[prev in list] [next in list] [prev in thread] [next in thread] 

List:       php-db
Subject:    Re: [PHP-DB] Wrong SQL Syntax
From:       Chris <dmagick () gmail ! com>
Date:       2006-11-29 3:48:44
Message-ID: 456D031C.8000701 () gmail ! com
[Download RAW message or body]

Chris Carter wrote:
> My MySQL version is 5.0. I am trying to run this small query but getting this
> SQL error
> 
> "Error! Could not insert valuesYou have an error in your SQL syntax; check
> the manual that corresponds to your MySQL server version for the right
> syntax to use near ''userdata' ('fName', 'lName', 'email', 'confEmail',
> 'password', 'confirmPassword' at line 1"
> 
> The syntax that I am working on is:
> 
> $sql = "insert into 'userdata' ('fName', 'lName', 'email', 'confEmail',
> 'password', 'confirmPassword', 'address', 'city', 'state', 'postCode',
> 'gender', 'profession', 'ageGroup', 'mallPref', 'mailConsent') VALUES
> ($fName, $lName, $email, $confEmail, $password, $confirmPassword, $address,
> $city, $state, $postCode, $gender, $profession, $ageGroup, $mallPref,
> $mailConsent)";
> 
> dont understand where is it wrong. Does capitalization of INSERT also
> matters. I am new to this. Please advice.

It's not the capitals, it's the single quotes.

You don't need single quotes around the table or field names, you need 
them around the data:

$sql = "insert into userdata(fname, lname, email, confemail .....) 
values ('" . mysql_real_escape_string($fName) . "', '" . 
mysql_real_escape_string($lName) . "' .....

etc

Using mysql_real_escape_string will prevent sql injection attacks or 
problems where a name has a quote in it itself (eg O'Reilly).

Mysql supports backticks around the names:

insert into `userdata` (`fname` .....

(other db's don't like this though).

-- 
Postgresql & php tutorials
http://www.designmagick.com/

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[prev in list] [next in list] [prev in thread] [next in thread]