I am trying to inserts some values to the database in my php program but I am getting the error
Parse error: parse error, expecting `T_STRING' or `T_VARIABLE' or `T_NUM_STRING' in C:\wamp\www\php\books.php on line 9
mysql_query..
mysql_query("insert into books values('$_GET["title"]','$_GET["author"]','$_GET["edition"]','$_GET["publish"]','$_GET["isbn"]',)") or die(mysql_error());
get your values in variables like
$title = $_GET["title"];
$author = $_GET["author"];
then use query like this
mysql_query("insert into books values('$title','$author','$edition','$publish','$isbn',)") or die(mysql_error());
you are using nested double quotes
mysql_query("insert into books values('{$_GET["title"]}','{$_GET["author"]}','{$_GET["edition"]}','{$_GET["publish"]}','{$_GET["isbn"]}',)") or die(mysql_error());
or
mysql_query("insert into books values('$_GET[title]','$_GET[author]','$_GET[edition]','$_GET[publish]','$_GET[isbn]',)") or die(mysql_error());
The good query is :
mysql_query("insert into books values('" . $_GET["title"] . "','" . $_GET["author"] . "','" . $_GET["edition"] . "','" . $_GET["publish"] . "','" . $_GET["isbn"] . "')") or die(mysql_error());
There are non escaped quotes but also a comma which has nothing to do here, at the end of the query.
Maybe you should learn PHP and its syntax first.
Related
I am trying to insert the results from a json array into MySQL using
foreach ($feed->items as $item) {
$query = "insert into data(id,url,keyword)values ($item->id, $item->url,$item->kind)";
$result = mysql_query($query);
echo $result;
}
I have confirmed the database details are OK and the $items are correct.
Can anyone point me in the right direction? I am fairly new to PHP so any help is appreciated.
You need to escape the values in the SQL:
$query = "insert into data(id,url,keyword)values ('" . mysql_real_escape_string($item->id) . "', '" . mysql_real_escape_string($item->url) . "' , '". mysql_real_escape_string($item->kind) . "')";
this adds quotation marks ' around the variables so that the SQL can be parsed at all
This prevents SQL injection.
You need to wrap your variabels in your query :
$query = "insert into data(id,url,keyword)values ('{$item->id}', '{$item->url}', '{$item->kind}')";
This sql query is not working:
$sql = "INSERT INTO top(topic_subject,topic_date, topic_cat, topic_by)
VALUES(" . mysql_real_escape_string($_POST['topic_subject']) . " , NOW()," . mysql_real_escape_string($_POST['topic_cat']) . " , " . isset ($_SESSION['user_id']) . ")";
how can I fix it?. I am getting this error message.
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 2`
It's likely that topic_subject is character data. To include literal strings in SQL text, it should be enclosed in single quotes.
... VALUES ('abc', ...
If you used prepared statements, this wouldn't be an issue, and for the love of all things that are beautiful and good in this world, don't use the deprecated PHP mysql_ interface for new development. It's been superseded by the mysqli_ and PDO interfaces.
You forgot the quotes.
$sql = "INSERT INTO top(topic_subject,topic_date, topic_cat, topic_by)
VALUES('" . mysql_real_escape_string($_POST['topic_subject']) . "' , NOW(),'" . mysql_real_escape_string($_POST['topic_cat']) . "' , '" . isset ($_SESSION['user_id']) . "')";
And be aware that mysql_* is deprecated. Use PDO or mysqli instead.
There are couple problems here.
Quote your strings
Make sure your data is of the correct type
$topic_subject = mysql_real_escape_string($_POST['topic_subject']);
$topic_date = NOW();
$topic_cat = mysql_real_escape_string($_POST['topic_cat']);
$topic_by = isset($_SESSION['user_id']) ? $_SESSION['user_id'] : ""; // always returns a string value.
$sql = "INSERT INTO top(topic_subject,topic_date, topic_cat, topic_by)
VALUES('{$topic_subject}' , {$right_now}, '{$topic_cat}' , '{$topic_by}')";
It may help you to use more variables in your code (shown) so that you can use a debugger to verify that the strings and variables you create have the values you intend them to have.
I've looked everywhere but I cant find an answer for this question. I've seen several solutions that have helped people, but when I try it, I see I'm doing everything right and have nothing to fix. I'm making a forum and i'm trying to insert these into a mysql table but every time I try it says:
Unknown column '6c09e4fe82d47011bf9b25b05946307f' in 'field list'.
The long code is a user id for one of the users, and Its supposed to get inserted, but for some reason its looking for a column with that name. I've only gotten up to the first query with an error so the second part might be totally fine, I don't know.
$sql = "INSERT INTO
topics(topic_subject,
topic_date,
topic_cat,
topic_by)
VALUES('" . mysql_real_escape_string($_POST['topic_subject']) . "',
NOW(),
" . mysql_real_escape_string($_POST['topic_cat']) . ",
". $_SESSION['userid'] ."
)";
$result = mysql_query($sql);
if(!$result)
{
//something went wrong, display the error
echo 'You did everything right, yet there is an error. WEIRD RIGHT???<br /><br />' . mysql_error();
$sql = "ROLLBACK;";
$result = mysql_query($sql);
}
else
{
//the first query worked, now start the second, posts query
//retrieve the id of the freshly created topic for usage in the posts query
$topicid = mysql_insert_id();
$sql = "INSERT INTO
posts(post_content,
post_date,
post_topic,
post_by)
VALUES
('" . mysql_real_escape_string($_POST['post_content']) . "',
NOW(),
" . $topicid . ",
". $_SESSION['userid'] ."
)";
$result = mysql_query($sql);
You're not quoting the string in the INSERT:
". $_SESSION['userid'] ."
Should be:
'". $_SESSION['userid'] ."'
" . mysql_real_escape_string($_POST['topic_cat']) . ",
needs to be enclosed in quotes
'" . mysql_real_escape_string($_POST['topic_cat']) . ",'
Just echo $sql; and you will see your error.
Also make sure you session_start();
I have tried all combinations of single quotes, double quotes etc but the following code keeps erroring with sql syntax error. The en and cy are paragraphs of text. I think I must be missing something obvious but I cant see it. Any suggestions?
$insert_dana = mysql_query("UPDATE Contributor (Summary_en,Summary_cy) VALUES ('" . mysql_real_escape_string($insert[en][0]) . "','" . mysql_real_escape_string($insert[cy][0]) . "') WHERE id='$insert[id]'");
You mixed insert and update statement syntax. Use this one
$insert_dana = mysql_query("UPDATE Contributor set Summary_en = '" . mysql_real_escape_string($insert[en][0]) . "', Summary_cy = '" . mysql_real_escape_string($insert[cy][0]) . "' WHERE id='$insert[id]'");
you're confusing the UPDATE- and the INSERT-syntax. for UPDATE, it's like:
UPDATE
table
SET
field = 'value'
WHERE
...
while an INSERT looks like:
INSERT INTO
table
(field)
VALUES
('value')
you can't write an UPDATE with (field) VALUES ('value')-syntax.
My sql query when I check manually in phpmyadmin works fine, but when I try to handle it through php mysql_query throw me a syntax error. How to solve this issue?
Error message:
Invalid query:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'INSERT INTO scores( user_id ) VALUES (LAST_INSERT_ID( ))' at line 1
Whole query:
INSERT INTO users (id_fb, name, first_name, last_name, email, link, first_login)
VALUES ('1000001010101010', 'Bart Roza', 'Bart', 'Roza', 'lalalala#gmail.com','http://www.facebook.com/profile.php?id=1000001010101010','2011-05-07 11:15:24');
INSERT INTO scores( user_id ) VALUES (LAST_INSERT_ID( ));
My php function:
public function createUser()
{
$time = date("Y-m-d H:i:s");
$insert = "INSERT INTO users (id_fb, name, first_name, last_name, email, link, first_login) VALUES (" .
"'" . $this->me['id'] . "', " .
"'" . $this->me['name'] . "', " .
"'" . $this->me['first_name'] . "', " .
"'" . $this->me['last_name'] . "', " .
"'" . $this->me['email'] . "'," .
"'" . $this->me['link'] . "'," .
"'" . $time . "'); " .
"INSERT INTO scores( user_id ) VALUES (LAST_INSERT_ID( ));";
$result = mysql_query($insert);
if (!$result) {
$message = 'Invalid query: ' . mysql_error() . "\n";
$message .= 'Whole query: ' . $insert;
die($message);
}
}
EDIT:
Thanks for the solution!
Since mysql_query accepts only one query you need to split your query string into 2 separated queries and perform it with 2 mysql_query calls.
You can not run multiple queries in once using mysql_query function. you have to run these two queries with separate mysql_query call
mysql_query() sends a unique query
(multiple queries are not supported)
AS #zerkms and #Shakti said, mysql_query does not support multiple queries. If you want to use such functionality, consider migrating to mysqli. It supports multiple queries in a single packet by mysqli_multi_query