tags:

views:

83

answers:

4
+1  Q: 

Im going crazy [syntax error]

I cant beleive im having this problem... I've been looking and looking but i cant find see whats wrong. I hate this error message.

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' poster_ip, message, posted, thread_id INTO posts ' at line 1



mysql_query("INSERT poster, poster_ip, message, posted, thread_id
                INTO posts
                VALUES (
    {$post_info['poster']}, 
    '".mysql_real_escape_string($_SERVER['REMOTE_ADDR'])."', 
    '".mysql_real_escape_string($post_info['message'])."', 
    {$post_info['posted']}, 
    {$post_info['thread_id']}") or die (mysql_error());
+6  A: 

Your SQL syntax is wrong.

You should be using something similar to:

INSERT INTO posts (poster, poster_ip, message, posted, thread_id) VALUES (...)
Matthew Iselin  2010-07-27 03:23:44
+2  A: 

Maybe you should look at the doc ;) Insert Syntax

If you're going to put the column names you should put it after the table name.

Example: INSERT INTO table (col1, col2) VALUES (val1, val2)

MisterPhilip  2010-07-27 03:25:17
+1  A: 

Looks like a good opportunity to practice some debugging techniques. Try building the string you are passing to the function and assigning it to a variable, then echoing that variable to see what it is you are actually passing to the function. You can learn a lot that way about why you are getting errors. Also, it would help to know the data types of the columns you are inserting values into.

wshato  2010-07-27 03:27:35
A: 

I have written this code to show you why arrays are useful for query generation and less likely to make a syntax error if you need to add more fields in future.

$fields = array('poster, poster_ip, message, posted, thread_id'); // Our fields
$table = 'posts'; // Our table name
$values = array(
    $post_info['poster'], 
    $_SERVER['REMOTE_ADDR'], 
    $post_info['message'], 
    $post_info['posted'], 
    $post_info['thread_id']
);
$values = array_map('mysql_real_escape_string', $values); // Secure all inputs
// Generate query
$query = "INSERT INTO $table (" . implode(',', $fields) . ") VALUES ('" . implode("','", $values . "')";
// Run query
$result = mysql_query($query) or die('query error: ' . mysql_error());
Paul Dragoonis  2010-07-27 11:35:52

related questions

Remove Quotes and Commas from a String in MySQL
What's the best way of converting a mysql database to a sqlite one?
How do you manage databases in development, test, and production?
Multiple foreign keys?
Add 1 to a field (MySQL)
Issues using MS Access as a front-end to a MySQL database back-end?
Bigger than a char but smaller than a blob
How do I retrieve my MySQL username and password?
Long-time LAMP Developer moving to VB.NET
How do I Concatenate entire result sets in MySQL?
Full complete MySQL database replication? Ideas? What do people do?
SQL: Distribution of table in time
SQLite vs MySQL
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Multiple Updates in MySQL
MySQL/Apache Error in PHP MySQL query
What all do I need to escape when sending a (My)SQL query?
Auto Generate Database Diagram MySQL
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
Python and MySQL
SQL Server 2005 implementation of MySQL REPLACE INTO?
How to export data from SQL Server 2005 to MySQL
Throw Error In MySQL Trigger
Binary Data in MySQL