Jump to content

mysql syntax error


elginwick

Recommended Posts

I am trying to load multiple pieces of information from a form that is submitted.

for some reason i am getting an errror in one place, but not in the other place.

example

//start code

$add_master = "INSERT INTO master_name values ('', now(), now(), '$_POST[f_name]', '$_POST[l_name]',
'$_POST[dob]', '$_POST[ss]', '$_POST[session]') address values ('', '$_POST[address]', '$_POST[city]',
'$_POST[state]', '$_POST[zipcode]')";
mysql_query($add_master) or die(mysql_error());


//end code

there are no errors for this script

but then in this script

//start code

7 if (($_POST[address]) || ($_POST[city]) || ($_POST[state]) || ($_POST[zipcode])) {
8 $add_address = "insert into address values ('', '$_POST[address]', '$_POST[city]',
9 '$_POST[state]', '$_POST[zipcode]')";
10 mysql_query($add_address) or die(mysql_error());
11 }

//end code


there is an errror
here is what it says.

You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'address values ('', '111 Main St.', 'san franscisco', 'ca', '90215')' at line

I am using mysql 4.0.16

Not sure what to do, any help would be greatly appreciated.

thanks in advance
Link to comment
Share on other sites

probably an escaped characters problem. you should use addslashes() before inserting text data into your database

[a href=\"http://php.inspire.net.nz/manual/en/function.addslashes.php\" target=\"_blank\"]addslashes() in the php Manual[/a]
Link to comment
Share on other sites

I agree, but given the error mysql produces, it is however most probably this that produces the error, not to mention that it is horrible coding practice to not specify the fields (suppose you do this everywhere in your script and you need to add a field to your table, you would need to recode all your queries as this can only be used if the value count is the same as the total field count for the table)
Link to comment
Share on other sites

Instead of using addslashes() use mysql_real_escape_string() which will work even if you use a weird character encoding.

To the OP, you might want to try the alternative syntax:
[!--sql--][div class=\'sqltop\']SQL[/div][div class=\'sqlmain\'][!--sql1--][span style=\'color:blue;font-weight:bold\']insert[/span] [color=green]into[/color] [color=orange]tablename[/color] set `fieldname1` [color=orange]=[/color] [color=red]'value'[/color]. `fieldname2` [color=orange]=[/color] [color=red]'value'[/color]; [!--sql2--][/div][!--sql3--]
This way you always know what you're setting, you can leave out fields, and if you add a field to your database you might not have to add that field to all the mysql statements.

Ken
Link to comment
Share on other sites

I've had a problems before with table names & field names that were pretty "generic" or could be used by or mistaken as something else. By renaming the table and/or field name, the problem was solved.

try renaming your table to addresses or user_address or somthing similar. & of course, update your query to reflect the same. I'm not guaranteeing that it'll work for you, but it's worth a shot.
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.