Jump to content

Recommended Posts

 

why is this error generated from the subsequent code?  all values are $_POST retrieved strings dumped into a varchar table column.  i checked all variable names, &c.

 

database query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'long time, lots, fuzzy, probed, yes, your dog stinks, b.mast@theduke.net)' at line 1

 

$connexion = mysql_connect(HOST, LOGIN, PASS);
if (!$connexion) {
	die('database connexion failed: ' . mysql_error());
}

$dbselexion = mysql_select_db('someDB');
if (!$dbselexion) {
	die('database selexion failed: ' . mysql_error());
}

$query = "INSERT INTO someTable ";
$query .= "(first_name, last_name, when_happened, how_long, how_many, ";
$query .= "description, did_what, was_spotted, other, email) ";
$query .= "VALUES ({$firstName}, {$lastName}, {$whenhappen}, {$howlong}, {$howmany}, ";
$query .= "{$desc}, {$didwhat}, {$wasseen}, {$other}, {$email})";

$result = mysql_query($query);
if (!$result) {
	die('database query failed: ' . mysql_error());
}

 

if you need more information, let me know.

 

TIA!

 

WR!

I'll also add that for debugging purposes it is always helpful to echo the actual query to the page when it fails. It makes finding/fixing mistakes much easier. For example, sometimes a query will fail because a value is not set which you believe is (maybe there was a typo in the variable name or the value just wasn't set). By echoing the query to the page the error will sometimes be very obvious and allows you to know exactly where to look to fix it.

 

However, you should always provide "friendly" error messages in a production environment that do not give the users DB errors that provide details about the nature of the error. Personally, I typically use a custom function for running my queries that checks to see if the application is in "debug mode". If yes, I will show the actual DB error and query. If not, I provide a friendly error message to the user.

okay.  first, thanks for your replies.

 

what i'm understanding is you're saying i should do this:

        $query .= "VALUE " . $firstName . ", " . $lastName . ", " . $whathappen  ...and so on....

 

is that right?  i purposely used double quotes and enclosed the variables with curly braces so it would parse the variable inline...  why wouldn't that work?

 

and i already escaped the vars, but thanks for the helpful reinforcer!  :D

 

WR!

No. Each string value must appear in quotes if you were to echo the query string. There's really no need for all the concatenation either, it's just another way to open yourself up to typos.

 

$query = "INSERT INTO someTable 
( first_name, last_name, when_happened, how_long, how_many, description, did_what, was_spotted, other, email ) 
VALUES 
( '$firstName', '$lastName', '$whenhappen', '$howlong', '$howmany', '$desc', '$didwhat', '$wasseen', '$other', '$email' )";

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.