1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 6:14 am Apr 28, 2026

Forum Moderators: coopster

Message Too Old, No Replies

simple php query not working

         

trendz

9:40 pm on May 10, 2011 (gmt 0)

10+ Year Member



hello i am trying to get this query to insert information into my database from a form. my first query for customer_table is working, but the almost exact same query for phone_table is not working any ideas why?

here is the 1st query that is working 



<html>
<body>
<?php
$con = mysql_connect('localhost','root','');
if (!$con)
 {
 die('Could not connect: ' . mysql_error());
 }

mysql_select_db("trendzphones")or die(mysql_error());


$result = mysql_query("INSERT INTO customer_table (License_Num, First_Name, Last_Name, Address, City, usaState, Zip_code)
VALUES
('$_POST[License_Num]','$_POST[First_Name]','$_POST[Last_Name]','$_POST[Address]','$_POST[City]','$_POST[usaState]','$_POST[Zip_code]')")
or die(mysql_error());

echo "1 customer record added";

mysql_close($con)
?>


<FORM>
<INPUT TYPE="BUTTON" VALUE="Main Menu" ONCLICK="window.location.href='open.html'">
<INPUT TYPE="BUTTON" VALUE="add phone" ONCLICK="window.location.href='test3.html'">
</FORM>

</body>
</html>



the code above adds the customer to the database with no problems, but this code here gives me the error message;

"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Condition, Date, Paid) VALUES ('verizon','apple','iphone 4','a00000123456','wa' at line 1"

the verizon, apple, iphone, etc.. is just the info that i tried adding to the database. 



<html>
<body>
<?php
$con = mysql_connect('localhost','root','');
if (!$con)
 {
 die('Could not connect: ' . mysql_error());
 }

mysql_select_db("trendzphones")or die(mysql_error());


$result1 = mysql_query("INSERT INTO phone_table (Carrier, Make, Model, IMEI_Hex_ESN, Condition, Date, Paid)
VALUES
('$_POST[Carrier]','$_POST[Make]','$_POST[Model]','$_POST[IMEI_Hex_ESN]','$_POST[Condition]','$_POST[Date]','$_POST[Paid]')")
or die(mysql_error());


echo "1 phone record added";

mysql_close($con)
?>

<FORM>
<INPUT TYPE="BUTTON" VALUE="Main Menu" ONCLICK="window.location.href='open.html'">
<INPUT TYPE="BUTTON" VALUE="add phone" ONCLICK="window.location.href='test3.html'">
</FORM>

</body>
</html>



I'm stumped since the code structure looks the same to me i don't understand why the first one would work and the 2nd would give me a error message and not add the data.

any ideas or thoughts would be greatly appreciated.

i can post what my fields look like, but I'm pretty sure the naming is correct.

thank you

jNorth

9:52 pm on May 10, 2011 (gmt 0)

10+ Year Member



You should read up on SQL injection.

Perhaps one of your posted vars has a single or double quote in it.

and if the date column in a date or timestamp, odds are it is not formated correctly

eelixduppy

9:54 pm on May 10, 2011 (gmt 0)



Condition is a reserved word: [dev.mysql.com...]

All words such as these must be escaped using the prime character (`). For example: 


INSERT INTO phone_table (`Carrier`, `Make`, `Model`, `IMEI_Hex_ESN`, `Condition`, `Date`, `Paid`) VALUES (......)

trendz

8:12 pm on May 11, 2011 (gmt 0)

10+ Year Member



it was the reserved word, i can't believe i didn't catch that.
thank you
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 6:14 am Apr 28, 2026