Page 1 of 1

Error in SQL syntax

Posted: Mon Jul 09, 2007 5:45 pm
by ayoksus
Hi,

I've got an error like this:
Invalid query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Tuesday','20070710','00:42:01')' at line 2

What does this error mean?

Thanks
ayoksus

Posted: Mon Jul 09, 2007 5:59 pm
by ayoksus
And this is the code:

Code: Select all

CREATE TABLE `mynews` (
  `news_no` int(3) NOT NULL auto_increment,
  `category` int(3) NOT NULL default '0',
  `username` varchar(30) NOT NULL default '',
  `title` varchar(100) NOT NULL default '',
  `headline` text NOT NULL,
  `body` text NOT NULL,
  `day` varchar(20) NOT NULL default '',
  `date_placed` date NOT NULL default '0000-00-00',
  `time_placed` time NOT NULL default '00:00:00',
  PRIMARY KEY  (`news_no`)
) 

Posted: Tue Jul 10, 2007 2:43 am
by volka
Please post the sql statement.

Posted: Tue Jul 10, 2007 3:13 am
by ayoksus

Code: Select all

$input=mysql_query("INSERT INTO news(category,username,title,headline,body,day,date_placed,time_placed) 
        VALUES ('$category','$username','$title','$headline','$body','$day','$date_placed','$time_placed')"); 

if($input) 
        { 
                echo "Input data is success<BR>"; 
                echo "<a href=form_news.php>Add more news</a>"; 
                echo "<a href=logout.php>Logout</a>"; 
        } 
        else 
        { 
                echo "Input data is failed"; 
        }

Posted: Tue Jul 10, 2007 3:19 am
by volka
please try

Code: Select all

$query = "INSERT INTO
		news
		(category,username,title,headline,body,day,date_placed,time_placed)
	VALUES
		('$category','$username','$title','$headline',
		'$body','$day','$date_placed','$time_placed')";

$input=mysql_query($query);
if($input)
{
	echo "Input data is success<BR>";
	echo "<a href=form_news.php>Add more news</a>";
	echo "<a href=logout.php>Logout</a>";
}
else
{
	echo "Input data is failed";

	echo '<div>Debug: ', mysql_error(), "<br />\n", htmlentities($query), "</div>\n";
}
and post the output.

Posted: Tue Jul 10, 2007 3:36 am
by ayoksus
Hi Volka,

Sorry I put a wrong code:
The last code was:

Code: Select all

else 
        { 
                echo "Input data is failed"; 
                die('Invalid query: ' . mysql_error());
        }
I've changed it with your code, and the result is still:
Debug: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Tuesday','20070710','10:33:51')' at line 2

Posted: Tue Jul 10, 2007 4:05 am
by onion2k
You aren't escaping your data, so when it's inserted the quotes in the SQL are messed up. You need to use mysql_real_escape_string() on the values before you put them into the SQL string. Look it up in the PHP manual for more information.

Also, the important bit in Volka's code was "htmlentities($query)" ... so we could see exactly what the query is, complete with it's unescaped single quotes no doubt.

Posted: Tue Jul 10, 2007 7:55 am
by ayoksus
Hi Thank's!

I think something wrong with my eyes and brain..
It's solved..

Thank you,
ayoksus