Hi im attempting to copy a php code and get it to work with a script im trying to create and i have come across the error below can anyone tell me whats going off any help would be much appreicated x

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'to = "", meettype = "", county = "", cnumber = "", fee ' at line 2

here is my insert into database line

$query = 'insert into booking set Firstname = "'.$Firstname.'", address1 = "'.$address1.'", days = "' .$days.'", months = "'.$months.'", bookingtime = "'.$bookingtime.'", address2 = "'.$address2.'", lastname = "' .$lastname.'", cdays = "' .$cdays. '", cmonths = "' .$cmonths. '", duration = "' .$duration. '", datefrom = "' .$datefrom. '", to = "' .$to. '", meettype = "' .$meettype. '", county = "' .$county. '", cnumber = "' .$cnumber. '", fee = "' .$fee. '", pcode = "' .$pcode. '", comments = "' .$comments. '", user_id = ' . $userid  ;

$insert = mysql_query ( $query ) or die(mysql_error()) ;

if($insert)
{
    //echo "added" ;
    header("location: confirm.php");
    exit;   
}

and heres the database table

CREATE TABLE IF NOT EXISTS `booking` (
  `id` int(11) NOT NULL,
  `user_id` int(11) NOT NULL,
  `Firstname` varchar(50) COLLATE utf8_unicode_ci NOT NULL,
  `days` varchar(50) COLLATE utf8_unicode_ci NOT NULL,
  `months` varchar(50) COLLATE utf8_unicode_ci NOT NULL,
  `lastname` varchar(50) COLLATE utf8_unicode_ci NOT NULL,
  `bookingtime` varchar(50) COLLATE utf8_unicode_ci NOT NULL,
  `address2` varchar(50) COLLATE utf8_unicode_ci NOT NULL,
  `cdays` varchar(50) COLLATE utf8_unicode_ci NOT NULL,
  `cmonths` varchar(50) COLLATE utf8_unicode_ci NOT NULL,
  `address1` varchar(50) COLLATE utf8_unicode_ci NOT NULL,
  `town` varchar(50) COLLATE utf8_unicode_ci NOT NULL,
  `cdate` date NOT NULL,
  `datefrom` varchar(50) COLLATE utf8_unicode_ci NOT NULL,
  `date` date NOT NULL,
  `to` varchar(50) COLLATE utf8_unicode_ci NOT NULL,
  `duration` varchar(50) COLLATE utf8_unicode_ci NOT NULL,
  `meettype` varchar(50) COLLATE utf8_unicode_ci NOT NULL,
  `county` varchar(50) COLLATE utf8_unicode_ci NOT NULL,
  `fee` varchar(10) COLLATE utf8_unicode_ci NOT NULL,
  `pcode` varchar(10) COLLATE utf8_unicode_ci NOT NULL,
  `comments` text COLLATE utf8_unicode_ci NOT NULL
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;

You use to as the field name but to is also a mysql reserved word. So if you realy want to use it for a field name, enclose it in backticks like this:

..., `to` = "' .$to. ...

Better practice is to completely avoid using keywords for field names. And keep this link handy:

https://dev.mysql.com/doc/refman/5.1/en/keywords.html

And drop the ** deprecated mysql** extension. It is ages old, unsuported and on it's way to become history soon. Use PDO or at least mysqli and youur future as a web developer will be brighter.

renamed to into dteCallTimeTo now im getting

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 2

Now, it is hard to tell which double quote is causing the error. I prefer to write queries in a bit cleaner form, using single quotes for mysql string values and double quotes for PHP string. This way you can omit all the concatenations and use variables within double quotes. Like this:

$query = "INSERT INTO booking SET 
    Firstname = '$Firstname', 
    address1 = '$address1', 
    days = '$days', 
    months = '$months', 
    bookingtime = '$bookingtime', 
    address2 = '$address2', 
    lastname = '$lastname', 
    cdays = '$cdays', 
    cmonths = '$cmonths', 
    duration = '$duration', 
    datefrom = '$datefrom', 
    dteCallTimeTo = '$to', 
    meettype = '$meettype', 
    county = '$county', 
    cnumber = '$cnumber', 
    fee = '$fee', 
    pcode = '$pcode', 
    comments = '$comments', 
    user_id = $userid";

Now debugging is much easier. You can also display the query and test it. Put this temporary debug code on line 2 above (just before the insert statement):

die($query);

This will display the query and stop the script. You can inspect the displayed query and/or paste it into phpmyadmin to test it. You can also post it here.

ive put that in and im getting the following hun

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '(); firstname = '', address1 = '', days = '', mon' at line 2

sussed it ty for your help it did the following

$query = ("INSERT INTO booking SET 
        firstname = '$firstname', 
        address1 = '$address1', 
        days = '$days', 
        months = '$months', 
        bookingtime = '$bookingtime', 
        address2 = '$address2', 
        lastname = '$lastname', 
        cdays = '$cdays', 
        cmonths = '$cmonths', 
        duration = '$duration', 
        datefrom = '$datefrom', 
        dteCallTimeTo = '$dteCallTimeTo', 
        meettype = '$meettype', 
        county = '$county', 
        cnumber = '$cnumber', 
        fee = '$fee', 
        pcode = '$pcode', 
        comments = '$comments', 
        user_id = $userid ;
$insert = mysql_query ( $query ) or die(mysql_error())") ;

ive sorted the sql error out and after testing form nothing is going to database ive check all the form eliments against the database and copied database table name to sql string to make sure there are no typos and all is ok but again nothing is going to database

can u post ur full query used for insert database?

And do u add ") symbol at the end of $query?

user_id = '$userid'") ;

hi hun i have this

$query = ("INSERT INTO booking SET 
            die($query);
            firstname = '$firstname', 
            address1 = '$address1', 
            days = '$days', 
            months = '$months', 
            bookingtime = '$bookingtime', 
            address2 = '$address2', 
            lastname = '$lastname', 
            cdays = '$cdays', 
            cmonths = '$cmonths', 
            duration = '$duration', 
            datefrom = '$datefrom', 
            dteCallTimeTo = '$dteCallTimeTo', 
            meettype = '$meettype', 
            county = '$county', 
            cnumber = '$cnumber', 
            fee = '$fee', 
            pcode = '$pcode', 
            comments = '$comments', 
            user_id = $userid ;
    $insert = mysql_query ( $query ) or die(mysql_error())") ;

    if($insert)
    {
        //echo "added" ;
        header("location: confirm.php");


    exit;   
}

hi hun i have this

$query = ("INSERT INTO booking SET 
            die($query);
            firstname = '$firstname', 
            address1 = '$address1', 
            days = '$days', 
            months = '$months', 
            bookingtime = '$bookingtime', 
            address2 = '$address2', 
            lastname = '$lastname', 
            cdays = '$cdays', 
            cmonths = '$cmonths', 
            duration = '$duration', 
            datefrom = '$datefrom', 
            dteCallTimeTo = '$dteCallTimeTo', 
            meettype = '$meettype', 
            county = '$county', 
            cnumber = '$cnumber', 
            fee = '$fee', 
            pcode = '$pcode', 
            comments = '$comments', 
            user_id = $userid ;
    $insert = mysql_query ( $query ) or die(mysql_error())") ;

    if($insert)
    {
        //echo "added" ;
        header("location: confirm.php");


    exit;   
}
$query = "INSERT INTO booking SET 
            firstname = '$firstname', 
            address1 = '$address1', 
            days = '$days', 
            months = '$months', 
            bookingtime = '$bookingtime', 
            address2 = '$address2', 
            lastname = '$lastname', 
            cdays = '$cdays', 
            cmonths = '$cmonths', 
            duration = '$duration', 
            datefrom = '$datefrom', 
            dteCallTimeTo = '$dteCallTimeTo', 
            meettype = '$meettype', 
            county = '$county', 
            cnumber = '$cnumber', 
            fee = '$fee', 
            pcode = '$pcode', 
            comments = '$comments', 
            user_id = '$userid'" ;
 $insert = mysql_query($query,$your_Connection) or die("Insertion Failed:" . mysql_error());
    if($insert)
    {
        //echo "added" ;
        header("location: confirm.php");
        exit();   
    }

As @broj1 said, drop the ** deprecated mysql** extension. Use PDO or mysqli.

As Lau_1 pointed out you had a double quote missing at the end of the query.

$query = "INSERT INTO booking  
            (firstname, 
            address1, 
            days, 
            months, 
            bookingtime, 
            address2, 
            lastname, 
            cdays, 
            cmonths, 
            duration, 
            datefrom, 
            dteCallTimeTo, 
            meettype, 
            county, 
            cnumber', 
            fee, 
            pcode, 
            comments, 
            user_id
            ) values ('$firstname', 
            '$address1', 
            '$days', 
            '$months', 
            '$bookingtime', 
            '$address2', 
            '$lastname', 
            '$cdays', 
            '$cmonths', 
            '$duration', 
            '$datefrom', 
            '$dteCallTimeTo', 
            '$meettype', 
            '$county', 
            '$cnumber', 
            '$fee', 
            '$pcode', 
            '$comments', 
            '$userid')";

you were mixing insert and update syntax.

Member Avatar

MySQL allows the SET syntax for single record INSERT. It is not peculiar to UPDATE However, VALUES syntax needs to be used for multiple insert within one query.

As noted by others, this really needs mysqli or PDO. I can't believe people are still using this deprecated code. You can use a prepared statement for this, rather than trying to sanitize each variable assuming that they are being santized, that is.