0

I am using following insert command to insert value in my db table called demo_organization

$sql = "INSERT INTO demo_organization (org_name, abn_acn_no, org_url,city,
                    state, country, pin, street, primary_mobile, 
                    secondary_mobile, primary_landline, 
                    secondary_landline, primary_email,  secondary_email)

            VALUES ($org_name, $abn_acn_no, $org_url, $city, $state, $country, 
                    $pin, $street, $primary_mobile, $secondary_mobile, 
                    $primary_landline, $secondary_landline, $primary_email, 
                    $secondary_email)";

$result = mysql_query($sql) or die (mysql_error());

in php but i am getting error like

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '://loc.com,Melburn,Melburn,Australia,56007,123 park avenue,+6190567890,+89685552' at line 2

i am completely new in php mysql please tell me what i am doing wrong

Improve this question

3 Answers 3

Reset to default
2

You are missing single quotes around the text values:

insert into demo (org_name, abn_acn_no) values ('$org_name', abn_acn_no);
// assumes that abn_acn_no is numeric.

You also cannot pass an empty variable into the query. If you don't have it, you will need to insert it as , null, rather than as a variable with no value - which would result in , , which SQL won't accept - even if the column accepts null values.

Improve this answer
Sign up to request clarification or add additional context in comments.

8 Comments

@MBJ Not inside a SQL query it won't. If you have 3, $yourVar, 3 in a query (and $yourvar='testing' then the query will look like 3, testing, 3 which will not be accepted by mysql as the string is not encapsulated within quotes.
$sql = "INSERT INTO demo_organization (org_name, org_url,abn_acn_no,city,state,country,pin,street,primary_mobile,secondary_mobile,primary_landline,secondary_landline,primary_email,secondary_email) VALUES('$org_name','$org_url','$abn_acn_no','$city','$state','$country','$pin','$street','$primary_mobile','$secondary_mobile','$primary_landline','$secondary_landline','$primary_email','$secondary_email')"; i tried with this also but getting same error
@user1481793 You probably have an empty field. You can check it easily with echo $sql; before passing it to the mysql_query function and this will show you what you are missing. If you are missing fields, you will need to insert a null in their place.
thanks for ur comment i was passing an empty field now i fixed that with ur help
@user1481793 Interesting choice of Accepted answer then hehe :)
|
1

If you will be using MYSQL, you need to escape the values mysql_escape_string($string)

There is a problem with the url provided in the query, try escaping it and running it again.

Otherwise, MYSQL is becoming depreciated, use MYSQLi or PDO

http://php.net/manual/en/book.mysqli.php

http://php.net/manual/en/book.pdo.php

Improve this answer

2 Comments

thanks :) it seems the voted answer, isn't getting positive feedback anyway
I just try to answer MySQL questions and the PHP world seems totally oblivious to how to escape SQL properly. I'm just doing my part to push back against this kind of reckless behavior, and it's good to see you are too.
0

your code is vulverable with your sql injection. I'll recomend MYSQLi or PDO. But anyway, your values that are string format should be wrap with single quotes.

$sql = "INSERT INTO demo_organization (org_name, abn_acn_no, org_url,city,
                state, country, pin, street, primary_mobile, 
                secondary_mobile, primary_landline, 
                secondary_landline, primary_email,  secondary_email)
        VALUES ('$org_name', 'abn_acn_no, '$org_url', '$city', ...,
                 '$secondary_email')";
Improve this answer

1 Comment

You're right to recommend mysqli and PDO, but since this answer is massively vulnerable to SQL injection, it is incorrect. You should be using placeholders like you suggest.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.