SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Enthusiast
    Join Date
    Jul 2002
    Posts
    96
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    MySQL insert error

    I run these queries and I get the same error even though it successfully inserts the data.

    You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

    Code:
    mysql_query( "insert into project_client ( client_company, client_address, client_suite, client_po_box, client_city, client_state, client_country, client_zip, client_phone, client_fax, client_web_url ) values ( '$_POST[client_company]', '$_POST[client_address]', '$_POST[client_suite]', '$_POST[client_po_box]', '$_POST[client_city]', '$_POST[client_state]', '$_POST[client_country]', '$_POST[client_zip]', '$_POST[client_phone]', '$_POST[client_fax]', '$_POST[client_web_url]' )" );
    
    
    mysql_query( "insert into project_client set client_company = '$_POST[client_company]', client_address = '$_POST[client_address]', client_suite = '$_POST[client_suite]', client_po_box = '$_POST[client_po_box]', client_city = '$_POST[client_city]', client_state = '$_POST[client_state]', client_country = '$_POST[client_country]', client_zip = '$_POST[client_zip]', client_phone = '$_POST[client_phone]', client_fax = '$_POST[client_fax]', client_web_url = '$_POST[client_web_url]'" );
    However, I can open PHPMyAdmin and run this query directly w/o any errors.

    I am running PHP5 RC2 with MySQL 4.1.1a-alpha-nt.

    Any help appreciated on why this is occuring.

  2. #2
    With More ! for your $ maxor's Avatar
    Join Date
    Feb 2004
    Location
    Scottsdale, Arizona
    Posts
    909
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You really should make sure to clean up your variables and sanitize the data that comes from your HTML form before putting it into the DB.

    PHP Code:
    //-- make short vars

    $company $_POST['client_company'];
    $address $_POST['client_address'];
    $suite $_POST['client_suite'];
    $po_box $_POST['client_po_box'];
    $city $_POST['client_city'];
    $state $_POST['client_state'];
    $country $_POST['client_country'];
    $zip $_POST['client_zip'];
    $phone $_POST['client_phone'];
    $fax $_POST['client_fax'];
    $web_url $_POST['client_web_url'];

    //-- Create SQL query
    $sql "INSERT INTO `project_client` 
             (client_company, 
              client_address, 
              client_suite, 
              client_po_box, 
              client_city, 
              client_state, 
              client_country, 
              client_zip, 
              client_phone, 
              client_fax, 
              client_web_url ) 
              VALUES( 
              '
    $company',
              '
    $address',
              '
    $suite',
              '
    $po_box',
              '
    $city',
              '
    $state',
              '
    $country',
              '
    $zip',
              '
    $phone',
              '
    $fax',
              '
    $web_url')";

    //-- Run the query
    mysql_query($sql); 

  3. #3
    SitePoint Enthusiast
    Join Date
    Jul 2002
    Posts
    96
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Eric C. fixed me up. This works nicely.

    Code:
    $sql =  sprintf( "INSERT INTO %sproject_client (client_company, client_address, client_suite, client_po_box, " .
                         "client_city, client_state, client_country, client_zip, client_phone, client_fax, client_web_url) " .
                         "VALUES ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s')",
                         DBPREFIX, $_POST['client_company'], $_POST['client_address'], $_POST['client_suite'],
                         $_POST['client_po_box'], $_POST['client_city'], $_POST['client_state'], $_POST['client_country'],
                         $_POST['client_zip'], $_POST['client_phone'], $_POST['client_fax'], $_POST['client_web_url'] );
    
    $stmt =& $db->createStatement( $sql );
    $rs    =& $stmt->execute();


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •