MySQL Syntax Error WITH emails - php

I am trying to get POST'ed form variables and mySQL is throwing an error when trying to insert them. I can't figure for the life of me why. Hopefully someone can help out.
function submitFound(){
global $dbc;
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
$query =
"INSERT INTO found1
(fname, lname, email, phone, name, color, make, model, sizes, info, location)
VALUES
(" .
mysql_real_escape_string($_POST['fname']) . "," .
mysql_real_escape_string($_POST['lname']) . "," .
mysql_real_escape_string($_POST['email']) . "," .
mysql_real_escape_string($_POST['phone']) . "," .
mysql_real_escape_string($_POST['name']) . "," .
mysql_real_escape_string($_POST['color']) . "," .
mysql_real_escape_string($_POST['make']) . "," .
mysql_real_escape_string($_POST['model']) . "," .
mysql_real_escape_string($_POST['size']) . "," .
mysql_real_escape_string($_POST['info']) . "," .
mysql_real_escape_string($_POST['location']). ")";
$results = mysqli_query($dbc, $query);
check_results($results);
//return $mysqli_insert_id($dbc);
mysqli_free_result($results);
}
}
That is the function that is submitting the information. (Generic information about an item. This is the mySQL error getting thrown.
MySQL Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '#gmail.com,444-444-4444,Book,#000040,NA,NA,Large,Nothing special,Byrne House)' at line 4
This is what I input in the form. http://puu.sh/8l35Z.png
So yeah, any help would be great. Not sure if it is just something stupid. My eyes are starting to cross :P
Thanks in advance.
EDIT*
Fixed the Strings but am still getting an error:
New Code:
$query =
"INSERT INTO found1
(fname, lname, email, phone, name, color, make, model, sizes, info, location)
VALUES
('" .
mysql_real_escape_string($_POST['fname']) . "','" .
mysql_real_escape_string($_POST['lname']) . "','" .
mysql_real_escape_string($_POST['email']) . "','" .
mysql_real_escape_string($_POST['phone']) . "','" .
mysql_real_escape_string($_POST['name']) . "','" .
mysql_real_escape_string($_POST['color']) . "','" .
mysql_real_escape_string($_POST['make']) . "','" .
mysql_real_escape_string($_POST['model']) . "','" .
mysql_real_escape_string($_POST['size']) . "','" .
mysql_real_escape_string($_POST['info']) . "','" .
mysql_real_escape_string($_POST['location']). "')'";
MySQL error: MySQL Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 4


As John Conde mentioned, you need to add quotes around your values, your error message shows this.
#gmail.com,444-444-4444,Book,#000040,NA,NA
Notice the missing quotes, it should look like this
'#gmail.com','444-444-4444','Book','#000040','NA','NA'
Try this
VALUES
('" .
mysql_real_escape_string($_POST['fname']) . "','" .
mysql_real_escape_string($_POST['lname']) . "','" .
mysql_real_escape_string($_POST['email']) . "','" .

Related

Can someone help me out with this mysql query [closed]

Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 7 years ago.
Improve this question
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')'
$sql = "INSERT INTO
topics(topic_subject,
topic_date,
topic_cat,
topic_by)
VALUES('" . mysql_real_escape_string($_POST['topic_subject']) . "',
NOW(),
" . mysql_real_escape_string($_POST['topic_cat']) . ",
" . $_SESSION['fullname'] . "
)";

You are missing quotes around string values here is your new sql
ql = "INSERT INTO
topics(topic_subject,
topic_date,
topic_cat,
topic_by)
VALUES('" . mysql_real_escape_string($_POST['topic_subject']) . "',
NOW(),
'" . mysql_real_escape_string($_POST['topic_cat']) . "',
'" . $_SESSION['fullname'] . "'
)";

You need to put quotes around the value that are stored as VARCHAR, I guess $_SESSION['fullname'] in this case. Like this:
$sql = "INSERT INTO
topics(topic_subject,
topic_date,
topic_cat,
topic_by)
VALUES('" . mysql_real_escape_string($_POST['topic_subject']) . "',
NOW(),
" . mysql_real_escape_string($_POST['topic_cat']) . ",
'" . $_SESSION['fullname'] . "'
)";

Try the following:
You were missing single quotations.
$sql = "INSERT INTO
topics(topic_subject,
topic_date,
topic_cat,
topic_by)
VALUES('" . mysql_real_escape_string($_POST['topic_subject']) . "',
NOW(),
'" . mysql_real_escape_string($_POST['topic_cat']) . "',
'" . $_SESSION['fullname'] . "'
)";

Error in Inserting Values into PostgreSQL table through php

I'm trying to insert received values into postgresql table using php. I can't figure out why this statement doesn't work
$query = "INSERT INTO user_info (name, emailAddress, phoneNumber, jobDesc) VALUES ('" . $name . "," . $emailAddr . "," . $phoneNumber . "," . $jobDesc ."')";
I get this error:
Query failed: ERROR: column "emailaddress" of relation "user_info" does not exist
However, I tried this one:
$query = "INSERT INTO user_info VALUES ('" . $name . "," . $emailAddr . "," . $phoneNumber . "," . $jobDesc ."')";
It works, but it inserts all values into first column!
I'm not sure what I'm missing here!

I think you are missing a whole host of single quotes in your VALUES list...
$query = "INSERT INTO user_info (name, emailAddress, phoneNumber, jobDesc) VALUES ('" . $name . "','" . $emailAddr . "','" . $phoneNumber . "','" . $jobDesc ."')";

SQL Query Error "T_CONSTANT_ENCAPSED_STRING" Error [closed]

This question is unlikely to help any future visitors; it is only relevant to a small geographic area, a specific moment in time, or an extraordinarily narrow situation that is not generally applicable to the worldwide audience of the internet. For help making this question more broadly applicable, visit the help center.
Closed 9 years ago.
In the code below I am erring out with a T_CONSTANT_ENCAPSED_STRING error
$query = "INSERT INTO Accounts (FirstName,LastName,Email,Phone,salt,passwd,City,State)
VALUES ('"
. $_POST['FirstName'] . "','"
. $_POST['LastName'] . "','"
. $_POST['Email'] . "','"
. $_POST['Phone'] . "','"
. $salt . "','"
. hashPasswd($_POST['passwd'], $salt "','"
. ($_POST['City']
. "','"
. ($_POST['State'] . "'
);
Edit: Thanks for all the help on this question everyone. Sorry about the poor question, I was new to S/O at the time and didn't read up on how to ask a good question on S/O, which I know am much more familiar with. Again, thanks for the patience.

Try this . You were missing the " at the end to close the Insert ". I have broke the lines so that you can identify the missing quotes easily
$query = "INSERT INTO Accounts (FirstName,LastName,Email,Phone,salt,passwd,City,State)
VALUES ('". $_POST['FirstName'] . "',
'". $_POST['LastName'] . "',
'". $_POST['Email'] . "',
'". $_POST['Phone'] . "',
'". $salt . "',
'". hashPasswd($_POST['passwd'], $salt "',
'". ($_POST['City']. "',
'". ($_POST['State'] . "'
)";

You are missing a " at the end of line:
. ($_POST['State'] . "'"
and three closing )'s and a .:
. hashPasswd($_POST['passwd'], $salt "','")
. ($_POST['City'])
. "','"
. ($_POST['State'] . "'")
)
Cleand up the last three lines should look like:
. hashPasswd($_POST['passwd'], $salt) ."','"
. $_POST['City'] . "','"
. $_POST['State'] . "'"
)

How to save the data in the array directly to the database? with php

For example:
array('u_ad'=>'example name','u_mail'=>'example#mail.com','u_sifre'=>'exapmlepass')
Required query:
$sql = "INSERT INTO uyeler
(u_ad,u_mail,u_sifre)
VALUES
('example name','example#mail.com','examplepass')";
How I do that?

$sql = "INSERT INTO uyeler (". implode(",", array_keys($array)) .") VALUES ('". implode("','", $array) ."')";

Quick/dirty/unsafe:
$sql = "INSERT INTO uyeler (u_ad,u_mail,u_sifre) VALUES ('" . $theArray['u_ad'] . "','" . $theArray['u_mail'] . "','" . $theArray['u_sifre'] . "')";
Better:
$ad = mysql_real_escape_string($theArray['u_ad']);
$mail = mysql_real_escape_string($theArray['u_mail']);
$sifre = mysql_real_escape_string($theArray['u_sifre']);
$sql = "INSERT INTO uyeler (u_ad,u_mail,u_sifre) VALUES ('" . $ad . "','" . $mail . "','" . $sifre . "')";

Don't mess around with escaping! You should be using prepared statements where possible, and using PDO is a good way to do it.
See:
Why you Should be using PHP’s PDO for Database Access
ext/mysqli: Part I - Overview and Prepared Statements

SELECT LAST_INSERT_ID() *updated

I'm looking to use SELECT LAST_INSERT_ID()
Am using a form to have a user input values. With the first insert I need to get the last inserted id for the next insert... I have not figured out how to get the last selected id and then pass it into my 2nd insert statement
I have updated my code though I still can not get the id to post into the table
include("config.inc.php");
$link = mysql_connect($db_host,$db_user,$db_pass);
if(!$link) die ('Could not connect to database: '.mysql_error());
mysql_select_db($db_name,$link);
$query = "INSERT into `".$db_table."` (producer_id,series_id,lang_id,title_name,title_public_access) VALUES ('" . $_POST['producer_id'] . "','" . $_POST['series_id'] . "','" . $_POST['lang_id'] . "','" . $_POST['title_name'] . "','" . $_POST['title_public_access'] . "')";
$last_id = mysql_insert_id();
$query = "INSERT into `".$db_table2."` (seg_id, file_video_UNC,file_video_URL) VALUES ('" . '$last_id' . "','" . $_POST['file_video_UNC'] . "','" . $_POST['file_video_URL'] . "')";
mysql_query($query);
mysql_close($link);

There's a function for that, called mysql_insert_id().
... first query here ...
$last_id = mysql_insert_id();
$sql = "INSERT INTO $db_table SET
file_video = " . $_POST['file_video_UNC'].",
file_video_URL = " . $_POST['file_video_URL'] . ",
insert_id_of_first_query = $last_id";
...
Your updated code doesn't send the query to database - as a result no INSERT, so no LAST_INSERT_ID
$query = "INSERT into ".$db_table."
(producer_id,series_id,lang_id,title_name,title_public_access) VALUES
('" . $_POST['producer_id'] . "','"
. $_POST['series_id'] . "','"
. $_POST['lang_id'] . "','" . $_POST['title_name'] . "','"
. $_POST['title_public_access'] . "')";
mysql_query($query); /* YOU FORGOT THIS PART */
$last_id = mysql_insert_id();

You can't just dump a query into a string on its own in a line of PHP. You should have used LAST_INSERT_ID() inside your second query or, better, use PHP's mysql_insert_id() function which wraps this for you in the API.

In the line:
$query = "INSERT into `".$db_table2."` (seg_id, file_video_UNC,file_video_URL) VALUES ('" . '$last_id' . "','" . $_POST['file_video_UNC'] . "','" . $_POST['file_video_URL'] . "')";
I think VALUES ('" . '$last_id' . "', should just be VALUES ('" . $last_id . "', without the single quotes around the variable.

Categories