Welcome to WebmasterWorld Guest from 54.146.28.90

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

simple php query not working

     
9:40 pm on May 10, 2011 (gmt 0)

New User

5+ Year Member

joined:May 10, 2011
posts:2
votes: 0


hello i am trying to get this query to insert information into my database from a form. my first query for customer_table is working, but the almost exact same query for phone_table is not working any ideas why?

here is the 1st query that is working



<html>
<body>
<?php
$con = mysql_connect('localhost','root','');
if (!$con)
{
die('Could not connect: ' . mysql_error());
}

mysql_select_db("trendzphones")or die(mysql_error());


$result = mysql_query("INSERT INTO customer_table (License_Num, First_Name, Last_Name, Address, City, usaState, Zip_code)
VALUES
('$_POST[License_Num]','$_POST[First_Name]','$_POST[Last_Name]','$_POST[Address]','$_POST[City]','$_POST[usaState]','$_POST[Zip_code]')")
or die(mysql_error());

echo "1 customer record added";

mysql_close($con)
?>


<FORM>
<INPUT TYPE="BUTTON" VALUE="Main Menu" ONCLICK="window.location.href='open.html'">
<INPUT TYPE="BUTTON" VALUE="add phone" ONCLICK="window.location.href='test3.html'">
</FORM>

</body>
</html>



the code above adds the customer to the database with no problems, but this code here gives me the error message;

"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Condition, Date, Paid) VALUES ('verizon','apple','iphone 4','a00000123456','wa' at line 1"

the verizon, apple, iphone, etc.. is just the info that i tried adding to the database.



<html>
<body>
<?php
$con = mysql_connect('localhost','root','');
if (!$con)
{
die('Could not connect: ' . mysql_error());
}

mysql_select_db("trendzphones")or die(mysql_error());


$result1 = mysql_query("INSERT INTO phone_table (Carrier, Make, Model, IMEI_Hex_ESN, Condition, Date, Paid)
VALUES
('$_POST[Carrier]','$_POST[Make]','$_POST[Model]','$_POST[IMEI_Hex_ESN]','$_POST[Condition]','$_POST[Date]','$_POST[Paid]')")
or die(mysql_error());


echo "1 phone record added";

mysql_close($con)
?>

<FORM>
<INPUT TYPE="BUTTON" VALUE="Main Menu" ONCLICK="window.location.href='open.html'">
<INPUT TYPE="BUTTON" VALUE="add phone" ONCLICK="window.location.href='test3.html'">
</FORM>

</body>
</html>



I'm stumped since the code structure looks the same to me i don't understand why the first one would work and the 2nd would give me a error message and not add the data.

any ideas or thoughts would be greatly appreciated.

i can post what my fields look like, but I'm pretty sure the naming is correct.

thank you
9:52 pm on May 10, 2011 (gmt 0)

New User

5+ Year Member

joined:Aug 4, 2010
posts:18
votes: 0


You should read up on SQL injection.

Perhaps one of your posted vars has a single or double quote in it.

and if the date column in a date or timestamp, odds are it is not formated correctly
9:54 pm on May 10, 2011 (gmt 0)

Senior Member

WebmasterWorld Senior Member eelixduppy is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 12, 2005
posts:5966
votes: 0


Condition is a reserved word: [dev.mysql.com...]

All words such as these must be escaped using the prime character (`). For example:


INSERT INTO phone_table (`Carrier`, `Make`, `Model`, `IMEI_Hex_ESN`, `Condition`, `Date`, `Paid`) VALUES (......)
8:12 pm on May 11, 2011 (gmt 0)

New User

5+ Year Member

joined:May 10, 2011
posts:2
votes: 0


it was the reserved word, i can't believe i didn't catch that.
thank you