Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking for code must demonstrate a minimal understanding of the problem being solved. Include attempted solutions, why they didn't work, and the expected results. See also: Stack Overflow question checklist
Closed 9 years ago.
Improve this question
I'm using the below query to insert data into a MySQL database. But this not working.
I'm also using this type query in my other page and that's working fine.
This is the SQL query:
$query="INSERT INTO `add7ras_work`.`movies` (`url`, `title`, 'description')
VALUES ('$url','$title', '$desc');";
$result=mysql_query($query);
You used single quotes around description instead of backticks:
$query="INSERT INTO `add7ras_work`.`movies` (`url`, `title`, `description`) VALUES ('$url','$title', '$desc');";
Standard disclaimer: Read up on PDO and MySQLi as mysql_x functions are deprecated.
Bad quoting:
$query="INSERT INTO `add7ras_work`.`movies` (`url`, `title`, 'description')
^-- ^---
' quotes in SQL turn the quoted data into a string. This means you're using a string in a fieldname context, which does not work.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking for code must demonstrate a minimal understanding of the problem being solved. Include attempted solutions, why they didn't work, and the expected results. See also: Stack Overflow question checklist
Closed 9 years ago.
Improve this question
Been sitting here all morning trying to improve safety when users create a new user in my system. And finally when everything is fixed and everything works, and at the end of the code where i send informations to the database, im getting a SQL syntax error sigh!!
Here's the error i get:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'by) VALUES('tester', 'blabla', 'xx', 'bla#bla.dk', '1387708599', './gfx/profilbi' at line 1
And heres my code..
mysql_query("INSERT INTO brugere (brugernavn, kodeord, salt_encrypt, email, timestamp, img, ip, status, by) VALUES('$_POST[brugernavn]', '$_POST[kode]', 'vissevasse', '$_POST[email]', '$time', '$uploadfile', '$ip_adresse', '0', '$_POST[by]') ") or die(mysql_error());
hope you guys can spot this one, because i can't!
BY is a mysql reserved keyword you need to wrap it with back-ticks
INSERT INTO brugere (`brugernavn`, `kodeord`, `salt_encrypt`, `email`, `timestamp`, `img`, `ip`, `status`, `by`) ....
Reserved Words in MySQL
by
is a reserved mysql keyword
even when you code no longer will throw an error it is HIGHLY advisable that you do NOT use something like
'$_POST[brugernavn]'
directly in a query. Google for sql injection and maybe also consider what xkcd has to say about this
Your code is vulnerable to SQL Injection.
fetch post parameter using
$something = mysqli_real_eacape_string($_POST['<something>']);
and then use that variable in your insert query.
Also since mysql is deprecated use mysqli/PDO
For reserved mysql keyword try to use back tick character (`)
eg:
INSERT INTO users (by) VALUES ('Jibran')
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking for code must demonstrate a minimal understanding of the problem being solved. Include attempted solutions, why they didn't work, and the expected results. See also: Stack Overflow question checklist
Closed 8 years ago.
Improve this question
I am using this query to insert values, but it is not working.
$sql="INSERT INTO $tbl_name (type, weight, side, size, quantity)
VALUES ($stock_type, $weight, $side,$size,$quantity)";
In Database table 'value type' is varchar for all values
I don't know the column types but you need to quote values for string type fields:
$sql='INSERT INTO $tbl_name (type, weight, side, size, quantity)
VALUES ("$stock_type", "$weight", "$side", "$size" , "$quantity")';
If any of those columns are char, varchar or date you need to quote them.
$sql="INSERT INTO $tbl_name ( type, weight, side, size, quantity)
VALUES ('$stock_type', $weight, '$side', $size, $quantity)";
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking for code must demonstrate a minimal understanding of the problem being solved. Include attempted solutions, why they didn't work, and the expected results. See also: Stack Overflow question checklist
Closed 9 years ago.
Improve this question
I'm trying to let users insert a subject to an image. I know I can't use a WHERE clause in combination with an INSERT INTO statement, and I know that I should use SELECT. I am very new to mysql and I didn't understand the results I tried to search on google. So I needed a more specific answer;)
$classed = mysql_query("INSERT INTO images (subject) VALUES ('$_POST[subject]') WHERE image_id='$_POST[id]'");
You can't use WHERE in your INSERT statement. Consider trying UPDATE if you want to update existing rows, or INSERT without the WHERE to insert new rows.
