MySQL insert error

[mtjo]

I run these queries and I get the same error even though it successfully inserts the data.

You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

Code:

mysql_query( "insert into project_client ( client_company, client_address, client_suite, client_po_box, client_city, client_state, client_country, client_zip, client_phone, client_fax, client_web_url ) values ( '$_POST[client_company]', '$_POST[client_address]', '$_POST[client_suite]', '$_POST[client_po_box]', '$_POST[client_city]', '$_POST[client_state]', '$_POST[client_country]', '$_POST[client_zip]', '$_POST[client_phone]', '$_POST[client_fax]', '$_POST[client_web_url]' )" );


mysql_query( "insert into project_client set client_company = '$_POST[client_company]', client_address = '$_POST[client_address]', client_suite = '$_POST[client_suite]', client_po_box = '$_POST[client_po_box]', client_city = '$_POST[client_city]', client_state = '$_POST[client_state]', client_country = '$_POST[client_country]', client_zip = '$_POST[client_zip]', client_phone = '$_POST[client_phone]', client_fax = '$_POST[client_fax]', client_web_url = '$_POST[client_web_url]'" );

However, I can open PHPMyAdmin and run this query directly w/o any errors.

I am running PHP5 RC2 with MySQL 4.1.1a-alpha-nt.

Any help appreciated on why this is occuring.

[maxor]

You really should make sure to clean up your variables and sanitize the data that comes from your HTML form before putting it into the DB.

PHP Code:

//-- make short vars

$company = $_POST['client_company'];
$address = $_POST['client_address'];
$suite = $_POST['client_suite'];
$po_box = $_POST['client_po_box'];
$city = $_POST['client_city'];
$state = $_POST['client_state'];
$country = $_POST['client_country'];
$zip = $_POST['client_zip'];
$phone = $_POST['client_phone'];
$fax = $_POST['client_fax'];
$web_url = $_POST['client_web_url'];

//-- Create SQL query
$sql = "INSERT INTO `project_client` 
         (client_company, 
          client_address, 
          client_suite, 
          client_po_box, 
          client_city, 
          client_state, 
          client_country, 
          client_zip, 
          client_phone, 
          client_fax, 
          client_web_url ) 
          VALUES( 
          '$company',
          '$address',
          '$suite',
          '$po_box',
          '$city',
          '$state',
          '$country',
          '$zip',
          '$phone',
          '$fax',
          '$web_url')";

//-- Run the query
mysql_query($sql); 


[mtjo]

Eric C. fixed me up. This works nicely.

Code:

$sql =  sprintf( "INSERT INTO %sproject_client (client_company, client_address, client_suite, client_po_box, " .
                     "client_city, client_state, client_country, client_zip, client_phone, client_fax, client_web_url) " .
                     "VALUES ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s')",
                     DBPREFIX, $_POST['client_company'], $_POST['client_address'], $_POST['client_suite'],
                     $_POST['client_po_box'], $_POST['client_city'], $_POST['client_state'], $_POST['client_country'],
                     $_POST['client_zip'], $_POST['client_phone'], $_POST['client_fax'], $_POST['client_web_url'] );

$stmt =& $db->createStatement( $sql );
$rs    =& $stmt->execute();