<?php
if(isset($_POST['menu'])){
$con = mysql_connect("localhost","user","pass");
mysql_select_db("database", $con);
$sql="INSERT INTO menu (1, 3, 5, 7, 9, notes, order)
VALUES
('$_POST[1]','$_POST[3]','$_POST[5]','$_POST[7]','$_POST[9]','$_POST[notes]','$_POST[order]')";
mysql_query($sql,$con) or die('Send error: ' . mysql_error());
}
?>
It comes up with a mysql syntax error. By the way i used my username, password and database name on my site but i did not add them here :)
This is the message i get:
Send error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1, 3, 5, 7, 9, notes, order) VALUES ('test','test','test','test','test','test','test')' at line 1
Thanks for any help
[web] MySQL Syntax error! Help (PHP, mysql)
When make a entry with my form i use the following code to add the entry to my database:
You really have columns named 1,3,5,7, and 9?
Try (1, 3, 5, 7, 9, notes, `order`) instead.
Edit: I guess it is backticks instead of []s in MySQL.
Try (1, 3, 5, 7, 9, notes, `order`) instead.
Edit: I guess it is backticks instead of []s in MySQL.
Columns named 1, 3, 5, 7 and 9? Wow, you're almost ripe for TDWTF.
Anyway, aaron_ds is close. You need to use backticks. But you need to use them on the numbers instead:
Anyway, aaron_ds is close. You need to use backticks. But you need to use them on the numbers instead:
INSERT INTO menu (`1`, `3`, `5`, `7`, `9`, notes, order) ...
Quote:Original post by Sander'order', as in 'order by', is also an SQL keyword.
Anyway, aaron_ds is close. You need to use backticks. But you need to use them on the numbers instead:
Quote:Original post by ToohrVykQuote:Original post by Sander'order', as in 'order by', is also an SQL keyword.
Anyway, aaron_ds is close. You need to use backticks. But you need to use them on the numbers instead:
I think it depends on the dialect whether it is considered a keyword in that context.
edit: Looks like the ANSI grammar specification is not freely available, sorry.
edit2: Looks like MySql defines "order" as a reserved word (MySql 5.1: Reserved words, but e.g. Basis SQL seems to reserve "ORDERBY" only (Basis SQL Reserved words).
edit3: Okay, according to this, "ORDER" is a reserved word in ANSI Sql 2003. Note that SQL is not case sensitive, though some dialects are.
You might also want to consider what happens if someone types "'); DROP TABLE menu; SELECT ('" in the notes field of your form.
Look, i am not the best person at naming things, i have other numbers but i want to keep there defaults. Why should i not name things as numbers? Moving on...
Thanks anyway.
Thanks anyway.
Quote:Original post by Kylotan
You might also want to consider what happens if someone types "'); DROP TABLE menu; SELECT ('" in the notes field of your form.
Depending on the PHP version and configuration, it might do nothing but spit back an error, since they've disabled that feature in all current versions because most PHP developers are idiots who couldn't spell "SQL Injection" even if it was right in front of their noses.
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement