error in your SQL syntax (INSERT)

alhazza944 · April 3, 2016, 4:08am

Hi,

when I insert to mysql I got the flowing errer
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ‘.VALUES(‘chevrolet’,‘Corvette’,‘2004’,‘1234567890’,‘red’,’ clean’,‘10000’,‘al’ at line 2
[php]

<?php $mysql_host = 'localhost'; $mysql_user = 'root'; $mysql_password = 'root'; if(!@mysql_connect($mysql_host, $mysql_user, $mysql_password)) { die('Unable to connect'); //or exit } else { if(@mysql_select_db('cars')) { $make = $_POST["car-makes"]; $model = $_POST["car-models"]; $year = $_POST["car-years"]; $vin = $_POST["vin"]; $color = $_POST["clo"]; $comment = $_POST["txt"]; $price = $_POST["pri"]; $email = $_POST["email"]; $address = $_POST["address"]; $video = $_POST["url"]; $image = $_POST["img"]; $miles = $_POST["mile"]; $style = $_POST["sty"]; $type = $_POST["typ"]; $db = "INSERT INTO car_info(make,model,year,vin,color,comment,price,email,address,video,image,miles,style,type) .VALUES('$make','$model','$year','$vin','$color','$comment','$price','$email','$address','$video','$image','$miles','$style','$type') " ; $q = mysql_query($db); if($q) { //echo "Singup Successfully"; header( "location: http://localhost:8080/project/content/HTML/thank_you.php" ); } else { echo mysql_error(); } } else { die('Unable to connect'); //or exit } } ?>

[/php]

alhazza944 · April 3, 2016, 5:58am

I Fixed the problem. it must be like this

[php]

$db = 'INSERT INTO car_info(make,model,year,vin,color,comment,price,email,address,video,image,miles,style,type)'; 
		$db.= "VALUES('$make','$model','$year','$vin','$color','$comment','$price','$email','$address','$video','$image','$miles','$style','$type') " ;

[/php]

benanamen · April 3, 2016, 6:00pm

Actually, you have bigger problems. Your code is ripe for an SQL Injection attack and you are using obsolete code that has been completely removed from Php. And you need to stop hiding errors with @. Errors are your friend. They tell you something is broke and needs to be fixed.

Head over to this PDO tutorial and start fresh here and toss your current code.

https://phpdelusions.net/pdo