CODEWITHSUNDEEP
phpmysqlsqldatabasemysqli
user796443
user796443

Reputation:

learning mysql insert returns syntax error

I'm trying to make a simple insert statement of user... but it errors out... I tried with only values and it works, it must be something with the way I deal with arrays inside the insert statement?

ANy ideas?

                if ($new_user_data) {
                    $mysqli->query("INSERT INTO users (user_name, user_year, user_sex, user_pic, user_level, user_password, user_email)
                                    VALUES ( ". $new_user_data['user_name'] .",". $new_user_data['user_year'] .",". $new_user_data['user_sex'] .",". $new_user_data['user_pic'] .",1,". $new_user_data['user_password'] .",". $new_user_data['user_email'] ." )");
                    print_r($mysqli->error);
                }

error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@gmail.coms )' at line 2

Upvotes: 1

Views: 57

Answers (1)

John Conde
John Conde

Reputation: 219874

You need to wrap your strings in quotes:

$mysqli->query("INSERT INTO users (user_name, user_year, user_sex, user_pic, user_level, user_password, user_email)
                VALUES ( '". $new_user_data['user_name'] ."','". $new_user_data['user_year'] ."','". $new_user_data['user_sex'] ."','". $new_user_data['user_pic'] ."',1,'". $new_user_data['user_password'] ."','". $new_user_data['user_email'] ." )'");

I know i can't see all of your code, but it looks like you're wide open to SQL Injections.

Upvotes: 3

Related Questions