CODEWITHSUNDEEP
phpmysqlmysql-error-1064
Mitchell
Mitchell

Reputation: 23

MySQL Insert error

Ok, when trying to insert into the database I'm getting this error

"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@email.com, UT, 84505, NOW(), 69.169.186.192)' at line 1"

I can't figure out the problem. Here is the code for my insert statement.

$insert_query = sprintf("INSERT INTO contacts (first_name, last_name, email, state, zip, date, ip) VALUES (%s, %s, %s, %s, %s, NOW(), %s)",
                        $fname,
                        $lname,
                        $email,
                        $state,
                        $zip,
                        $ip);


$result = mysql_query($insert_query, $connection) or die(mysql_error());

My table has the following structure:

    id int(11)                              
    first_name  varchar(100)                                 
    last_name   varchar(100)                             
    email   varchar(100)                                 
    state   varchar(3)                               
    zip int(10)                             
    date    datetime                                
    ip  varchar(255)

Upvotes: 2

Views: 7241

Answers (3)

Neville Kuyt
Neville Kuyt

Reputation: 29619

It would help if you could echo out the $insert_query, but it looks like you're not putting quotes around the parameters that are varchars.

$insert_query = sprintf("INSERT INTO contacts (first_name, last_name, email, state, zip, date, ip) VALUES ('%s', '%s', '%s', '%s', '%s', NOW(), '%s')",
                        $fname,
                        $lname,
                        $email,
                        $state,
                        $zip,
                        $ip);

By the way, you have an extra column in your insert - NOW doesn't appear related to a column. I'm assuming ZIP is a varchar column, not a number, by the way.

Upvotes: 0

Gaurav Porwal
Gaurav Porwal

Reputation: 513

This may help you..

$insert_query = "INSERT INTO contacts set first_name = '$fname', last_name = '$lname', email = '$email', state = '$state', zip = '$zip', date = ". time() .", ip = '$ip')";


$result = mysql_query($insert_query, $connection) or die(mysql_error());

if you want to check query

echo $insert_query;

Upvotes: 0

Mat
Mat

Reputation: 206669

You need to quote all the string-type columns in the insert statement. Replace %s with '%s' in the sprintf format.

Please read about SQL Injection if you haven't done so already.

Upvotes: 2

Related Questions