Page 1 of 1

insert error

Posted: Wed Nov 03, 2004 12:59 am
by bimo
I am having problems with a silly little mysql insert statement that I hope someone can help me with. Everytime I run this:

Code: Select all

$query3 = "insert into table employee (emp_fname, emp_lname, emp_id, emp_perm, emp_pass, emp_email) values ($emp_fname, $emp_lname, $emp_id, $emp_perm, $emp_pass, $emp_email)";
I get an error like this where it truncates the query
Check the manual that corresponds to your MySQL server version for the right syntax to use near 'table employee (emp_fname, emp_lname, emp_id, emp_perm, emp_pas
at first it seemed to be cutting it where the line was wrapping but I tried turning wordwrap off and it still didn't work. Is this the kind of thing that something like mysql_escape_string would work on?

Posted: Wed Nov 03, 2004 2:12 am
by timvw
as the error says: read the manual :p varchar values need to be between quotes...

Code: Select all

$query3 = "insert into table employee (emp_fname, emp_lname, emp_id, emp_perm, emp_pass, emp_email) values ('$emp_fname', '$emp_lname', '$emp_id', '$emp_perm', '$emp_pass', '$emp_email')";

doh...

Posted: Wed Nov 03, 2004 7:25 am
by bimo
I'm sorry for asking such a simple, simple question.

..thanks

Posted: Wed Nov 03, 2004 7:54 am
by bimo
it looks like I spoke too soon. It seems to do the same thing. Here's the entire error
Array ( ) cannot insert record: insert into table employee (emp_fname, emp_lname, emp_id, emp_perm, emp_pass, emp_email) values ('Qndres', Swift, 'ahws123', '8', 'bdb123', 'd@b.com'). - You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'table employee (emp_fname, emp_lname, emp_id, emp_perm, em
the code is

Code: Select all

$query3 = "insert into table employee 
			(emp_fname, emp_lname, emp_id, emp_perm, emp_pass, emp_email) 
			values ('$emp_fname', '$emp_lname', '$emp_id', '$emp_perm', '$emp_pass', '$emp_email')"; 
$result3 = mysql_query($query3) or die ("cannot insert record: $query3. - " . mysql_error());

Posted: Wed Nov 03, 2004 8:27 am
by swdev
The syntax for inserting values into a table is

Code: Select all

INSERT INTO
  table_name (col1, ...)
VALUES
  (val1, ...)
so your code should be

Code: Select all

$query3  = 'INSERT INTO ';
$query3 .=  'employee ';
$query3 .= '(emp_fname, emp_lname, emp_id, emp_perm, emp_pass, emp_email)';
$query3 .= ' VALUES (';
$query3 .= mysql_escape_string($emp_fname);
$query3 .= mysql_escape_string($emp_lname);
$query3 .= mysql_escape_string($emp_id);
$query3 .= mysql_escape_string($emp_perm);
$query3 .= mysql_escape_string($emp_pass);
$query3 .= mysql_escape_string($emp_email);
$query3 .= ')';
$result3 = mysql_query($query3) or die ('cannot insert record: ' . $query3 . ' - ' . mysql_error());
One of the reasons for constructing the query like this, is that is is easy to see if you have forgotten a quote.
Also, any data that you enter into the database should be protected by the mysql_escape_string. This makes sure that if your data contains the quote character, it is correctly escaped.

Hope this helps

Posted: Wed Nov 03, 2004 9:48 am
by Draco_03
don't forget that you might have a space at the end of your row's name. (like i did)
So when you created your table be sure there is nospace (it's sometimes hard to pin point)

if you have phpmyadmin , go look at your table and see if ll name have no spaces.

Posted: Wed Nov 03, 2004 2:18 pm
by bimo
Thanks for your help. all.