Reputation: 17
PHP mysql can't insert database and error
Need help here...
I receive an error code saying...
SQL Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''students' (Lastname, Firstname, Middleinitial, Course, Year, Section, Studentnu' at line 1
by the way, i put add function in php using these codes...
$Lastname = $_POST['Lastname'];
$Firstname = $_POST['Firstname'];
$Middleinitial = $_POST['Middleinitial'];
$Course = $_POST['Course'];
$Year = $_POST['Year'];
$Section = $_POST['Section'];
$Studentnumber = $_POST['Studentnumber'];
$Violation = $_POST['Violation'];
$Punishment = $_POST['Punishment'];
$Violationdate = $_POST['Violationdate'];
$Punishmentstartdate = $_POST['Punishmentstartdate'];
$CSlength = $_POST['CSlength'];
$Add = $_POST['add'];
$records = mysql_connect('localhost', 'root', '') or die(mysql_error());
mysql_select_db('records', $records);
$sql = ("INSERT INTO 'students' (Lastname, Firstname, Middleinitial, Course, Year, Section, Studentnumber, Violation, Punishment, Violationdate, Punishmentstartdate, CSlength) VALUES('$Lastname', '$Firstname', '$Middleinitial', '$Course', '$Year', '$Section', '$Studentnumber', '$Violation', '$Punishment', '$Violationdate', '$Punishmentstartdate', '$CSlength')");
$result = mysql_query($sql, $records);
if (!$result)
die("SQL Error: ".mysql_error());
echo "Success";
thanks for the answer.... :))
Upvotes: 0
Views: 101
Answers (4)
Reputation: 754
You just have to modify you code like this!
$Lastname = $_POST['Lastname'];
$Firstname = $_POST['Firstname'];
$Middleinitial = $_POST['Middleinitial'];
$Course = $_POST['Course'];
$Year = $_POST['Year'];
$Section = $_POST['Section'];
$Studentnumber = $_POST['Studentnumber'];
$Violation = $_POST['Violation'];
$Punishment = $_POST['Punishment'];
$Violationdate = $_POST['Violationdate'];
$Punishmentstartdate = $_POST['Punishmentstartdate'];
$CSlength = $_POST['CSlength'];
$Add = $_POST['add'];
$records = mysql_connect('localhost', 'root', '') or die(mysql_error());
mysql_select_db('records', $records);
$sql = "INSERT INTO students (Lastname, Firstname, Middleinitial, Course, Year, Section, Studentnumber, Violation, Punishment, Violationdate, Punishmentstartdate, CSlength) VALUES('$Lastname', '$Firstname', '$Middleinitial', '$Course', '$Year', '$Section', '$Studentnumber', '$Violation', '$Punishment', '$Violationdate', '$Punishmentstartdate', '$CSlength')";
$result = mysql_query($sql, $records);
if (!$result)
die("SQL Error: ".mysql_error());
echo "Success";
Upvotes: 1
Reputation: 86
Remove the brackets around the INSERT statement as well as put the table and column names inside the backtick, change it as below
$sql = "INSERT INTO `students` (`Lastname`, `Firstname`, `Middleinitial`, `Course`, `Year`, `Section`, `Studentnumber`, `Violation`, `Punishment`, `Violationdate`, `Punishmentstartdate`, `CSlength`) VALUES('$Lastname', '$Firstname', '$Middleinitial', '$Course', '$Year', '$Section', '$Studentnumber', '$Violation', '$Punishment', '$Violationdate', '$Punishmentstartdate', '$CSlength')";
Since your code is too much vulnerable to SQL injection, it is better to use mysql prepared statements.Use MySQLi or PDO class to achieve it.
Upvotes: 0
Reputation: 510
Try this
$Lastname = $_POST['Lastname'];
$Firstname = $_POST['Firstname'];
$Middleinitial = $_POST['Middleinitial'];
$Course = $_POST['Course'];
$Year = $_POST['Year'];
$Section = $_POST['Section'];
$Studentnumber = $_POST['Studentnumber'];
$Violation = $_POST['Violation'];
$Punishment = $_POST['Punishment'];
$Violationdate = $_POST['Violationdate'];
$Punishmentstartdate = $_POST['Punishmentstartdate'];
$CSlength = $_POST['CSlength'];
$Add = $_POST['add'];
$records = mysql_connect('localhost', 'root', '') or die(mysql_error());
mysql_select_db('records', $records);
$sql = ("INSERT INTO students (Lastname, Firstname, Middleinitial, Course, Year, Section, Studentnumber, Violation, Punishment, Violationdate, Punishmentstartdate, CSlength) VALUES('$Lastname', '$Firstname', '$Middleinitial', '$Course', '$Year', '$Section', '$Studentnumber', '$Violation', '$Punishment', '$Violationdate', '$Punishmentstartdate', '$CSlength')");
$result = mysql_query($sql, $records);
if (!$result)
die("SQL Error: ".mysql_error());
echo "Success";
Upvotes: 1
Reputation: 219884
Get rid of the quotes around students. Either use ticks or nothing at all:
$sql = ("INSERT INTO `students` (Lastname, Firstname, Middleinitial, Course, Year, Section, Studentnumber, Violation, Punishment, Violationdate, Punishmentstartdate, CSlength) VALUES('$Lastname', '$Firstname', '$Middleinitial', '$Course', '$Year', '$Section', '$Studentnumber', '$Violation', '$Punishment', '$Violationdate', '$Punishmentstartdate', '$CSlength')");
FYI, you are wide open to SQL injections.
Upvotes: 2
Related Questions
- Insert into MySQL Table PHP
- Error when inserting into SQL table with PHP
- Error while inserting data into Mysql database
- PHP mysql error, unable to INSERT to database
- Can't insert into database
- SQL error inserting into table
- Can't insert into my sql table
- MySQL Error - "You have an error in your SQL syntax" on insert
- Can't insert into a database with PHP
- ERROR When trying to insert into MySQL table with PHP