7 Replies - 577 Views - Last Post: 14 July 2009 - 03:52 PM Rate Topic: -----

#1 UnknownCoder  Icon User is offline

  • D.I.C Head
  • member icon

Reputation: 5
  • View blog
  • Posts: 135
  • Joined: 22-February 09

SQL Syntax Error

Posted 14 July 2009 - 03:14 PM

I am having trouble trying to fix my sql query string, it is shown below:

mysql_query("INSERT INTO code_archive (`name`,`title`,`time`,`content`) VALUES ('$_POST[name]','$_POST[title]',time(),'$_POST[content]')") or die(mysql_error());


The exact error is this:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '),'This is a test.')' at line 2

Any help will be appreciated!

This post has been edited by UnknownCoder: 14 July 2009 - 03:25 PM


Is This A Good Question/Topic? 0
  • +

Replies To: SQL Syntax Error

#2 CTphpnwb  Icon User is online

  • D.I.C Lover
  • member icon

Reputation: 2889
  • View blog
  • Posts: 10,000
  • Joined: 08-August 08

Re: SQL Syntax Error

Posted 14 July 2009 - 03:28 PM

This doesn't look right:
time()
and using post data that hasn't been scrubbed is a major security problem.
Was This Post Helpful? 0
  • +
  • -

#3 UnknownCoder  Icon User is offline

  • D.I.C Head
  • member icon

Reputation: 5
  • View blog
  • Posts: 135
  • Joined: 22-February 09

Re: SQL Syntax Error

Posted 14 July 2009 - 03:30 PM

Ok but isn't the time() function used to get the current time? or am I mistaken?
Was This Post Helpful? 0
  • +
  • -

#4 Decypher  Icon User is offline

  • D.I.C Regular

Reputation: 2
  • View blog
  • Posts: 400
  • Joined: 28-June 08

Re: SQL Syntax Error

Posted 14 July 2009 - 03:44 PM

thats NOW()
Was This Post Helpful? 0
  • +
  • -

#5 UnknownCoder  Icon User is offline

  • D.I.C Head
  • member icon

Reputation: 5
  • View blog
  • Posts: 135
  • Joined: 22-February 09

Re: SQL Syntax Error

Posted 14 July 2009 - 03:46 PM

I thought now() was used to get the current date? Anyway, does anyone know how to fix this sql string please?
Was This Post Helpful? 0
  • +
  • -

#6 CTphpnwb  Icon User is online

  • D.I.C Lover
  • member icon

Reputation: 2889
  • View blog
  • Posts: 10,000
  • Joined: 08-August 08

Re: SQL Syntax Error

Posted 14 July 2009 - 03:48 PM

In php, not mysql. If you want to use the current time in mysql, then you could do something like:
$query = "INSERT INTO code_archive (`name`,`title`,`time`,`content`) VALUES ('$scrubbed_name','$scrubbed_title',".time().",'$scrubbed_content')";


where
$scrubbed_somevariable = mysql_real_escape_string($_POST['somevariable']);

This post has been edited by CTphpnwb: 14 July 2009 - 03:50 PM

Was This Post Helpful? 0
  • +
  • -

#7 Decypher  Icon User is offline

  • D.I.C Regular

Reputation: 2
  • View blog
  • Posts: 400
  • Joined: 28-June 08

Re: SQL Syntax Error

Posted 14 July 2009 - 03:49 PM

well it gets date and the time...

maybe make a variable

$time = time(H:i);
Was This Post Helpful? 0
  • +
  • -

#8 UnknownCoder  Icon User is offline

  • D.I.C Head
  • member icon

Reputation: 5
  • View blog
  • Posts: 135
  • Joined: 22-February 09

Re: SQL Syntax Error

Posted 14 July 2009 - 03:52 PM

Ok thanks for the contributions guys it works now :D
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1