[prev in list] [next in list] [prev in thread] [next in thread]
List: php-db
Subject: Re: [PHP-DB] Wrong SQL Syntax
From: Chris <dmagick () gmail ! com>
Date: 2006-11-29 3:48:44
Message-ID: 456D031C.8000701 () gmail ! com
[Download RAW message or body]
Chris Carter wrote:
> My MySQL version is 5.0. I am trying to run this small query but getting this
> SQL error
>
> "Error! Could not insert valuesYou have an error in your SQL syntax; check
> the manual that corresponds to your MySQL server version for the right
> syntax to use near ''userdata' ('fName', 'lName', 'email', 'confEmail',
> 'password', 'confirmPassword' at line 1"
>
> The syntax that I am working on is:
>
> $sql = "insert into 'userdata' ('fName', 'lName', 'email', 'confEmail',
> 'password', 'confirmPassword', 'address', 'city', 'state', 'postCode',
> 'gender', 'profession', 'ageGroup', 'mallPref', 'mailConsent') VALUES
> ($fName, $lName, $email, $confEmail, $password, $confirmPassword, $address,
> $city, $state, $postCode, $gender, $profession, $ageGroup, $mallPref,
> $mailConsent)";
>
> dont understand where is it wrong. Does capitalization of INSERT also
> matters. I am new to this. Please advice.
It's not the capitals, it's the single quotes.
You don't need single quotes around the table or field names, you need
them around the data:
$sql = "insert into userdata(fname, lname, email, confemail .....)
values ('" . mysql_real_escape_string($fName) . "', '" .
mysql_real_escape_string($lName) . "' .....
etc
Using mysql_real_escape_string will prevent sql injection attacks or
problems where a name has a quote in it itself (eg O'Reilly).
Mysql supports backticks around the names:
insert into `userdata` (`fname` .....
(other db's don't like this though).
--
Postgresql & php tutorials
http://www.designmagick.com/
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic