Page 1 of 1

MSSQL error: The name "XXX" is not permitted in this context

Posted: Wed Jan 06, 2010 12:41 pm
by mjkomidar
Ok, so now I solved my last issue, but have hit the wall with this one... The following code produces this error:

MSSQL error: The name "XXX" is not permitted in this context. Valid expressions are constants, constant expressions, and (in some contexts) variables. Column names are not permitted.

Code: Select all

$sql = 'INSERT INTO tbl_jobs VALUES ('; 
$sql .= $_POST["company"]; 
$sql .= ','; 
$sql .= $_POST["location"]; 
$sql .= ','; 
$sql .= $_POST["title"]; 
$sql .= ','; 
$sql .= $_POST["desc"]; 
$sql .= ','; 
$sql .= $_POST["exper"]; 
$sql .= ','; 
$sql .= $_POST["edu"]; 
$sql .= ','; 
$sql .= $_POST["link"]; 
$sql .= ')';


In my troubleshooting, I verified that the variables are passing correctly, but it's treating it like a column name (according to the error). According to what I have seen, the syntax looks ok, but again, I am confused. I have googled this, but no luck so far.

Re: MSSQL error: The name "XXX" is not permitted in this context

Posted: Wed Jan 06, 2010 12:48 pm
by califdon
Assuming that all these are strings, they need to be enclosed in quotation marks (as the complete SQL string is formed). I recommend that you echo the completed SQL string so that you can see what it actually looks like.

You should also be aware that directly inserting $_POST variables into your database is asking for serious trouble from hackers and bots. The variables need to be "cleansed" to remove any possible harmful code. If you were connected to a MySQL server, you could use the mysql_real_escape_string() function of PHP, but since you are connecting to a MSSQL server, you will need to use some other function.

Re: MSSQL error: The name "XXX" is not permitted in this context

Posted: Wed Jan 06, 2010 12:59 pm
by mjkomidar
When I ECHO the complete $sql, it correctly displays the variables with the values I put in the form. I tried quotes per se, but that just causes a Internal 500 Server Error.

Just so I'm on the same page, what should the code look like?

Re: MSSQL error: The name "XXX" is not permitted in this context

Posted: Wed Jan 06, 2010 1:14 pm
by califdon
Show us exactly (copy and paste) what the results of your echo were.

Re: MSSQL error: The name "XXX" is not permitted in this context

Posted: Wed Jan 06, 2010 1:21 pm
by califdon
Have you Googled for the error message? I find many references and explanations, such as at http://blog.sqlauthority.com/2007/03/22 ... permitted/ and http://forums.codecharge.com/posts.php?post_id=49717. I don't use MSSQL, so I am not familiar with specifics to that database.

Re: MSSQL error: The name "XXX" is not permitted in this context

Posted: Wed Jan 06, 2010 1:22 pm
by mjkomidar
INSERT INTO tbl_jobs VALUES (aa,bb,cc,dd,ee,ff,gg)

Re: MSSQL error: The name "XXX" is not permitted in this context

Posted: Wed Jan 06, 2010 1:24 pm
by mjkomidar
I've already looked at both of those, and when I try the idea from the 2nd one, I get an Internal Server 500 Error... Maybe I'll just go backl to MySQL which I have used with no problem for years.

Re: MSSQL error: The name "XXX" is not permitted in this context

Posted: Wed Jan 06, 2010 1:35 pm
by AbraCadaver
mjkomidar wrote:I've already looked at both of those, and when I try the idea from the 2nd one, I get an Internal Server 500 Error... Maybe I'll just go backl to MySQL which I have used with no problem for years.
Or take the advice from earlier and quote the values:

Code: Select all

INSERT INTO tbl_jobs VALUES ('aa','bb','cc','dd','ee','ff','gg')
This assumes that you have exactly 7 columns. If you have more then you will have to use:

Code: Select all

INSERT INTO tbl_jobs (Column1, Column2, Column3, Column4, Column5, Column6, Column7) VALUES ('aa','bb','cc','dd','ee','ff','gg')
This is the same as MySQL (which I prefer) except you're getting a different error message.

Re: MSSQL error: The name "XXX" is not permitted in this context

Posted: Wed Jan 06, 2010 1:53 pm
by mjkomidar
or YOU could ready my posts and see that the quotes don't work

Re: MSSQL error: The name "XXX" is not permitted in this context

Posted: Wed Jan 06, 2010 2:02 pm
by AbraCadaver
mjkomidar wrote:or YOU could ready my posts and see that the quotes don't work
Your output from the echo doesn't show quotes and they are "required". When people attempt to help you they are troubleshooting and so you need to follow the correct steps.

Re: MSSQL error: The name "XXX" is not permitted in this context

Posted: Wed Jan 06, 2010 2:53 pm
by califdon
~mjkomidar, we understand that you are frustrated, we've all been there, but your sarcastic reaction to those trying to help you is counterproductive. We aren't always right, and we may not understand your exact situation, but man, WE ARE HERE FOR THE PURPOSE OF TRYING TO HELP YOU. If you cooperate and follow through on our suggestions, we can probably help you solve your problem.