Imri-Persiado Posted October 30, 2013 Share Posted October 30, 2013 That's the error I get: Error3: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'sprint spikes'', ''Nike'', '' at line 2 For the following code: function post($type, $brand, $gender, $size, $hand, $isNew, $price, $desc, $imgname, $name, $userid, $phone) { $con=connect(); if (!$con) die('Could not connect: ' . mysql_error()); // Check connection $type = check_input ($type); $brand = check_input ($brand); $gender = check_input ($gender); $size = check_input ($size); $hand = check_input ($hand); $price = check_input ($price); $desc = check_input ($desc); $imgname = check_input ($name); $userid = check_input ($usid); $name = check_input ($name); $phone = check_input ($phone); $date = date("Y/m/d"); $sql="INSERT INTO spikes (type, brand, gender, size, hand, new, price, description, imgname, date, name, userid, phone) VALUES('$type', '$brand', '$gender', '$size', '$hand', '$isNew', '$price', '$desc', '$imgname', '$date', '$name', '$userid', '$phone')"; if (!mysql_query($sql,$con)){ die('Error3: ' . mysql_error($con)); } mysql_close($con); } function check_input($value) { // Stripslashes if (get_magic_quotes_gpc()) $value = stripslashes($value); // Quote if not a number if (!is_numeric($value)) $value = "'" . mysql_real_escape_string($value) . "'"; return $value; } I really don't understand what I'm doing wrong.. Link to comment https://forums.phpfreaks.com/topic/283438-error-in-sql-syntax/ Share on other sites More sharing options...
Ch0cu3r Posted October 30, 2013 Share Posted October 30, 2013 Your check_input() function is encapsulating values within single quotes and you are also encapsulating each value in the query with single quotes too. In affect your values in the query are wrapped in single quotes twice. This is what is causing the error. To fix the error change $value = "'" . mysql_real_escape_string($value) . "'"; to just $value = mysql_real_escape_string($value); Link to comment https://forums.phpfreaks.com/topic/283438-error-in-sql-syntax/#findComment-1456211 Share on other sites More sharing options...
objnoob Posted October 30, 2013 Share Posted October 30, 2013 I would have taken a different approach! Instead of modifying if(!is_numeric($value)) $value = "'" . mysql_real_escape_string($value) . "'"; I'd modify $sql="INSERT INTO spikes (type, brand, gender, size, hand, new, price, description, imgname, date, name, userid, phone) VALUES($type, $brand, $gender, $size, $hand, $isNew, $price, $desc, $imgname, $date, $name, $userid, $phone)"; Link to comment https://forums.phpfreaks.com/topic/283438-error-in-sql-syntax/#findComment-1456212 Share on other sites More sharing options...
Imri-Persiado Posted October 30, 2013 Author Share Posted October 30, 2013 Thank you guys! Link to comment https://forums.phpfreaks.com/topic/283438-error-in-sql-syntax/#findComment-1456221 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.