stackoom
  简体   繁体   中英

Invalid query: You have an error in your SQL syntax

 原文  2015-07-22 05:11:46       php/ mysql

Question

<?php
mysql_connect("mysql6.000webhost.com","a6124751_murali1","***");
$db= mysql_select_db("a6124751_signup");
$topic=$_GET["Topic"];
$question=$_GET["Question"];
$company =$_GET["Company"];
$query = "INSERT INTO questions (topic, question, company) VALUES ($topic, $question, $company)";
$sql1=mysql_query($query);
if (!$sql1) {
 die('Invalid query: ' . mysql_error());
}
?>

this is my php code in server where there is a table named 'questions' and i am trying to insert the data into it from the input got from the GET method using form at front end, i can figure out that data is coming properly from the client which i have checked using echo. I am getting an error as

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'name, type your question here, company)' at line 1

Don't know what is the error in the query. anyone find it out asap. thank you

3 answers

solution1
 5 ACCPTED  2015-07-22 05:13:51

You need to quote your values 

('$topic', '$question', '$company')

since those are strings.

Plus, you should escape your data for a few reasons. Not let MySQL complain about certain characters such as hyphens etc., and to protect against SQL injection.

Use prepared statements:

Reference(s):

Edit:

As an example using your present MySQL API: 

$topic    = mysql_real_escape_string($_GET['topic']);
$question = mysql_real_escape_string($_GET['question']);
$company  = mysql_real_escape_string($_GET['company']);

I don't know what your inputs are called, so that's just an example.

You mentioned about using $_GET for debugging but using a POST method.

  • Change all $_GET to $_POST above.

solution2
 1  2015-07-22 05:21:26

Try this 

<?php
$db = mysqli_connect('mysql6.000webhost.com', 'a6124751_murali1', 'default@123', 'a6124751_signup');

if (!$db) {
    die('Connect Error (' . mysqli_connect_errno() . ') '
            . mysqli_connect_error());
}

$topic = $_GET["Topic"];
$question = $_GET["Question"];
$company = $_GET["Company"];

$query = "INSERT INTO questions (topic, question, company) VALUES ('$topic', '$question', '$company')";
$sql1=mysqli_query($db, $query);
if(!$sql1)
{
    die('Invalid query: ' . mysqli_error($db));
}
?>

Fixes in your code

  • The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead

  • You need to quote your values ('$topic', '$question', '$company')

solution3
 0  2015-07-22 05:14:54

You have to put the values in single qoutes, if that are char types: 

$query = "INSERT INTO questions (topic, question, company) VALUES ('$topic', '$question', '$company')";

But you should not longer use the deprecated mysql_* API. Use mysqli_* or PDO with prepared statements.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Invalid query: You have an error in your SQL syntax; special characters Invalid query: You have an error in your SQL syntax; syntax to use near Invalid query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax Getting “you have an error in your sql syntax” error on insert query You have an error in your SQL syntax; and $db->query(ERROR: 1) You have an error in your SQL syntax. Query Error Error in MySQL Query: “You have an error in your SQL syntax; …” QUERY FAILED:You have an error in your SQL syntax; Unable to run query:You have an error in your SQL syntax Failed query You have an error in your SQL syntax
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM