[SOLVED] SQL Syntax: Am I Missing Something?

[refiking]

Here is the message I received when I ran my script:

 

You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '@yahoo.com,0000)' at line 2

 

Here is line 2:

include 'login.php';

 

My login script works fine when I use it to submit the form data, but when I click submit, it tells me about a SQL syntax error near line 2, but the data it is referring to is only at lines 84 & 85:

 

$s1 = "INSERT INTO Borrowers(bor_id,username,password,bfn,bln,tel,email,ssn)
VALUES ($borid,$user,$pass,$bfn,$bln,$tel,$email,$ssn)";

 

Am I Missing Something?

[trq]

Am I Missing Something?

 

Plenty.

 

$s1 = "INSERT INTO Borrowers(bor_id,username,password,bfn,bln,tel,email,ssn)
VALUES ('$borid','$user','$pass','$bfn','$bln','$tel','$email','$ssn')";

[refiking]

Ok.  What am I missing Thorpe?

[revraz]

Single quotes around all your variables.

[redarrow]

CORRECT WAY WITH ERROR DEBUG MODE

<?php
$s1 = "INSERT INTO Borrowers(bor_id,username,password,bfn,bln,tel,email,ssn)
VALUES('$borid','$user','$pass','$bfn','$bln','$tel','$email','$ssn')";
$sq1_result=mysql_query($s1)or die(mysql_error());
?>

 

you also need to post every varable

 

example with database protection

 

$user=mysql_real_escape_string($_POST['user']);

[refiking]

Redarrow, When I changed it to what you gave me, this is what it returned:

 

You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'Main St.,30144,1)' at line 2

[revraz]

Echo each variable before your INSERT statement to see if they actually contain what they should.  Sounds like you are not validating your data prior to inserting.

[redarrow]

use my example with databae protection when posting to a database.....

 

set the varables with mysql_real_escape_string($_POST['$what_ever_varable']);

 

your database has told you your using a , comma so use the syntax as i have provided.....

[Zane]

surround your variables with curly braces

 

VALUES('{$borid}','{$user}','{$pass}','{$bfn}','{$bln}','{$tel}','{$email}','{$ssn}')";

[redarrow]

dont use curly braces that makes the database force the insert that bad programming method also braces will soon be replaced with [] << these ok m8.....

[refiking]

Redarrow's post corrected the issue.  I have a $s1 and a $s2.  The error message came from the $s2.  When I added the single quote to every variable, it was corrected.  Thanks!

[Zane]

dont use curly braces that makes the database force the insert that bad programming method also braces will soon be replaced with []

 

eh...well color me old-fashioned...lol

[redarrow]

zanus as a advance programmer as you are yes you can do what ever, but as a begener it real harsh to say use curly braces you no that lol....

 

also zanus your code rocks have a grate new year mate.....

 

 

[Zane]

ditto dude

 

schwew...now I have to start all over again and learn php6..lol

[redarrow]

zanus i no it all about reading, php6 will really kill a lot off current used functions example eregi is not turned on anymore preg_regex is default, there going to be no more {} braces [] only also there going to be a lot more class functions lol, not sure but i even think the new mysql functions will be default not the old ones i use, big changes lots off god dam readaing

[Daniel0]

redarrow, what the str_reverse('kcuf') are you talking about? Curly braces are not going to be removed from PHP 6.

 

The only thing that will change with curly braces in PHP 6 is that it will be deprecated to use them for single character access. E.g.

<?php
$string = 'test';
echo $string{2} // "s" - deprecated in PHP 6
echo $string[2] // "s" - not deprecated in PHP 6
?>

 

Also, ereg will not be removed but moved to PECL and there is no function called preg_regex().

 

dont use curly braces that makes the database force the insert that bad programming method

That doesn't make any sense.