CODEWITHSUNDEEP
phpmysqlserialization
Joann
Joann

Reputation: 1377

Snytax error when inserting serialized value?

My code:

 $meta_ar = array("event_id" =>  $event_id, "user_id" => $user_id, "dbe" => $dbe, "hbe" => $hbe, "forum_id" => 'dummy_forum');

        $meta_ar = serialize($meta_ar);

        $db->query_write("
            INSERT INTO " . TABLE_PREFIX . "event_mod 
                (event_meta)
            VALUES
                (" . $meta_ar . ")
        ");

The error:

Invalid SQL:

            INSERT INTO event_mod 
                (event_meta)
            VALUES


    (a:5:{s:8:"event_id";N;s:7:"user_id";s:1:"1";s:3:"dbe";i:45;s:3:"hbe";i:32;s:8:"forum_id";s:11:"dummy_forum";});

MySQL Error   : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ':5:{s:8:"event_id";N;s:7:"user_id";s:1:"1";s:3:"dbe";i:45;s:3:"hbe";i:32;s:8:"fo' at line 4
Error Number  : 1064

Any idea?

Upvotes: 0

Views: 771

Answers (2)

Lukas Knuth
Lukas Knuth

Reputation: 25755

Use a PreparedStatement, your Serialized Array is not escaped.

Upvotes: 1

Shakti Singh
Shakti Singh

Reputation: 86436

Change it to so that the value enclosed in single quote.

When you pass any string to any column which is supposed to hold string value then that must be enclosed in the quotes.

 $db->query_write("
            INSERT INTO " . TABLE_PREFIX . "event_mod 
                (event_meta)
            VALUES
                ('" . $meta_ar . "')
        ");

Upvotes: 2

Related Questions