Page 1 of 1

Can't find what I have done wrong

Posted: Fri Apr 20, 2007 3:38 pm
by andym01480

Code: Select all

$address="INSERT INTO address (add1, add2, town, county, postcode, homephone) VALUES (`{$clean['add1']}`,`{$clean['add2']}`,`{$clean['town']}`,`{$clean['county']}`,`{$clean['postcode']}`,`{$clean['phone']}`)";
echo $address.'<br>';
$result2=mysql_query($address) OR DIE("Couldn't store address".mysql_error());
is outputting this

Code: Select all

INSERT INTO address (add1, add2, town, county, postcode, homephone) VALUES (`streetname`,`areaname`,`town`,`countyname`,`B21 5FE`,``)
Couldn't store addressUnknown column 'streetname' in 'field list'
Sql dump of table structure

Code: Select all

CREATE TABLE `address` (
  `address_id` int(11) NOT NULL auto_increment,
  `add1` varchar(255) NOT NULL,
  `add2` varchar(255) NOT NULL,
  `town` varchar(255) NOT NULL,
  `county` varchar(255) NOT NULL,
  `postcode` varchar(8) NOT NULL,
  `homephone` varchar(15) NOT NULL,
  PRIMARY KEY  (`address_id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=3 ;
Where have I gone wrong?

Posted: Fri Apr 20, 2007 3:43 pm
by Weirdan
Use either single (') or double (") quotes to quote values in sql queries. Backticks (`) are used to quote field and table names, not values.

Re: Can't find what I have done wrong

Posted: Fri Apr 20, 2007 3:43 pm
by timvw
[quote="andym01480"]

Code: Select all

INSERT INTO address (add1, add2, town, county, postcode, homephone) VALUES (`streetname`,`areaname`,`town`,`countyname`,`B21 5FE`,``)
Couldn't store addressUnknown column 'streetname' in 'field list'
In MySQL you can escape column names with ``.. but the values need to be between ''.

Thus:

Code: Select all

INSERT INTO address
(
 add1,
 add2,
 ...
)
VALUES
(
 'streetname',
 'areaname',
 ...
);
(Off-topic: 'clean' seems like a vague name for variables that have been prepared for use in a query... $mysql['add1'] seems more appropriate, but that might be a matter of subjective taste...)

Posted: Fri Apr 20, 2007 4:12 pm
by andym01480
Thanks for the assist.

And yes $clean was a silly choice especially as it is filtered and escaped for mysql!