stackoom
  简体   繁体   中英

PHP mysql can't insert database and error

 原文  2014-03-17 14:49:21       php/ mysql/ sql/ post/ syntax-error

Question

Need help here...

I receive an error code saying... 

SQL Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''students' (Lastname, Firstname, Middleinitial, Course, Year, Section, Studentnu' at line 1

by the way, i put add function in php using these codes... 

$Lastname = $_POST['Lastname'];
$Firstname = $_POST['Firstname'];
$Middleinitial = $_POST['Middleinitial'];
$Course = $_POST['Course'];
$Year = $_POST['Year'];
$Section = $_POST['Section'];
$Studentnumber = $_POST['Studentnumber'];
$Violation = $_POST['Violation'];
$Punishment = $_POST['Punishment'];
$Violationdate = $_POST['Violationdate'];
$Punishmentstartdate = $_POST['Punishmentstartdate'];
$CSlength = $_POST['CSlength'];
$Add = $_POST['add'];

$records = mysql_connect('localhost', 'root', '') or die(mysql_error());

mysql_select_db('records', $records);

$sql = ("INSERT INTO 'students' (Lastname, Firstname, Middleinitial, Course, Year, Section, Studentnumber, Violation, Punishment, Violationdate, Punishmentstartdate, CSlength) VALUES('$Lastname', '$Firstname', '$Middleinitial', '$Course', '$Year', '$Section', '$Studentnumber', '$Violation', '$Punishment', '$Violationdate', '$Punishmentstartdate', '$CSlength')");

$result = mysql_query($sql, $records);

if (!$result) 
die("SQL Error: ".mysql_error());

echo "Success";

thanks for the answer.... :))

4 answers

solution1
 2  2014-03-17 14:50:09

Get rid of the quotes around students . Either use ticks or nothing at all: 

$sql = ("INSERT INTO `students` (Lastname, Firstname, Middleinitial, Course, Year, Section, Studentnumber, Violation, Punishment, Violationdate, Punishmentstartdate, CSlength) VALUES('$Lastname', '$Firstname', '$Middleinitial', '$Course', '$Year', '$Section', '$Studentnumber', '$Violation', '$Punishment', '$Violationdate', '$Punishmentstartdate', '$CSlength')");

FYI, you are wide open to SQL injections .

solution2
 1  2014-03-17 15:29:32

Try this 

$Lastname = $_POST['Lastname'];
$Firstname = $_POST['Firstname'];
$Middleinitial = $_POST['Middleinitial'];
$Course = $_POST['Course'];
$Year = $_POST['Year'];
$Section = $_POST['Section'];
$Studentnumber = $_POST['Studentnumber'];
$Violation = $_POST['Violation'];
$Punishment = $_POST['Punishment'];
$Violationdate = $_POST['Violationdate'];
$Punishmentstartdate = $_POST['Punishmentstartdate'];
$CSlength = $_POST['CSlength'];
$Add = $_POST['add'];

 $records = mysql_connect('localhost', 'root', '') or die(mysql_error());

 mysql_select_db('records', $records);


$sql = ("INSERT INTO students (Lastname, Firstname, Middleinitial, Course, Year, Section, Studentnumber, Violation, Punishment, Violationdate, Punishmentstartdate, CSlength) VALUES('$Lastname', '$Firstname', '$Middleinitial', '$Course', '$Year', '$Section', '$Studentnumber', '$Violation', '$Punishment', '$Violationdate', '$Punishmentstartdate', '$CSlength')");


  $result = mysql_query($sql, $records);

  if (!$result) 
  die("SQL Error: ".mysql_error());

  echo "Success";

solution3
 1 ACCPTED  2014-03-23 08:47:48

You just have to modify you code like this! 

$Lastname = $_POST['Lastname'];
$Firstname = $_POST['Firstname'];
$Middleinitial = $_POST['Middleinitial'];
$Course = $_POST['Course'];
$Year = $_POST['Year'];
$Section = $_POST['Section'];
$Studentnumber = $_POST['Studentnumber'];
$Violation = $_POST['Violation'];
$Punishment = $_POST['Punishment'];
$Violationdate = $_POST['Violationdate'];
$Punishmentstartdate = $_POST['Punishmentstartdate'];
$CSlength = $_POST['CSlength'];
$Add = $_POST['add'];

$records = mysql_connect('localhost', 'root', '') or die(mysql_error());

mysql_select_db('records', $records);

$sql = "INSERT INTO students (Lastname, Firstname, Middleinitial, Course, Year, Section, Studentnumber, Violation, Punishment, Violationdate, Punishmentstartdate, CSlength) VALUES('$Lastname', '$Firstname', '$Middleinitial', '$Course', '$Year', '$Section', '$Studentnumber', '$Violation', '$Punishment', '$Violationdate', '$Punishmentstartdate', '$CSlength')";

$result = mysql_query($sql, $records);

if (!$result) 
die("SQL Error: ".mysql_error());

echo "Success";

solution4
 0  2014-03-17 17:38:54

Remove the brackets around the INSERT statement as well as put the table and column names inside the backtick, change it as below

$sql = "INSERT INTO `students` (`Lastname`, `Firstname`, `Middleinitial`, `Course`, `Year`, `Section`, `Studentnumber`, `Violation`, `Punishment`, `Violationdate`, `Punishmentstartdate`, `CSlength`) VALUES('$Lastname', '$Firstname', '$Middleinitial', '$Course', '$Year', '$Section', '$Studentnumber', '$Violation', '$Punishment', '$Violationdate', '$Punishmentstartdate', '$CSlength')" ;

Since your code is too much vulnerable to SQL injection, it is better to use mysql prepared statements.Use MySQLi or PDO class to achieve it.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Error with mysql_query in php - Can't insert information into database php i can't insert into mysql database but no error mysql - can't insert data into database with php PHP code can UPDATE MySQL database, but can't INSERT PHP won't insert data to Mysql database - No error thrown can't insert data in a mysql database using php Why can't i insert into mysql database using php? Can't insert new records through PHP into mysql database can't insert json data into mysql database in php I can't insert information into mysql database using php
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM