Hey guys, So I am a little confused. I am running a MySQL query and it works fine on WAMP and also my old web hosting account, but soon as I move it to hostgator I get a syntax error. When I try and run the query in phpmyadmin via hostgator it works fine. So I'm fairly confused. Here is the section of the code which I'm talking about $brand = $_POST['brand']; $name = $_POST['name']; $eff = $_POST['eff']; $val = $_POST['val']; $ov = $_POST['ov']; $pro1 = $_POST['pro1']; $pro2 = $_POST['pro2']; $pro3 = $_POST['pro3']; $con1 = $_POST['con1']; $con2 = $_POST['con2']; $con3 = $_POST['con3']; $review = $_POST['review']; $reviewername = $_POST['reviewername']; $email = $_POST['email']; $site = $_POST['site']; mysql_query("INSERT INTO `reviews` (`id`, `brand`, `name`, `eff`, `val`, `ov`, `pro1`, `pro2`, `pro3`, `con1`, `con2`, `con3`, `review`, `reviewer_name`, `email`, `site`) VALUES (NULL, '$brand', '$name', '$eff', '$val', '$ov', '$pro1', '$pro2', '$pro3', '$con1', '$con2', $con3', '$review', '$reviewername', '$email', '$site');") or die(mysql_error()); PHP: Thanks in advance guys
What's the MySQL error being shown? Why would you store the id field as NULL? Is that your primary key? If so that might be it. Just another recommendation, escape the values you receive from the client before you store them on to the database (use PHP's PDO class or mysql_real_escape_string). What you have there is an huge security hole. Good luck!
So I changed it all to: $brand = mysql_real_escape_string($_POST['brand']); $name = mysql_real_escape_string($_POST['name']); $eff = mysql_real_escape_string($_POST['eff']); $val = mysql_real_escape_string($_POST['val']); $ov = mysql_real_escape_string($_POST['ov']); $pro1 = mysql_real_escape_string($_POST['pro1']); $pro2 = mysql_real_escape_string($_POST['pro2']); $pro3 = mysql_real_escape_string($_POST['pro3']); $con1 = mysql_real_escape_string($_POST['con1']); $con2 = mysql_real_escape_string($_POST['con2']); $con3 = mysql_real_escape_string($_POST['con3']); $review = mysql_real_escape_string($_POST['review']); $reviewername = mysql_real_escape_string($_POST['reviewername']); $email = mysql_real_escape_string($_POST['email']); $site = mysql_real_escape_string($_POST['site']); mysql_query("INSERT INTO `reviews` (`brand`, `name`, `eff`, `val`, `ov`, `pro1`, `pro2`, `pro3`, `con1`, `con2`, `con3`, `review`, `reviewer_name`, `email`, `site`) VALUES ('$brand', '$name', '$eff', '$val', '$ov', '$pro1', '$pro2', '$pro3', '$con1', '$con2', $con3', '$review', '$reviewername', '$email', '$site')") or die(mysql_error()); PHP: which means now I got rid of the NULL part for the id field but also using mysql_real_escape_string() for the variables I am still getting this error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'upsets my stomach', 'With PhD Recovery - 2:1 I really felt that I am recovering ' at line 1 So what's causing that?
It's MySQL that's complaining about the generated SQL query being invalid. Not the PHP. Can you do this and then post the whole query? $sql = "INSERT INTO `reviews` (`brand`, `name`, `eff`, `val`, `ov`, `pro1`, `pro2`, `pro3`, `con1`, `con2`, `con3`, `review`, `reviewer_name`, `email`, `site`) VALUES ('$brand', '$name', '$eff', '$val', '$ov', '$pro1', '$pro2', '$pro3', '$con1', '$con2', $con3', '$review', '$reviewername', '$email', '$site')"; mysql_query($sql) or die('Query: '.$sql.' | MySQL Error: '.mysql_error()); PHP: And maybe tell us what data types and sizes the columns are?
This is what I am getting: Query: INSERT INTO `reviews` (`brand`, `name`, `eff`, `val`, `ov`, `pro1`, `pro2`, `pro3`, `con1`, `con2`, `con3`, `review`, `reviewer_name`, `email`, `site`) VALUES ('1', '1', '1', '5', '1', '1', '1', '1', '1', '1', 1', 'test', '', '', '') | MySQL Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '', 'test', '', '', '')' at line 2 as for the table structure it is:
('1', '1', '1', '5', '1', '1', '1', '1', '1', '1', 1', 'test', '', '', '') Before 'test', it's missing a ' ('1', '1', '1', '5', '1', '1', '1', '1', '1', '1', 1', 'test', '', '', '') ('1', '1', '1', '5', '1', '1', '1', '1', '1', '1', '1', 'test', '', '', '') Small difference, but it will cause that issue, you need to find where that is in your code and fix it.
I found it. It was in the query: $sql = "INSERT INTO `reviews` (`brand`, `name`, `eff`, `val`, `ov`, `pro1`, `pro2`, `pro3`, `con1`, `con2`, `con3`, `review`, `reviewer_name`, `email`, `site`) VALUES ('$brand', '$name', '$eff', '$val', '$ov', '$pro1', '$pro2', '$pro3', '$con1', '$con2', $con3', '$review', '$reviewername', '$email', '$site')"; you are missing the ' before $con3... it sais , $con3', when it should be , '$con3',
Oh my god.. this has been bugging me for days and now it's fixed by such a simple mistake...thanks so much guys