INSERT statement

I have

INSERT INTO new_material_chasssis (name,model,manufacturer,record_status,airflow_type,external_width,external_depth, external_height,weight,number_of_columns_front,number_of_columns_back,number_of_rows_front,number_of_rows_back,total_plugs, required_plugs,requires_diverse_power,power_consumption ) VALUES ( 'dhj, tedt','tedt','dhj','','',,, ,,,,,,,, ,)

but am getting
#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ', ,,,,,,,, ,)' at line 1
But, heres the table

CREATE TABLE new_material_chasssis (
   nlyte_material_id INT,
   name VARCHAR(50),
   model VARCHAR(25),
   manufacturer VARCHAR(25),
   record_status VARCHAR(15),
   airflow_type ENUM('Ambient','Front To Back'),
   external_width DECIMAL(6,3),
   external_depth DECIMAL(6,3),
   external_height DECIMAL(6,3),
   weight DECIMAL(6,3),
   number_of_columns_front TINYINT UNSIGNED,
   number_of_columns_back TINYINT UNSIGNED,
   number_of_rows_front TINYINT UNSIGNED,
   number_of_rows_back TINYINT UNSIGNED,
   total_plugs TINYINT UNSIGNED,
   required_plugs TINYINT UNSIGNED,
   plug_type VARCHAR(13),
   requires_diverse_power BOOLEAN,
   power_consumption DECIMAL(6,3),
   PRIMARY KEY ( new_material_id )

wheres the syntax error?

in the missing values amongst that series of commas

you have to put some value for every column you mention

even if you use NULL, to coerce the DEFAULT value for a column

1 Like

there supposed to fill out every value, but im trying to plan for idiots, so should I run this check

if(empty($_POST['var'])) { $var = "Null"; } else { $var = $_POST{'var']; }

And think about your data structure. I assume, this table could be divided.

You should never reply on the input in any case. You should always validate it.

1 Like

If the values are required, you should never get to the point of executing the query.

Your form processing code should trim, then validate all the inputs. Required inputs must not be empty. Inputs that also have a specific format, such as a date or email should then also have that format validated.

Also, why are you not using a prepared query, so that any sql special characters in the data won’t break the sql query syntax, which is how sql injection is accomplished?

im trying to use pdo to run the query, I thought that was what a try, catch block did?
Is this what u mean?

what happened when you tested it? ™

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.