This is my code to insert registration information
$query = "INSERT INTO $tbl_name
(idmembers,name,email,phone,
jn_dt,pan,pwd,
enroller_id,enrolled_id,tside)
VALUES ('$name', '$email', '$phone',
'$jn_dt', '$pan', '$pwd',
'$enroller_id', '$enrolled_id', '$tside')";
$data = mysql_query($query)or die(mysql_error());
if($data) {
header("location:registration.php?sucessful=true");
}
but I am getting the error "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'hjkoputrd', '123654', 'F' at line 16"... Please help me.. thanks in advance..
You are inserting field idmembers, but you dont use it in values.
If your idmembers column is autoincrementing you do not have to specify it in query.
"INSERT INTO $tbl_name (name,email,phone,jn_dt,pan,pwd,enroller_id,enrolled_id,tside) VALUES ('$name', '$email', '$phone', '$jn_dt', '$pan', '$pwd', '$enroller_id', '$enrolled_id', '$tside')"
I think column idmembers is your PRIMARY KEY auto increament thats way you are not using it in VALUES.
If it is a PK than just remove that column from your query.
You aren't including anything into idmembers. If is autoincrement in idmembers set to true, idmembers will be included and set automatically, so you must remove it from your query.
Related
$bzSendMail = mysqli_query($Connection, "INSERT INTO messages_inbox (from, towho, subject, text, rcvdat) VALUES ('$MyID', '$SenderID', '$subject', '$text' ,'$sentat')");
I'm trying to make this query works, but it keeps showing me the following error!
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'from, towho, subject, text, rcvdat) VALUES ('1', '2', 'd', 'd' ,'2014-09-07 17:0' at line 1
Anyone can help me?
you are using
FROM
as a column name in your table. You can use '' to specify the column name but it is always better not to use that kind of names as your column names.
$bzSendMail = mysqli_query($Connection, "INSERT INTO messages_inbox (`from`, `towho`, `subject`, `text`, `rcvdat`) VALUES ('$MyID', '$SenderID', '$subject', '$text' ,'$sentat')");
From is a key word in Mysql use backward quotes to skip this as follows
$bzSendMail = mysqli_query($Connection, "INSERT INTO messages_inbox (`from`, `towho`, `subject`, `text`, `rcvdat`) VALUES ('$MyID', '$SenderID', '$subject', '$text' ,'$sentat')");
from is a reserved word in sql. Make backticks around it.
I entered the following sql query in phpmyadmin, it successfully inserted a new record.
INSERT INTO `table` (id, timestamp) VALUES (1, '2013-09-18 13:00')
However, when I try to use it using php.
//...connection
$query = "INSERT INTO `table` (id, timestamp) VALUES (1, '2013-09-18 13:00')";
$result = mysql_query($query, $cms2013) or die("error:".mysql_error());
It throws error like this:
error:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '13:00)' at line...
Can someone provide me some hints? Thank you.
your query is working fine i have checked it from my end.
Please execute the following.
$sql = "INSERT INTO tables (id, timestamp) VALUES (1, '2013-09-18 13:00')";
mysql_query($sql) or die("! sql");
Have you selected the database before mysql_query()?
Try query using:
$query = "INSERT INTO `db_name`.`table` (id, timestamp) VALUES (1, '2013-09-18 13:00')";
$result = mysql_query($query, $cms2013) or die("error:".mysql_error());
I'm repeatedly getting a syntax error when inserting in to mysql, normally this works fine but I can't seem to get it to work. I can echo out the variables no problem but for some reason I can't insert them.
variables (the session vars are brought over from another page)
session_start();
$name=$_SESSION['bName'];
$email=$_SESSION['email'];
$ship_address = $_SESSION['sAddress'];
$voucher=$_SESSION['voucher'];
$sku=$_SESSION['sku'];
$credit_card=$_POST['credit_card'];
$security_code=$_POST['security_code'];
$payment_type=$_POST['payment_type'];
$cc_number=substr($credit_card, 0, 4) . str_repeat('x', (strlen($credit_card) - 4)) . substr($credit_card, -4, 4);
$phone=$_SESSION['billPhone'];
$status="Redeemed";
$date = date('Y/m/d');
$tracking ="";
insert query
//Insert Queries
$sqlInsert = "INSERT INTO `customers`(`name`, `email`, `address`, `phone`, `sku`, `creditcard`, `securitycode`, `paymenttype`, `voucher`, `purchase_id`, `tracking`, `status`, `date_recieved`)
VALUES( $name, $email, $ship_address, $phone, $sku, $credit_card, $security_code, $payment_type, $voucher, $purchase_id, $tracking, $status, $date)";
mysql_query($sqlInsert) or die ('Error Inserting into database' . mysql_error());
I've also tried
VALUES( '$name', '$email', '$ship_address', '$phone', '$sku', '$credit_card', '$security_code', '$payment_type', '$voucher', '$purchase_id', '$tracking', '$status', '$date')
but it doesn't work. The error I get is
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'lastname, fahad#semail.com, 22 toronto ont l6a0l4, 416-123-4567, 1001234, 1234567' at line 1
Any ideas?
