysql? When you use a different function you must make sure it is used correctly. For mysql you must use mysql_select_db().

 

Both of your posts in this thread seem to be just trying random code stuck together without regard to how mysql or mysqli actually works. I recommend reading through a basic tutorial - http://w3schools.com/php/php_mysql_intro.asp before you attempt to actually write code.

[knsito]

Actually he is using mysqli so he needs to use

mysqli_real_escape_string($id, $string); to escape the values

 

for the code it would be

 

$name = mysqli_real_escape_string($mysqli, $_POST['name']);

etc

 

 

Thank you for your example - I have tried it and although I do not get the syntaxt error now instead I am advised that database can not be found. My code is as follows...

 

$mysql = mysql_connect("host", "username", "password", "database");

$name = mysql_real_escape_string($_POST['name']);

$url = mysql_real_escape_string($_POST['url']);

$sql = "INSERT INTO tablename ('name', 'url') VALUES ('$name', '$url')";

 

The database name I have used is correct so I suspect I am still not wording it correctly

[cisclem]

Thank you all for your replies which has enabled me to overcome the syntax error. I will endeavour to become more acqauinted with php syntax as you suggest - once again thank you