0

Hi,
Can anyone please tell me whats wrong with this piece of code? I am trying to insert email (user name)in the database. This thing is now getting on my nerves.

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form")) {
  $insertSQL = sprintf("INSERT INTO blog (title, specialization, message) VALUES (%s, %s, %s, ".$_SESSION['MM_Username'].")",
                       GetSQLValueString($_POST['title'], "text"),
                       GetSQLValueString($_POST['specialization'], "text"),
                       GetSQLValueString($_POST['words'], "text"));

  mysql_select_db($database_con_reg, $con_reg);
  $Result1 = mysql_query($insertSQL, $con_reg) or die(mysql_error());

This is producing the following error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@hotmail.com)' at line 1

Can anyone please help me with this piece of code? Any help will be highly appreciated.

Regards,

Bilal A. Khan

4
Contributors
8
Replies
9
Views
5 Years
Discussion Span
Last Post by fobos
0

the problem lies with your query. You only have 3 fields specified but 4 values.

it should be something like this

INSERT INTO blog (title, specialization, message, user) VALUES (%s, %s, %s, ".$_SESSION['MM_Username'].")

I'm not sure what the field is for but replace user with what ever field you use.

0

the problem lies with your query. You only have 3 fields specified but 4 values.

it should be something like this

INSERT INTO blog (title, specialization, message, user) VALUES (%s, %s, %s, ".$_SESSION['MM_Username'].")

I'm not sure what the field is for but replace user with what ever field you use.

Hi,

Thank you very much for the reply. I tried the following but nothing happed. Getting the same error.

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form")) {
  $insertSQL = sprintf("INSERT INTO blog (title, specialization, message,email) VALUES (%s, %s, %s, ".$_SESSION['MM_Username'].")",
                       GetSQLValueString($_POST['title'], "text"),
                       GetSQLValueString($_POST['specialization'], "text"),
                       GetSQLValueString($_POST['words'], "text"));

  mysql_select_db($database_con_reg, $con_reg);
  $Result1 = mysql_query($insertSQL, $con_reg) or die(mysql_error());

Any other clues for this error? Still getting the error given below:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@hotmail.com)' at line 1

Regards,

Bilal A. Khan

0

Why is you query so complex, simplify it to:

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form")) {
  $insertSQL = "INSERT INTO blog (title, specialization, message, email) VALUES ' " . mysql_real_escape_string($_POST['title')  . " ', ' " . mysql_real_escape_string($_POST['specialization']) . " ', ' " . mysql_real_escape_string($_POST['words']) . " ', ' " . mysql_real_escape_string($_SESSION['MM_Username']) . " ' ";

  mysql_select_db($database_con_reg, $con_reg);
  $Result1 = mysql_query($insertSQL, $con_reg) or die(mysql_error());
}

Edited by simplypixie: n/a

0

Why is you query so complex, simplify it to:

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form")) {
  $insertSQL = "INSERT INTO blog (title, specialization, message, email) VALUES ' " . mysql_real_escape_string($_POST['title')  . " ', ' " . mysql_real_escape_string($_POST['specialization']) . " ', ' " . mysql_real_escape_string($_POST['words']) . " ', ' " . mysql_real_escape_string($_SESSION['MM_Username']) . " ' ";

  mysql_select_db($database_con_reg, $con_reg);
  $Result1 = mysql_query($insertSQL, $con_reg) or die(mysql_error());
}

Thank you very much for the reply. I am really grateful for your help. Tried your piece of code. The code is given below:

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form")) {
  $insertSQL = "INSERT INTO blog (title, specialization, message, email) VALUES ' " . mysql_real_escape_string($_POST['title'])  . " ', ' " . mysql_real_escape_string($_POST['specialization']) . " ', ' " . mysql_real_escape_string($_POST['words']) . " ', ' " . mysql_real_escape_string($_SESSION['MM_Username']) . " ' ";

  mysql_select_db($database_con_reg, $con_reg);
  $Result1 = mysql_query($insertSQL, $con_reg) or die(mysql_error());

It gives me an error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' Let us try ', ' Addiction ', '
Let us hope it works...

', ' fizza@hotma' at line 1

Why am I getting this error? What does this error mean?

Regards,

Bilal A. Khan

1

Sorry, I forgot the ( ) around the values, so it should be

$insertSQL = "INSERT INTO blog (title, specialization, message, email) VALUES (' " . mysql_real_escape_string($_POST['title'])  . " ', ' " . mysql_real_escape_string($_POST['specialization']) . " ', ' " . mysql_real_escape_string($_POST['words']) . " ', ' " . mysql_real_escape_string($_SESSION['MM_Username']) . " ')";

  mysql_select_db($database_con_reg, $con_reg);
  $Result1 = mysql_query($insertSQL, $con_reg) or die(mysql_error());

Edited by simplypixie: n/a

Votes + Comments
Solved my problem... thanx a million.
0

Sorry, I forgot the ( ) around the values, so it should be

$insertSQL = "INSERT INTO blog (title, specialization, message, email) VALUES (' " . mysql_real_escape_string($_POST['title'])  . " ', ' " . mysql_real_escape_string($_POST['specialization']) . " ', ' " . mysql_real_escape_string($_POST['words']) . " ', ' " . mysql_real_escape_string($_SESSION['MM_Username']) . " ')";

  mysql_select_db($database_con_reg, $con_reg);
  $Result1 = mysql_query($insertSQL, $con_reg) or die(mysql_error());

Thanks a million mate.... it worked. You have been a great help for me.

Best Regards,

Bilal A, Khan

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.