Page 1 of 1

table name problem

Posted: Wed Jan 12, 2011 1:05 am
by madu
hi friends,
i have store database table name in $rt which is get from user,,,,,, but when i am using this variable in my query it shows a sql error that is ( you have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' )

Code: Select all

$un=$_POST['uname'];
$e=$_POST['eid'];
if(isset($_POST[but]))
 {
$sql="insert into ' ".$rt." ' values (' ".$un." ',' ".$e." ')";
if(mysql_query($sql,$con) or die("error in insertion".mysql_error()))
echo "Successfully Added";
}

Re: table name problem

Posted: Wed Jan 12, 2011 1:25 am
by Christopher
Use backticks, not single quotes, around table and column names.

http://dev.mysql.com/doc/refman/5.0/en/identifiers.html

Re: table name problem

Posted: Wed Jan 12, 2011 2:39 am
by madu
if i give table name directly instead of using variable it works,,,,,problem is only om variable

Re: table name problem

Posted: Wed Jan 12, 2011 3:07 am
by social_experiment
Where do you define the value of $rt?

Re: table name problem

Posted: Wed Jan 12, 2011 3:13 am
by madu
$rt value iss defined as

$rt=trim((String)'<script language=javascript>
function show()
{
var show=document.getElementById("ty").options[document.getElementById("ty").selectedIndex].value;
document.write(show);
}
</script>');

Re: table name problem

Posted: Wed Jan 12, 2011 4:10 pm
by Christopher
You need to escape data inserted into the database using mysql_real_escape_string().

http://us.php.net/manual/en/ref.mysql.php