Bad SQL Query

Invalid SQL Query through PHP

Page 1 of 1

3 Replies - 1775 Views - Last Post: 03 January 2008 - 08:42 PM

#1 Sacky  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 26
  • Joined: 28-December 07

Bad SQL Query

Post icon  Posted 03 January 2008 - 08:02 PM

Firstly I would like to point out that this is really my first experience working with databases, and its through PHP so here is my code:

$query = mysql_query(
"INSERT INTO ".
$tables['members'].
" ('USERNAME', 'PASSWORD', 'EMAIL', 'RANDOM_KEY') VALUES ('".
mysql_real_escape_string($_POST['username']).
"', '".	
mysql_real_escape_string(sha1($_POST['password'])).
"', '".
mysql_real_escape_string($_POST['email']).
"', '".
random_string('alnum',32).
"')")
or die(mysql_error());


and my Error message is:

Quote

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''USERNAME', 'PASSWORD', 'EMAIL', 'RANDOM_KEY') VALUES ('Sacky', '321f6b7e8bf7f29' at line 1


A full example query is:

INSERT INTO musicflock_members ('USERNAME', 'PASSWORD', 'EMAIL', 'RANDOM_KEY') VALUES ('Sacky', '206c80413b9a96c1312cc346b7d2517b84463edd', 'myemail@hotmail.com', 'JY9HVPNXkyLrLH1KFewx6YVRj7Xg9xk7')


Is This A Good Question/Topic? 0
  • +

Replies To: Bad SQL Query

#2 snoj  Icon User is offline

  • Married Life
  • member icon

Reputation: 84
  • View blog
  • Posts: 3,564
  • Joined: 31-March 03

Re: Bad SQL Query

Posted 03 January 2008 - 08:04 PM

It's because you're using single quote marks ' instead of the backtick ` to surround the field names.
Was This Post Helpful? 0
  • +
  • -

#3 PsychoCoder  Icon User is offline

  • Google.Sucks.Init(true);
  • member icon

Reputation: 1642
  • View blog
  • Posts: 19,853
  • Joined: 26-July 07

Re: Bad SQL Query

Posted 03 January 2008 - 08:07 PM

Change your query to this:

$query = mysql_query(
"INSERT INTO ".
$tables['members'].
" (USERNAME, PASSWORD, EMAIL, RANDOM_KEY) VALUES ('".
mysql_real_escape_string($_POST['username']).
"', '".	
mysql_real_escape_string(sha1($_POST['password'])).
"', '".
mysql_real_escape_string($_POST['email']).
"', '".
random_string('alnum',32).
"')")
or die(mysql_error());



Notice I removed the single quotes around the columns you are entering into, those will cause this error every time, also do an echo to make sure your $_POST variables are populated.

Hope that helps
Was This Post Helpful? 0
  • +
  • -

#4 Sacky  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 26
  • Joined: 28-December 07

Re: Bad SQL Query

Posted 03 January 2008 - 08:42 PM

Yep its working like a charm now, thanks guys :)
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1