WhiteRau Posted June 6, 2011 Share Posted June 6, 2011 why is this error generated from the subsequent code? all values are $_POST retrieved strings dumped into a varchar table column. i checked all variable names, &c. database query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'long time, lots, fuzzy, probed, yes, your dog stinks, b.mast@theduke.net)' at line 1 $connexion = mysql_connect(HOST, LOGIN, PASS); if (!$connexion) { die('database connexion failed: ' . mysql_error()); } $dbselexion = mysql_select_db('someDB'); if (!$dbselexion) { die('database selexion failed: ' . mysql_error()); } $query = "INSERT INTO someTable "; $query .= "(first_name, last_name, when_happened, how_long, how_many, "; $query .= "description, did_what, was_spotted, other, email) "; $query .= "VALUES ({$firstName}, {$lastName}, {$whenhappen}, {$howlong}, {$howmany}, "; $query .= "{$desc}, {$didwhat}, {$wasseen}, {$other}, {$email})"; $result = mysql_query($query); if (!$result) { die('database query failed: ' . mysql_error()); } if you need more information, let me know. TIA! WR! Quote Link to comment https://forums.phpfreaks.com/topic/238565-getting-weird-syntax-error-when-inserting-query-to-table/ Share on other sites More sharing options...
PFMaBiSmAd Posted June 6, 2011 Share Posted June 6, 2011 Each string data value that is put into a query must be enclosed by single-quotes in the query so that it is treated as a string instead of a sql keyword. Quote Link to comment https://forums.phpfreaks.com/topic/238565-getting-weird-syntax-error-when-inserting-query-to-table/#findComment-1225971 Share on other sites More sharing options...
xyph Posted June 6, 2011 Share Posted June 6, 2011 Also, you should escape the string using mysql_real_escape_string() to make sure any quotes within the string are escaped. This also makes SQL injection attacks much more difficult. Quote Link to comment https://forums.phpfreaks.com/topic/238565-getting-weird-syntax-error-when-inserting-query-to-table/#findComment-1225973 Share on other sites More sharing options...
Psycho Posted June 6, 2011 Share Posted June 6, 2011 I'll also add that for debugging purposes it is always helpful to echo the actual query to the page when it fails. It makes finding/fixing mistakes much easier. For example, sometimes a query will fail because a value is not set which you believe is (maybe there was a typo in the variable name or the value just wasn't set). By echoing the query to the page the error will sometimes be very obvious and allows you to know exactly where to look to fix it. However, you should always provide "friendly" error messages in a production environment that do not give the users DB errors that provide details about the nature of the error. Personally, I typically use a custom function for running my queries that checks to see if the application is in "debug mode". If yes, I will show the actual DB error and query. If not, I provide a friendly error message to the user. Quote Link to comment https://forums.phpfreaks.com/topic/238565-getting-weird-syntax-error-when-inserting-query-to-table/#findComment-1225979 Share on other sites More sharing options...
WhiteRau Posted June 6, 2011 Author Share Posted June 6, 2011 okay. first, thanks for your replies. what i'm understanding is you're saying i should do this: $query .= "VALUE " . $firstName . ", " . $lastName . ", " . $whathappen ...and so on.... is that right? i purposely used double quotes and enclosed the variables with curly braces so it would parse the variable inline... why wouldn't that work? and i already escaped the vars, but thanks for the helpful reinforcer! WR! Quote Link to comment https://forums.phpfreaks.com/topic/238565-getting-weird-syntax-error-when-inserting-query-to-table/#findComment-1226158 Share on other sites More sharing options...
Pikachu2000 Posted June 6, 2011 Share Posted June 6, 2011 No. Each string value must appear in quotes if you were to echo the query string. There's really no need for all the concatenation either, it's just another way to open yourself up to typos. $query = "INSERT INTO someTable ( first_name, last_name, when_happened, how_long, how_many, description, did_what, was_spotted, other, email ) VALUES ( '$firstName', '$lastName', '$whenhappen', '$howlong', '$howmany', '$desc', '$didwhat', '$wasseen', '$other', '$email' )"; Quote Link to comment https://forums.phpfreaks.com/topic/238565-getting-weird-syntax-error-when-inserting-query-to-table/#findComment-1226161 Share on other sites More sharing options...
WhiteRau Posted June 7, 2011 Author Share Posted June 7, 2011 good to know. i thought the quotes were implied with the strings. thank you so much. WR! Quote Link to comment https://forums.phpfreaks.com/topic/238565-getting-weird-syntax-error-when-inserting-query-to-table/#findComment-1226205 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.