0

Just looking for third set of eyes on this. I am getting this error

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'to, from, payload, amount, route, majcom, event, type, admin) VALUES ('', 'KBLV'' at line 1

I have matched this to other examples and even used other in my site and cant find it. Im not sure if it a db erro or what, so anyone can you find the error. Thanks

mysql_query("INSERT INTO mission ( acft, to, from, payload, amount, route, majcom, event, type, admin) VALUES ('$airframeSave', '$icaoT', '$icaoF',  '$payload', '$payloadA', '$route', '$majcom', '$event', '$type', '$admin') ")
or die(mysql_error());

Entire page if it helps.

<?php
 //includes for session
require 'dbconnect.php';
if(isset($_POST['msn']))
{
$airframe = ($_POST['airframe']);
$user = ($_POST['username']);
$admin = ($_POST['admin']);
$icaoT = ($_POST['icaoT']);
$icaoF = ($_POST['icaoF']);
$payloadA = ($_POST['payloadA']);
$payload = ($_POST['payload']);
$route = ($_POST['route']);
$majcom = ($_POST['majcom']);
$airframeSave = ($_POST['airframeSave']);
$save = ($_POST['save']);
$type = ($_POST['type']);
$event = ($_POST['event']);


//saves mission   
mysql_query("INSERT INTO mission ( acft, to, from, payload, amount, route, majcom, event, type, admin) VALUES ('$airframeSave', '$icaoT', '$icaoF',  '$payload', '$payloadA', '$route', '$majcom', '$event', '$type', '$admin') ")
or die(mysql_error());



 header("Location: ../Login/main.php"); 
;}


?>
4
Contributors
4
Replies
42
Views
4 Years
Discussion Span
Last Post by ahmedhamdy
2

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'to, from, payload, amount, route, majcom, event, type, admin) VALUES ('', 'KBLV'' at line 1

The answer is to put back ticks in your words.

You have to understand the word To and From are used in query so that's why the Database can't insert those words because it's reading those 2 words as a query.

Query means something like this:

SELECT * FROM TABLE

So to corrrect it you should put back ticks:

From this:

mysql_query("INSERT INTO mission ( acft, to, from, payload, amount, route, majcom, event, type, admin) VALUES ('$airframeSave', '$icaoT', '$icaoF', '$payload', '$payloadA', '$route', '$majcom', '$event', '$type', '$admin') ")or die(mysql_error());

To this:

mysql_query("INSERT INTO mission (`acft`, `to`, `from`, `payload`, `amount`, `route`, `majcom`, `event`, `type`, `admin`) VALUES ('$airframeSave', '$icaoT', '$icaoF', '$payload', '$payloadA', '$route', '$majcom', '$event', '$type', '$admin')") or die(mysql_error());

Let me know if it works or not.

Edited by LastMitch: grammer

0

Hi well base on your insert statement found nothing wrong with it aside form your not filtering the data that you are posting which is not safe ... well the only thing i found that out of place is ; on line 28

also i prefered doing it this way

mysql_query="INSERT INTO mission (acft, to, from, payload, amount, route, majcom, event, type, admin) VALUES ('$airframeSave', '$icaoT', '$icaoF', '$payload', '$payloadA', '$route', '$majcom', '$event', '$type', '$admin')";

Edited by ehpratah

0

That did it LastMitch adding the tics. I saw that being done in another application but everything had a tic so when I followed suit it didnt work. You came thru again, I knew it was a simple error!!!!

-1
mysql_query="INSERT INTO mission (acft, to, from, payload, amount, route, majcom, event, type, admin) VALUES ('$airframeSave', '$icaoT', '$icaoF', '$payload', '$payloadA', '$route', '$majcom', '$event', '$type', '$admin')";

this mysql query take your variables as strings not variables
as you forget concatenation of your variables into mysql query

<?php

sql_query='INSERT INTO mission (acft, to, from, payload, amount, route, majcom, event, type, admin) 
VALUES 
("'.$airframeSave.'", "'.$icaoT.'", "'.$icaoF.'","'.$payload.'","'.$payloadA.'","'.$route.'","'.
$majcom.'","'.$event.'","'.$type.'","'.$admin.'")';

mysql_query(sql_query);


?>

Edited by ahmedhamdy

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.