CODEWITHSUNDEEP
phpmysql
max_
max_

Reputation: 24481

MySQL Syntax Error - Array to Query

I have a pre-constructed array created from some test data as I have not yet set up a post form. The array looks like this:

$ud = array('name' => 'name', 'username' => 'username', 'password' => 'password', 'location' => 'london', 'platform' => 'mobile', 'developer_or_designer' => 'developer', 'tags' => 'hello', 'paypal_email' => '[email protected]', 'developer_or_client' => 'developer', 'email' => '[email protected]');

foreach ($ud as $key => $value) {
    $value = mysql_real_escape_string($value);
}

From this array, I then try to insert the data via a MySQL query into my database:

$query = mysql_query("INSERT INTO `Developers` (`Name`,`Email`,`Username`,`Password`,`Location`,`Platform`,`Developer_or_Designer`,`Tags`, `Paypal_Email`) VALUES (" . $ud['name'] . ", " . $ud['email'] . ", " . $ud['username'] . ", " .$ud['password'] . ", " . $ud['location'] . ", " . $ud['platform'] . ", " . $ud['developer_or_designer'] . ", " . $ud['tags'] . ", " . $ud['paypal_email'] . ")") or die(mysql_error());

However, it dies with the following error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@email.com, username, password, london, mobile, developer, hello, [email protected])' at line 1

Please can you tell me where I am going wrong?

Upvotes: 1

Views: 266

Answers (5)

TROODON
TROODON

Reputation: 1175

See this:

VALUES (" . $ud['name'] . ",

Nedd that:

VALUES ('" . $ud['name'] . "',

And for other columns too (if is not numberic)

Upvotes: 0

Ilmari Karonen
Ilmari Karonen

Reputation: 50328

Two things:

  1. As Jeff notes, you need to put quotes around the strings.
  2. Before putting quotes around them, you need to pass each string through mysql_real_escape_sring().

Upvotes: 1

Clive
Clive

Reputation: 36957

From the sounds of the column names those are varchar column types so you need to wrap your values with quotes:

$query = mysql_query("INSERT INTO `Developers` (`Name`,`Email`,`Username`,`Password`,`Location`,`Platform`,`Developer_or_Designer`,`Tags`, `Paypal_Email`) VALUES ('" . $ud['name'] . "', '" . $ud['email'] . "', '" . $ud['username'] . "', '" .$ud['password'] . "', '" . $ud['location'] . "', '" . $ud['platform'] . "', '" . $ud['developer_or_designer'] . "', '" . $ud['tags'] . "', '" . $ud['paypal_email'] . "')") or die(mysql_error());

Also if the values are coming from user input you should run each value through mysql_real_escape_string to help prevent against SQL injection attacks

Upvotes: 0

Dzoki
Dzoki

Reputation: 739

$query = mysql_query("INSERT INTO `Developers` (`Name`,`Email`,`Username`,`Password`,`Location`,`Platform`,`Developer_or_Designer`,`Tags`, `Paypal_Email`) VALUES ('" . $ud['name'] . "', '" . $ud['email'] . "', '" . $ud['username'] . "', '" .$ud['password'] . "', '" . $ud['location'] . "', '" . $ud['platform'] . "', '" . $ud['developer_or_designer'] . "', '" . $ud['tags'] . "', '" . $ud['paypal_email'] . "')") or die(mysql_error());

try it:)

Upvotes: 0

Jeff
Jeff

Reputation: 6663

You need quotes around each value in parenthases

Upvotes: 1

Related Questions