Patrick3002 Posted February 17, 2007 Share Posted February 17, 2007 This seems impossible to fix but i kno its probably going to be simple i just cannot figure it out to save my life. My error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near: 't even gotta wonder I was voted number one rapper to drop My code: $sql = "INSERT INTO `$table` VALUES ('$pc', '$pBy', '$email', '$lyric', '$song', '$artist', '$date','','')"; mysql_query($sql); Now, i know the problem i just cannot solve it... Theres a problem when i enclose the $lyric var with ' and ' but, i've tried enclosing it with everything possible even \" but it just does not want to execute. Any help on this problem would be greatly appreciated. Quote Link to comment Share on other sites More sharing options...
sspoke Posted February 17, 2007 Share Posted February 17, 2007 VALUES ('$pc', '$pBy', '$email', '$lyric', '$song', '$artist', '$date','','') here doesn't show nothing the stucture it self has to show how that table is made thats the key in your problem Quote Link to comment Share on other sites More sharing options...
Patrick3002 Posted February 17, 2007 Author Share Posted February 17, 2007 So how would i go about restructuring my query? Do you need more code? Quote Link to comment Share on other sites More sharing options...
papaface Posted February 17, 2007 Share Posted February 17, 2007 what is in $table? Quote Link to comment Share on other sites More sharing options...
Patrick3002 Posted February 17, 2007 Author Share Posted February 17, 2007 $table="lyrics_01"; Quote Link to comment Share on other sites More sharing options...
sspoke Posted February 17, 2007 Share Posted February 17, 2007 INSERT INTO table (pc, pBy , email,lyrics,song,artist,date,blank,blank) VALUES ('$pc', '$pBy', '$email', '$lyric', '$song', '$artist', '$date','','') like that.. BUT I guessed the sturcture it wont work rofl.. U gotta fill it out your self Quote Link to comment Share on other sites More sharing options...
corbin Posted February 17, 2007 Share Posted February 17, 2007 Actually sspoke, if that is the number of columns, it should work fine. What exactly is lyric? Also, I would try mysql_escape_real_string or addslashes on it. Quote Link to comment Share on other sites More sharing options...
linuxdream Posted February 17, 2007 Share Posted February 17, 2007 You don't need to know the structure...you can jump directly to VALUES if each value corresponds to your table structure. Try enclosing the $table in '{$table}' instead. You don't really need the 's there unless you have a weird table name. So try {$table} too.. Quote Link to comment Share on other sites More sharing options...
Patrick3002 Posted February 17, 2007 Author Share Posted February 17, 2007 I've tried $sql = "INSERT INTO `$table` (pc, pBy, email, lyric, song, artist, date) VALUES ('$pc', '$pBy', '$email', '$lyric', '$song', '$artist', '$date','','')"; mysql_query($sql); And i've also tried {$table} no luck... i appreciate all of the help Quote Link to comment Share on other sites More sharing options...
linuxdream Posted February 17, 2007 Share Posted February 17, 2007 are those back tick's you are using for $table? try using just regular ' Quote Link to comment Share on other sites More sharing options...
Patrick3002 Posted February 17, 2007 Author Share Posted February 17, 2007 The lyric var is: FIELD:lyric TYPE:blob ATTRIBUTES:BINARY NULL:No in phpmyadmin. But its technically song lyrics so basic text and chars such as: ' " [ ] etc. Thats what that var ($lyric) contains. The $table var just contains the table name (Lyrics_01) thats all that var contains, the var that has a problem is $lyric. $table="lyrics_01"; Heres the link if you can figure it out that way, click Add Lyric at the top. http://patricks.kicks-ass.net/lyrics/ Quote Link to comment Share on other sites More sharing options...
hitman6003 Posted February 17, 2007 Share Posted February 17, 2007 are those back tick's you are using for $table? try using just regular ' If you are going to wrap a table or column name in anything it has to be a back-tic....as stated on this page in the mysql manual: http://dev.mysql.com/doc/refman/5.0/en/identifiers.html#id2817618 Quote Link to comment Share on other sites More sharing options...
Jessica Posted February 17, 2007 Share Posted February 17, 2007 $lyric = mysql_real_escape_string($lyric); $sql = "INSERT INTO `$table` VALUES ('$pc', '$pBy', '$email', '$lyric', '$song', '$artist', '$date','','')"; mysql_query($sql); Quote Link to comment Share on other sites More sharing options...
Patrick3002 Posted February 17, 2007 Author Share Posted February 17, 2007 $lyric = mysql_real_escape_string($lyric); $sql = "INSERT INTO `$table` VALUES ('$pc', '$pBy', '$email', '$lyric', '$song', '$artist', '$date','','')"; mysql_query($sql); Problem solved, thank you very much now i need to research mysql_real_escape_string to see exactly what that does so i understand whats going on, haha thanks alot man! Quote Link to comment Share on other sites More sharing options...
linuxdream Posted February 17, 2007 Share Posted February 17, 2007 If you are going to wrap a table or column name in anything it has to be a back-tic....as stated on this page in the mysql manual: Thanks, Seems to work without them though. Quote Link to comment Share on other sites More sharing options...
hitman6003 Posted February 17, 2007 Share Posted February 17, 2007 Seems to work without them though. It isn't necessary to quote the table and column names except in certain situations, however you can not use a single quote when you do. Quote Link to comment Share on other sites More sharing options...
The_Assistant Posted February 17, 2007 Share Posted February 17, 2007 you could also use addslashes on $lyric $lyric = addslashes($lyric); $sql = "INSERT INTO `$table` VALUES ('$pc', '$pBy', '$email', '$lyric', '$song', '$artist', '$date','','')"; mysql_query($sql); Quote Link to comment Share on other sites More sharing options...
Jessica Posted February 17, 2007 Share Posted February 17, 2007 No, you should use the database specific functions. If you're using mysql, use the mysql functions. http://us3.php.net/manual/en/security.database.sql-injection.php "Quote each non numeric user supplied value that is passed to the database with the database-specific string escape function" Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.