0

hi every one
this is my first post in any forum
i have got an error while inserting a row to mysql
this is my code:
$query = "INSERT INTO flight(date,from,to,depart_time_hr,depart_time_min,arr_time_hr,arr_time_min) VALUES('$_POST[date]','$_POST[from2]','$_POST[to2]','$_POST[hours1]','$_POST[minutes1]','$_POST[hours2]','$_POST[minutes2]')";

the error shown is:
1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'from,to,depart_time_hr,depart_time_min,arr_time_hr,arr_time_min) VALUES('','',''' at line 1

thanks in advance

2
Contributors
2
Replies
3
Views
7 Years
Discussion Span
Last Post by michael_r
0

Did you misspell any of the fields? If not perhaps backticking the fields like so:

`date` may help.

In addition, you have not sanitized/cleaned your form data. Use mysql_real_escape_string(), e.g.:

$date = mysql_real_escape_string($_POST['date']); //do this for all fields and notice the single quotes around the form field name within the POST variable. You could use double quotes if you'd rather.

$query = "INSERT INTO flight(date,from,to,depart_time_hr,depart_time_min,arr_time_hr,arr_time_min) VALUES('date','$from2','$to2','$hours1','minutes1','hours2','minutes2')";

Your error message suggests that your form data is empty. You need to validate your data before inputting to the DB. Empty data shouldn't usually cause a problem, but check your datatypes anyway.

I assume that your date field is an unix date yyyy-mm-dd and the other fields are tinyint - set to 2 digits. To be honest, I'd combine the form data to produce two datetimes (depart and arrive). In addition, I'd use integer fields for these and save as a unix timestamp. But, it's your code.

Edited by diafol: n/a

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.