You have an error in your SQL syntax;

[Gatsu]

Hello, I get an error I dont understand, please tell me whats wrong if you know =)I have created a table in my db and I get.

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'level, desired level, world type, prem, skills, mag, eq, id, leveler, msn, Order' at line 1

the line looks likethis

$sql="INSERT INTO orders (login, vocation, current level, desired level, world type, prem, skills, mag, eq, id, leveler, msn, Order status)VALUES(".$_POST['login'].",".$_POST['select1'].",".$_POST['select2'].",".$_POST['select3'].",".$_POST['select4'].",".$_POST['select5'].",".$_POST['select6'].",".$_POST['select7'].",".$_POST['select8'].",".$_POST['leveler'].",".$_POST['msn'].",".$_POST['order status'].")";

[Reg Edit]

INSERT INTO orders (login, vocation, current level, desired level, world type [...]

I don't do MySQL but in all the SQL I have used, you would need to do something about the spaces in the fieldnames, normally enclosing the fieldnames in square brackets:

INSERT INTO orders (login, vocation, [current level], [desired level], [world type]

[Gatsu]

you may be right but your solution gave me this insteda ^^

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '[current level], [desired level], [world type], prem, skills, mag, eq, id,' at line 1

Thank you anyway ^^

[Gatsu]

I removed the spaces and got

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'knight,8+,8+,Non-Pvp,Free,10/10+,0+,none,,,)' at line 3

and these are the values I tried to addwhat does syntax error mean?and line 3 where????

[justsomeguy]

Syntax error means that the code structure is not valid, the computer doesn't know what you mean. The error in this case is that you have string values without quotes. You need to put quotes around anything that's not a number field.

[Gatsu]

but they do have quotes

$sql="INSERT INTO orders (login, vocation, cl, dl, wt, prem, skills, mag, eq, id, leveler, msn, os)VALUES(".$_POST['login'].",".$_POST['select1'].",".$_POST['select2'].",".$_POST['select3'].",".$_POST['select4'].",".$_POST['select5'].",".$_POST['select6'].",".$_POST['select7'].",".$_POST['select8'].",".$_POST['leveler'].",".$_POST['msn'].",".$_POST['order status'].")";

[justsomeguy]

No they don't.You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'knight,8+,8+,Non-Pvp,Free,10/10+,0+,none,,,)' at line 3Should be:'knight','8+','8+','Non-Pvp','Free','10/10+','0+','none','','','')

[Gatsu]

first try gets'\'knight\',\'8+\',\'8+\',\'Non-Pvp\',\'Free\',\'10/10+\',\'0+\',\'none\',,,)' at line 3second gets''login', 'vocation', 'cl', 'dl', 'wt', 'prem', 'skills', 'mag', 'eq', 'id', 'lev'

[justsomeguy]

$sql="INSERT INTO orders (login, vocation, cl, dl, wt, prem, skills, mag, eq, id, leveler, msn, os)VALUES('".$_POST['login']."','".$_POST['select1']."','".$_POST['select2']."','".$_POST['select3']."','".$_POST['select4']."','".$_POST['select5']."','".$_POST['select6']."','".$_POST['select7']."','".$_POST['select8']."','".$_POST['leveler']."','".$_POST['msn']."','".$_POST['order status']."')";

There. That code is also vulnerable to SQL injection attacks, it's not safe to include anything from $_GET, $_POST, or $_COOKIE directly into a SQL statement without escaping it.http://www.php.net/manual/en/security.data...l-injection.phphttp://www.php.net/manual/en/function.mysq...cape-string.php

[Gatsu]

thank you soooo much for helping me =)=)I will look at the injection attack thing. thank you thank you thank you thank you thank you