Patrick3002 Posted February 17, 2007 Share Posted February 17, 2007 This seems impossible to fix but i kno its probably going to be simple i just cannot figure it out to save my life. My error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near: 't even gotta wonder I was voted number one rapper to drop My code: $sql = "INSERT INTO `$table` VALUES ('$pc', '$pBy', '$email', '$lyric', '$song', '$artist', '$date','','')"; mysql_query($sql); Now, i know the problem i just cannot solve it... Theres a problem when i enclose the $lyric var with ' and ' but, i've tried enclosing it with everything possible even \" but it just does not want to execute. Any help on this problem would be greatly appreciated. Link to comment https://forums.phpfreaks.com/topic/38852-mysql-syntax-error/ Share on other sites More sharing options...
sspoke Posted February 17, 2007 Share Posted February 17, 2007 VALUES ('$pc', '$pBy', '$email', '$lyric', '$song', '$artist', '$date','','') here doesn't show nothing the stucture it self has to show how that table is made thats the key in your problem Link to comment https://forums.phpfreaks.com/topic/38852-mysql-syntax-error/#findComment-186816 Share on other sites More sharing options...
Patrick3002 Posted February 17, 2007 Author Share Posted February 17, 2007 So how would i go about restructuring my query? Do you need more code? Link to comment https://forums.phpfreaks.com/topic/38852-mysql-syntax-error/#findComment-186818 Share on other sites More sharing options...
papaface Posted February 17, 2007 Share Posted February 17, 2007 what is in $table? Link to comment https://forums.phpfreaks.com/topic/38852-mysql-syntax-error/#findComment-186819 Share on other sites More sharing options...
Patrick3002 Posted February 17, 2007 Author Share Posted February 17, 2007 $table="lyrics_01"; Link to comment https://forums.phpfreaks.com/topic/38852-mysql-syntax-error/#findComment-186821 Share on other sites More sharing options...
sspoke Posted February 17, 2007 Share Posted February 17, 2007 INSERT INTO table (pc, pBy , email,lyrics,song,artist,date,blank,blank) VALUES ('$pc', '$pBy', '$email', '$lyric', '$song', '$artist', '$date','','') like that.. BUT I guessed the sturcture it wont work rofl.. U gotta fill it out your self Link to comment https://forums.phpfreaks.com/topic/38852-mysql-syntax-error/#findComment-186822 Share on other sites More sharing options...
corbin Posted February 17, 2007 Share Posted February 17, 2007 Actually sspoke, if that is the number of columns, it should work fine. What exactly is lyric? Also, I would try mysql_escape_real_string or addslashes on it. Link to comment https://forums.phpfreaks.com/topic/38852-mysql-syntax-error/#findComment-186823 Share on other sites More sharing options...
linuxdream Posted February 17, 2007 Share Posted February 17, 2007 You don't need to know the structure...you can jump directly to VALUES if each value corresponds to your table structure. Try enclosing the $table in '{$table}' instead. You don't really need the 's there unless you have a weird table name. So try {$table} too.. Link to comment https://forums.phpfreaks.com/topic/38852-mysql-syntax-error/#findComment-186824 Share on other sites More sharing options...
Patrick3002 Posted February 17, 2007 Author Share Posted February 17, 2007 I've tried $sql = "INSERT INTO `$table` (pc, pBy, email, lyric, song, artist, date) VALUES ('$pc', '$pBy', '$email', '$lyric', '$song', '$artist', '$date','','')"; mysql_query($sql); And i've also tried {$table} no luck... i appreciate all of the help Link to comment https://forums.phpfreaks.com/topic/38852-mysql-syntax-error/#findComment-186827 Share on other sites More sharing options...
linuxdream Posted February 17, 2007 Share Posted February 17, 2007 are those back tick's you are using for $table? try using just regular ' Link to comment https://forums.phpfreaks.com/topic/38852-mysql-syntax-error/#findComment-186832 Share on other sites More sharing options...
Patrick3002 Posted February 17, 2007 Author Share Posted February 17, 2007 The lyric var is: FIELD:lyric TYPE:blob ATTRIBUTES:BINARY NULL:No in phpmyadmin. But its technically song lyrics so basic text and chars such as: ' " [ ] etc. Thats what that var ($lyric) contains. The $table var just contains the table name (Lyrics_01) thats all that var contains, the var that has a problem is $lyric. $table="lyrics_01"; Heres the link if you can figure it out that way, click Add Lyric at the top. http://patricks.kicks-ass.net/lyrics/ Link to comment https://forums.phpfreaks.com/topic/38852-mysql-syntax-error/#findComment-186836 Share on other sites More sharing options...
hitman6003 Posted February 17, 2007 Share Posted February 17, 2007 are those back tick's you are using for $table? try using just regular ' If you are going to wrap a table or column name in anything it has to be a back-tic....as stated on this page in the mysql manual: http://dev.mysql.com/doc/refman/5.0/en/identifiers.html#id2817618 Link to comment https://forums.phpfreaks.com/topic/38852-mysql-syntax-error/#findComment-186838 Share on other sites More sharing options...
Jessica Posted February 17, 2007 Share Posted February 17, 2007 $lyric = mysql_real_escape_string($lyric); $sql = "INSERT INTO `$table` VALUES ('$pc', '$pBy', '$email', '$lyric', '$song', '$artist', '$date','','')"; mysql_query($sql); Link to comment https://forums.phpfreaks.com/topic/38852-mysql-syntax-error/#findComment-186839 Share on other sites More sharing options...
Patrick3002 Posted February 17, 2007 Author Share Posted February 17, 2007 $lyric = mysql_real_escape_string($lyric); $sql = "INSERT INTO `$table` VALUES ('$pc', '$pBy', '$email', '$lyric', '$song', '$artist', '$date','','')"; mysql_query($sql); Problem solved, thank you very much now i need to research mysql_real_escape_string to see exactly what that does so i understand whats going on, haha thanks alot man! Link to comment https://forums.phpfreaks.com/topic/38852-mysql-syntax-error/#findComment-186840 Share on other sites More sharing options...
linuxdream Posted February 17, 2007 Share Posted February 17, 2007 If you are going to wrap a table or column name in anything it has to be a back-tic....as stated on this page in the mysql manual: Thanks, Seems to work without them though. Link to comment https://forums.phpfreaks.com/topic/38852-mysql-syntax-error/#findComment-186843 Share on other sites More sharing options...
hitman6003 Posted February 17, 2007 Share Posted February 17, 2007 Seems to work without them though. It isn't necessary to quote the table and column names except in certain situations, however you can not use a single quote when you do. Link to comment https://forums.phpfreaks.com/topic/38852-mysql-syntax-error/#findComment-186847 Share on other sites More sharing options...
The_Assistant Posted February 17, 2007 Share Posted February 17, 2007 you could also use addslashes on $lyric $lyric = addslashes($lyric); $sql = "INSERT INTO `$table` VALUES ('$pc', '$pBy', '$email', '$lyric', '$song', '$artist', '$date','','')"; mysql_query($sql); Link to comment https://forums.phpfreaks.com/topic/38852-mysql-syntax-error/#findComment-186854 Share on other sites More sharing options...
Jessica Posted February 17, 2007 Share Posted February 17, 2007 No, you should use the database specific functions. If you're using mysql, use the mysql functions. http://us3.php.net/manual/en/security.database.sql-injection.php "Quote each non numeric user supplied value that is passed to the database with the database-specific string escape function" Link to comment https://forums.phpfreaks.com/topic/38852-mysql-syntax-error/#findComment-186856 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.