Everybody! This is important. In a few days, these forums will be moving over to using the totally sweet Discourse platform. To ensure this migration happens smoothly with no loss of content, these forums are currently in a read-only mode. I do apologize for the inconvenience.

There is never a good time to turn the forums off for an extended period of time, but I promise the new forums will be a billion times better. I'm pretty sure of it.

See you all on the other side in a few days, and if you have any (non-technical) questions, please e-mail me at kirupa@kirupa.com. For technical questions, try to find a tutorial that corresponds to what you are looking for and post in the comments section of that page.

Cheers,
Kirupa

Results 1 to 8 of 8

Thread: mysql_query

  1. #1

    mysql_query

    im starting to learn how to interact with mysql with php. but i keep getting an error from this line of code

    mysql_query("INSERT INTO sm2lvls('user','level','rating')VALUES($Suser,$Sle vel,$Srating)")or die(mysql_error());

    the error is

    You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''user','level','rating')VALUES(,,)' at line 1
    Zed Town- zombie killing game
    moar games at NPGAM.ES

  2. #2
    PHP Code:
    $Sle vel ==> $Slevel 
    Remove the space between this variable. Variables cannot have spaces. "Vel" will be interpreted as a constant, which you probably don't have defined and have no cause to define.

    If that doesn't work, I believe all values need to be wrapped in quotes.

    PHP Code:
    VALUES('$var1''$var2'
    And I've never put quotes around the table columns before....

    PHP Code:
    INSERT INTO tableName(column1column2
    Last edited by NeoDreamer; September 3rd, 2009 at 12:32 PM.

  3. #3
    ^ Definitely try that. Although if the values are variables, I don't think they need to be in quotes, do they? The string value of the variable should already have "quotes".
    Proud Montanadian
    You want a toe? I can get you a toe... Hell, I can get you a toe by three o'clock this afternoon, with nail polish.

  4. #4
    i must have added the space on accident when pasting. its not in the actual code

    i wrapped the variables in quotes, that didnt work.

    and do you mean remove the quotes, so it looks like this
    Code:
    mysql_query(INSERT INTO sm2lvls('user','level','rating')VALUES('$Suser','$Slevel','$Srating'))or die(mysql_error());
    or something else because then i get a parse error
    Last edited by npgames; September 3rd, 2009 at 01:36 PM.
    Zed Town- zombie killing game
    moar games at NPGAM.ES

  5. #5
    solved

    Code:
    mysql_query("INSERT INTO sm2lvls(user,level,rating)VALUES('$Suser','$Slevel','$Srating')")or die(mysql_error());
    Zed Town- zombie killing game
    moar games at NPGAM.ES

  6. #6
    Be careful to never use user-input variables directly in your queries. Unless you are 100% certain that a variable cannot cause any SQL injection vulnerabilities, you must always apply mysql_real_escape_string to them before inserting them into query strings. Even better would be to use prepared statements, as they take care of this for you automatically.

    Google "PHP SQL injection", you'll find plenty of information on the subject.
    Wait, what?

  7. #7
    wow thanks for the info.
    Zed Town- zombie killing game
    moar games at NPGAM.ES

  8. #8
    just to check, this is how it works right

    Code:
    $Sid = $HTTP_POST_VARS["Id"];
    mysql_real_escape_string($Sid);
    Zed Town- zombie killing game
    moar games at NPGAM.ES

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Home About kirupa.com Meet the Moderators Advertise

 Link to Us

 Credits

Copyright 1999 - 2012