Don't use the mysql_query function, as it deprecated. Try using PDO or mysqli_query instead.
Don't ever use unfiltered input in your query.
if you already have image_id value then you should UPDATE your table not INSERT.
you should escape your variables before inserting them in your table. by
mysql_real_escape_string()
try this:
$subject = mysql_real_escape_string($_POST['subject']) ;
$id =mysql_real_escape_string($_POST['id'] ) ;
$classed = mysql_query("UPDATE images
SET subject = '".$subject."'
WHERE image_id='".$id."' ");
You cannot use INSERT in existing rows, try UPDATE the SQL will be something like
UPDATE images SET subject = '...' WHERE id=x;
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 8 years ago.
This question appears to be off-topic because it lacks sufficient information to diagnose the problem. Describe your problem in more detail or include a minimal example in the question itself.
Questions concerning problems with code you've written must describe the specific problem — and include valid code to reproduce it — in the question itself. See SSCCE.org for guidance.
Improve this question
mysql_query("
INSERT INTO `LMS`.`Presentation`
('Pre_Name' ,'Path' ,'PLec_ID' ,'pdatein' ,'pdesc','PSems_ID')
values
('$fname','$newname','$com',NOW(),'$filedesc','$semes')"
) or die("failed");
Dear All,
I have a table named presentation and I am going to enter value to it, it is mentionable that $com and $sems are comboboxs value, but the query show failed, anyone could help please,
thanks in advance
You're using quotes when you should be using backticks:
mysql_query("INSERT INTO `LMS`.`Presentation` (`Pre_Name`, `Path`, ...
Or simply don't use any special character. The backtick is only necessary if you do something silly like use a reserved word as a column name and I would hope people would choose their column names to be more readable.
In other words, date and in and select are silly names for columns, you should be using expiry_date, isInLocation and selectionStatus.
change or die("failed") into or die(mysql_error()) and you'll know why.
btw, consider changing from mysql functions to mysqli functions. And use parameterized queries. Otherwise you will be open to SQL injection.
mysql_query("
INSERT INTO table
(column1, column2, column3, column4 .... columnX)
VALUES(column1Data,column2Data, column3Data, column4Data ... columnXdata)
") or die(mysql_error());
> rove on this example and if there isnt a alias for a table then could not use a alias.
everything hiddends on details..
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question appears to be off-topic because it lacks sufficient information to diagnose the problem. Describe your problem in more detail or include a minimal example in the question itself.
Closed 8 years ago.
Improve this question
With a the code,
mysql_query("INSERT INTO Messages (Message, toUser, From, Date) VALUES ('$mes','$to','$from','$date')")
I'm getting an SQL syntax error. What is the reason for this? I see nothing wrong with the syntax.
DATE is a reserved word in SQL, so I gather that it's triggering a syntax error when you use it as a column name because MySQL tries to parse it as something other than a column name.
Either escape your identifiers with backticks:
mysql_query("INSERT INTO `Messages` (`Message`, `toUser`, `From`, `Date`) VALUES ('$mes','$to','$from','$date')")
Or better, see if you can rename the column to something else that doesn't need escaping.
My guess is someone put a ' in one of the variables, thus making a query like
INSERT INTO Messages (Message, toUser, From, Date) VALUES ('Test','Joe O'Neil','Jack Smith','2011-12-20')
This is a syntax error because of the ' in "O'Neil". You need to escape your variables before using them in SQL.
$mes = mysql_real_escape_string($mes);
$to = mysql_real_escape_string($to);
$from = mysql_real_escape_string($from);
$date = mysql_real_escape_string($date);
mysql_query("INSERT INTO Messages (Message, toUser, From, Date) VALUES ('$mes','$to','$from','$date')");
Make your query, like:
//use mysql_real_escape_string for variables
mysql_query("INSERT INTO Messages (`Message`, `toUser`, `From`, `Date`) VALUES ('$mes','$to','$from','$date')")
There's probably a character in your variables that requires escaping. Use mysql_real_escape_string as described here: http://php.net/manual/en/function.mysql-real-escape-string.php