[UnknownCoder]

I am having trouble trying to fix my sql query string, it is shown below:

mysql_query("INSERT INTO code_archive (`name`,`title`,`time`,`content`) VALUES ('$_POST[name]','$_POST[title]',time(),'$_POST[content]')") or die(mysql_error());

The exact error is this:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '),'This is a test.')' at line 2

Any help will be appreciated!

This post has been edited by UnknownCoder: 14 July 2009 - 03:25 PM

[CTphpnwb]

This doesn't look right:
time()
and using post data that hasn't been scrubbed is a major security problem.

[UnknownCoder]

Ok but isn't the time() function used to get the current time? or am I mistaken?

[Decypher]

thats NOW()

[UnknownCoder]

I thought now() was used to get the current date? Anyway, does anyone know how to fix this sql string please?

[CTphpnwb]

In php, not mysql. If you want to use the current time in mysql, then you could do something like:

$query = "INSERT INTO code_archive (`name`,`title`,`time`,`content`) VALUES ('$scrubbed_name','$scrubbed_title',".time().",'$scrubbed_content')";

where
$scrubbed_somevariable = mysql_real_escape_string($_POST['somevariable']);

This post has been edited by CTphpnwb: 14 July 2009 - 03:50 PM

[Decypher]

well it gets date and the time...

maybe make a variable

$time = time(H:i);

[UnknownCoder]

Ok thanks for the contributions guys it works now