MSSQL error: The name "XXX" is not permitted in this context

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
mjkomidar
Forum Newbie
Posts: 10
Joined: Wed Dec 30, 2009 9:59 am

MSSQL error: The name "XXX" is not permitted in this context

Post by mjkomidar »

Ok, so now I solved my last issue, but have hit the wall with this one... The following code produces this error:

MSSQL error: The name "XXX" is not permitted in this context. Valid expressions are constants, constant expressions, and (in some contexts) variables. Column names are not permitted.

Code: Select all

$sql = 'INSERT INTO tbl_jobs VALUES ('; 
$sql .= $_POST["company"]; 
$sql .= ','; 
$sql .= $_POST["location"]; 
$sql .= ','; 
$sql .= $_POST["title"]; 
$sql .= ','; 
$sql .= $_POST["desc"]; 
$sql .= ','; 
$sql .= $_POST["exper"]; 
$sql .= ','; 
$sql .= $_POST["edu"]; 
$sql .= ','; 
$sql .= $_POST["link"]; 
$sql .= ')';


In my troubleshooting, I verified that the variables are passing correctly, but it's treating it like a column name (according to the error). According to what I have seen, the syntax looks ok, but again, I am confused. I have googled this, but no luck so far.
User avatar
califdon
Jack of Zircons
Posts: 4484
Joined: Thu Nov 09, 2006 8:30 pm
Location: California, USA

Re: MSSQL error: The name "XXX" is not permitted in this context

Post by califdon »

Assuming that all these are strings, they need to be enclosed in quotation marks (as the complete SQL string is formed). I recommend that you echo the completed SQL string so that you can see what it actually looks like.

You should also be aware that directly inserting $_POST variables into your database is asking for serious trouble from hackers and bots. The variables need to be "cleansed" to remove any possible harmful code. If you were connected to a MySQL server, you could use the mysql_real_escape_string() function of PHP, but since you are connecting to a MSSQL server, you will need to use some other function.
mjkomidar
Forum Newbie
Posts: 10
Joined: Wed Dec 30, 2009 9:59 am

Re: MSSQL error: The name "XXX" is not permitted in this context

Post by mjkomidar »

When I ECHO the complete $sql, it correctly displays the variables with the values I put in the form. I tried quotes per se, but that just causes a Internal 500 Server Error.

Just so I'm on the same page, what should the code look like?
User avatar
califdon
Jack of Zircons
Posts: 4484
Joined: Thu Nov 09, 2006 8:30 pm
Location: California, USA

Re: MSSQL error: The name "XXX" is not permitted in this context

Post by califdon »

Show us exactly (copy and paste) what the results of your echo were.
User avatar
califdon
Jack of Zircons
Posts: 4484
Joined: Thu Nov 09, 2006 8:30 pm
Location: California, USA

Re: MSSQL error: The name "XXX" is not permitted in this context

Post by califdon »

Have you Googled for the error message? I find many references and explanations, such as at http://blog.sqlauthority.com/2007/03/22 ... permitted/ and http://forums.codecharge.com/posts.php?post_id=49717. I don't use MSSQL, so I am not familiar with specifics to that database.
mjkomidar
Forum Newbie
Posts: 10
Joined: Wed Dec 30, 2009 9:59 am

Re: MSSQL error: The name "XXX" is not permitted in this context

Post by mjkomidar »

INSERT INTO tbl_jobs VALUES (aa,bb,cc,dd,ee,ff,gg)
mjkomidar
Forum Newbie
Posts: 10
Joined: Wed Dec 30, 2009 9:59 am

Re: MSSQL error: The name "XXX" is not permitted in this context

Post by mjkomidar »

I've already looked at both of those, and when I try the idea from the 2nd one, I get an Internal Server 500 Error... Maybe I'll just go backl to MySQL which I have used with no problem for years.
User avatar
AbraCadaver
DevNet Master
Posts: 2572
Joined: Mon Feb 24, 2003 10:12 am
Location: The Republic of Texas
Contact:

Re: MSSQL error: The name "XXX" is not permitted in this context

Post by AbraCadaver »

mjkomidar wrote:I've already looked at both of those, and when I try the idea from the 2nd one, I get an Internal Server 500 Error... Maybe I'll just go backl to MySQL which I have used with no problem for years.
Or take the advice from earlier and quote the values:

Code: Select all

INSERT INTO tbl_jobs VALUES ('aa','bb','cc','dd','ee','ff','gg')
This assumes that you have exactly 7 columns. If you have more then you will have to use:

Code: Select all

INSERT INTO tbl_jobs (Column1, Column2, Column3, Column4, Column5, Column6, Column7) VALUES ('aa','bb','cc','dd','ee','ff','gg')
This is the same as MySQL (which I prefer) except you're getting a different error message.
mysql_function(): WARNING: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
mjkomidar
Forum Newbie
Posts: 10
Joined: Wed Dec 30, 2009 9:59 am

Re: MSSQL error: The name "XXX" is not permitted in this context

Post by mjkomidar »

or YOU could ready my posts and see that the quotes don't work
User avatar
AbraCadaver
DevNet Master
Posts: 2572
Joined: Mon Feb 24, 2003 10:12 am
Location: The Republic of Texas
Contact:

Re: MSSQL error: The name "XXX" is not permitted in this context

Post by AbraCadaver »

mjkomidar wrote:or YOU could ready my posts and see that the quotes don't work
Your output from the echo doesn't show quotes and they are "required". When people attempt to help you they are troubleshooting and so you need to follow the correct steps.
mysql_function(): WARNING: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
User avatar
califdon
Jack of Zircons
Posts: 4484
Joined: Thu Nov 09, 2006 8:30 pm
Location: California, USA

Re: MSSQL error: The name "XXX" is not permitted in this context

Post by califdon »

~mjkomidar, we understand that you are frustrated, we've all been there, but your sarcastic reaction to those trying to help you is counterproductive. We aren't always right, and we may not understand your exact situation, but man, WE ARE HERE FOR THE PURPOSE OF TRYING TO HELP YOU. If you cooperate and follow through on our suggestions, we can probably help you solve your problem.
Post Reply