Probably a really simple one to do with quotes but php is not my thing!
"INSERT INTO feedback_test (FirstName, LastName, Age) VALUES
('$_POST[firstname]','$_POST[lastname]','$_POST[age]')"
getting the error unexpected T_ENCAPSED_AND_WHITESPACE expecting T_STRING or T_VARIABLE or T_NUM_STRING
In PHP, every statement ends with a semocolon.
So add a semocolon (;) to your line.
Again, you are not adding single quotes (') to your posted values.
So, in total, update your query to:
"INSERT INTO feedback_test (FirstName, LastName, Age) VALUES
('$_POST[\'firstname\']','$_POST[\'lastname\']','$_POST[\'age\']')";
You don't give index of $_POST with quote. if index of $_POST is string then it must be give with puote.
just try this
"INSERT INTO `feedback_test` (`FirstName`, `LastName`, `Age`) VALUES
('".$_POST['firstname']."','".$_POST['lastname']."','".$_POST['age']."')"
Try this query
$query = "INSERT INTO feedback_test (FirstName, LastName, Age) VALUES
('".$_POST["firstname"]."','".$_POST["lastname"]."','".$_POST["age"]."')";
$query = "INSERT INTO feedback_test (FirstName, LastName, Age) VALUES ('".$_POST['firstname']."','".$_POST['lastname']."','".$_POST['age']."')";
Related
my php code which is throwing errors is as follows:
$stmt = $con->prepare('INSERT INTO listOfRides (address, time) VALUES
('$address', '$time')') ;
I have looked at other posts and it seems I am using the variables correctly with the single quotes around them however the following error is being shown when visiting the URL:
Parse error: syntax error, unexpected T_VARIABLE in /home/gbidjght/public_html
/insertRide.php on line 79
Any help is appreciated
If you escaped the single quotes you would end up with the string literals "$address" and "$time" being inserted into your DB:
$stmt = $con->prepare('INSERT INTO listOfRides (address, time) VALUES (\'$address\', \'$time\')');
However assuming that they should be variables, you should use double quotes around your SQL statement to allow PHP to actually parse your variables as their values:
$stmt = $con->prepare("INSERT INTO listOfRides (address, time) VALUES ('$address', '$time')");
That being said, since you're already preparing your statement, why not just use placeholders anyway? It'll be a safer way to protect against SQL injection.
$stmt = $con->prepare("INSERT INTO listOfRides (address, time) VALUES (?, ?)");
$stmt->execute(array($address, $time));
change the outer quotes to double quotes
$stmt = $con->prepare("INSERT INTO listOfRides (address, time) VALUES
('$address', '$time')") ;
You can't put mysql ' in php '
Use this
$stmt = $con->prepare("INSERT INTO listOfRides (address, time) VALUES
('$address', '$time')") ;
Because of the 's the error is coming. Add " instead of '.Try this -
$stmt = $con->prepare("INSERT INTO listOfRides (address, time) VALUES ('$address', '$time')") ;
$stmt = $con->prepare("INSERT INTO `listOfRides` (`address`, `time`)
VALUES
($address, $time)") ;
$sql = "INSERT INTO users (name, password, email, phone, address)
VALUES ('$_POST['name']', '$_POST['password']', '$_POST['email']', '$_POST['phone']', '$_POST['address']', )";
As one can possibly see, I am trying to insert these values into my table; however I am getting an unexpected error: Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/csc4370FA14_18/public_html/program/assignments/group project3/register.php on line 35.
I assume it has something to do with the single quotations; is there a way to fix this with double quotes, backslash characters?
Try assigning post values to new variable and then use the new variables in your sql statement. For example,
$name = $_POST['name'];
$sql = "INSERT INTO users ".
"(name) ".
"VALUES('$name')";
This should solve your purpose.
$sql = "INSERT INTO users (name, password, email, phone, address)
VALUES ('".$_POST['name']."', '".$_POST['password']."', '".$_POST['email']."', '".$_POST['phone']."', '".$_POST['address']."', )";
Note: I hope you are adding something after the last , in the query, otherwise this query will fail.
I'm trying to insert a new record in a MySQL database from PHP, which I've done a million times before, but for some reason, I can't get it to work this time, and it really bugs me.
Inserting strings into all the varchar collumns are going great, but when I get to inserting a value into the int column, I get an error telling me that I have a syntax error.
Basically, the first query works just fine, but the second one returns the error, and as you can see, I've made damn sure it really is an integer I'm trying to insert.
I hope somebody can help. I'm really starting to develop a headache over this :/
$groupId2 = 5;
$groupId = (int)$groupId2;
if(!mysqli_query($link, "INSERT INTO contestants (firstName, lastname, email) VALUES ('$firstName', '$lastName', '$email')"))
echo "First: " . mysqli_error($link);
if(!mysqli_query($link, "INSERT INTO contestants (firstName, lastname, email, group) VALUES ('$firstName', '$lastName', '$email', '$groupId')"))
echo "Second: " . mysqli_error($link);
group is a mysql keyword use back quotes around it
"INSERT INTO contestants (firstName, lastname, email, `group`)
VALUES ('$firstName', '$lastName', '$email', '$groupId')"
The error is because you surrounded your int with ' ', you need to get rid of your apostrophes and it will work just fine.
if(!mysqli_query($link,
"INSERT INTO contestants
(firstName, lastname, email, group) VALUES
('$firstName', '$lastName', '$email', $groupId)"))
^^^^^^^^^
To clarify, when inserting numerical fields you do not need them.
According to pst this is wrong, although, the fact you do not need single quotes is still correct.
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'and email) VALUES ('','','')' at line 1
i am now getting this error for specifically this line:
$sql= "INSERT INTO tbl_member (username, password and email) VALUES ('$username','$password','$email')";
It should be:
$sql= "INSERT INTO tbl_member (username, password, email) VALUES ('$username','$password','$email')";
First of all, you don't use the 'AND' keyword like that.
$sql = "INSERT INTO tbl_member (username, password, email) VALUES ('$user','$pass','$mail')";
Secondly, the error message indicates that at the time the query is run the 3 variables, $user, $pass and £mail are empty.
What are the names of your columns? if it's really "password and email", you should use backticks surronding them:
$sql= "INSERT INTO tbl_member (`username`, `password and email`) VALUES ('$username','$password','$email')";
otherwise use #Shivan-Raptor 's sollution?
There's gotta be something small I keep missing here, but I can't find it for the life of me.
$insert = mysql_query("INSERT INTO USERS
(`FBID`, `FIRST_NAME`, `LAST_NAME`, `GENDER`)
VALUES ('$fbid', '$firstName', '$lastName', '$gender')");
The error is:
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1' at line 1
Any ideas?
You are not having variables correctly escaped. Use mysql_real_escape_string and code like this:
$insert = mysql_query("INSERT INTO USERS (`FBID`, `FIRST_NAME`, `LAST_NAME`, `GENDER`)
VALUES (
'".mysql_real_escape_string($fbid)."',
'".mysql_real_escape_string($firstName)."',
'".mysql_real_escape_string($lastName)."',
'".mysql_real_escape_string($gender)."'
)");
If the variables contain any quotes, they create the problem if you don't properly escape them.
Do any of your names contain single quotes?
Try writing out the value of the query to log/console/debug to ensure that it's what you expect.
Try wrapping your variables in {}.
'{$fbid}', '{$firstName}', '{$lastName}', '{$gender}'
Otherwise you are going to have to use string concatenation.
'".$fbid."','".$firstName."','"...
I'm assuming your variables already contain proper escaped data.
Try doing it like this:
$sql = <<EOL
INSERT INTO USERS (`FBID`, `FIRST_NAME`, `LAST_NAME`, `GENDER`)
VALUES ('$fbid', '$firstName', '$lastName', '$gender')
EOL;
$stmt = mysql_query($sql) or die("MySQL error: " . mysql_error());
This will preserve the query for you in $sql so you can echo it out elsewhere and see what was actually produced.