Page 1 of 1

SQL query error; any takers?

Posted: Thu Sep 11, 2008 4:47 pm
by cap2cap10
:banghead: Hello, php technorati. I am getting a strange error with my sql query:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '', 'English United States', 'Fluent', 'Spanish US', 'Intermediate', '', ' at line 6

Here is the code:

Code: Select all

<?php
if (isset($_POST['submitted']))
{
$userID=$_POST['userID'];
 $my_title=$_POST['my_title'];
 $new_title=$_POST['new_title'];
 $degree=$_POST['degree'];
 $grad_year=$_POST['grad_year'];
 $major=$_POST['major'];
 $years_exp=$_POST['years_exp'];
 $work_time=$_POST['work_time'];
 $salary=$_POST['salary'];
 $available=$_POST['available'];
 $contact_me=$_POST['contact_me'];
 $relocate=$_POST['relocate'];
 $travel_time=$_POST['travel_time'];
 $work_abroad=$_POST['work_abroad'];
 $legal_status=$_POST['legal_status'];
 $lang_1=$_POST['lang_1'];
 $fluent_1=$_POST['fluent_1'];
 $lang_2=$_POST['lang_2'];
 $fluent_2=$_POST['fluent_2'];
 $lang_3=$_POST['lang_3'];
 $fluent_3=$_POST['fluent_3'];
 $lang_4=$_POST['lang_4'];
 $fluent_4=$_POST['fluent_4'];
 $lang_5=$_POST['lang_5'];
 $fluent_5=$_POST['fluent_5'];
}
 
 
// Connect to server and select databse.
mysql_connect('*******************', '**************', '******************') or die(mysql_error());
mysql_select_db('js_info') or die(mysql_error());
 
mysql_query("INSERT INTO js_profile(userID, my_title, new_title, degree, grad_year, major, years_exp, work_time,
       salary, available, contact_me, relocate, travel_time,
       work_abroad, legal_status, lang_1, fluent_1, lang_2, fluent_2,
       lang_3, fluent_3, lang_4, fluent_4, lang_5, fluent_5) VALUES ('$userID', '$my_title', '$new_title',
       '$degree', '$grad_year', '$major', '$years_exp', '$work_time', '$salary', '$available',
       '$contact_me', '$relocate', '$travel_time', '$work_abroad', $legal_status', '$lang_1',
       '$fluent_1', '$lang_2', '$fluent_2', '$lang_3', '$fluent_3', '$lang_4', '$fluent_4',
       '$lang_5', '$fluent_5')") or die(mysql_error());
 
 
 
mysql_close();
 
header("Location: upload_resume.php");
 
?>
Does anyone see where I went wrong?

Batoe

Re: SQL query error; any takers?

Posted: Thu Sep 11, 2008 5:44 pm
by Christopher
Usually it is from not escaping values. You should wrap all of the $_POST values with the mysql real escape funciton.