Thanks
all string values must be quoted.
VALUES("'.$name.'", "'.$email.'" ...
Do it like this, so the fields are delimited:
VALUES( '$name', '$email', ...
check your error message to see what kind of garbage you are currently generating.
You could use PDO to create prepared statements instead. Then you won't have to worry about escaping your values like drdwilcox's example 'Jerry''s'. It also helps as a counter measure against SQL Injection attacks.
I would almost guarantee that you have a single-quote in your name field. If you want to place a single quote into a string field in SQL, you must double it: 'Jerry''s'
And you need the '$name' version.
I have the following lines of PHP code in my file along with some other code:
$command = "INSERT INTO inventory_items (Index, Name, Price) VALUES (NULL, 'Diamond', '3.99')";
$insertion = mysql_query($command) or die(mysql_error());
if ($insertion == FALSE)
{
echo "Error: Insert failed.";
}
else
{
echo "Insert successful.";
}
It keeps returning this error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Index, Name, Price) VALUES (NULL, 'Diamond', '3.99')' at line 1
myAdmin says I am using MySQL client version 5.0.91. What am I doing wrong? I just can't figure it out! I tried searching a lot...
Index is a reserved word in MySQL and as such, you need to either change the name of the column, or escape it with backticks. Try this $command:
$command = "INSERT INTO inventory_items (`Index`, Name, Price) VALUES (NULL, 'Diamond', '3.99')";
Read more about reserved words here: http://dev.mysql.com/doc/refman/5.0/en/reserved-words.html
Try this:
$command = "INSERT INTO inventory_items (`Index`, Name, Price) VALUES (NULL, 'Diamond', '3.99');";
MySQL reserved words and how to treat them.
Can you verify that the columns in your inventory_items table are:
Index
Name
Price
And that you have the Index field set to AUTO_INCREMENT.
The best thing is probably to remove that field from your insert statement.
Try
$command = "INSERT INTO inventory_items (Name, Price) VALUES ('Diamond', '3.99')";
Since you're not inserting an Index anyway.
Hope that helps!
There's gotta be something small I keep missing here, but I can't find it for the life of me.
$insert = mysql_query("INSERT INTO USERS
(`FBID`, `FIRST_NAME`, `LAST_NAME`, `GENDER`)
VALUES ('$fbid', '$firstName', '$lastName', '$gender')");
The error is:
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1' at line 1
Any ideas?
You are not having variables correctly escaped. Use mysql_real_escape_string and code like this:
$insert = mysql_query("INSERT INTO USERS (`FBID`, `FIRST_NAME`, `LAST_NAME`, `GENDER`)
VALUES (
'".mysql_real_escape_string($fbid)."',
'".mysql_real_escape_string($firstName)."',
'".mysql_real_escape_string($lastName)."',
'".mysql_real_escape_string($gender)."'
)");
If the variables contain any quotes, they create the problem if you don't properly escape them.
Do any of your names contain single quotes?
Try writing out the value of the query to log/console/debug to ensure that it's what you expect.
Try wrapping your variables in {}.
'{$fbid}', '{$firstName}', '{$lastName}', '{$gender}'
Otherwise you are going to have to use string concatenation.
'".$fbid."','".$firstName."','"...
I'm assuming your variables already contain proper escaped data.
Try doing it like this:
$sql = <<EOL
INSERT INTO USERS (`FBID`, `FIRST_NAME`, `LAST_NAME`, `GENDER`)
VALUES ('$fbid', '$firstName', '$lastName', '$gender')
EOL;
$stmt = mysql_query($sql) or die("MySQL error: " . mysql_error());
This will preserve the query for you in $sql so you can echo it out elsewhere and see what was actually produced.