Jump to content

Kindly help with an error


divinedesigns1
 Share

Recommended Posts

hey sup, ok i was just testing this code, piece by piece by uploading a certain amount of lines to my host and everything was working until i fill in the forms and it give me this output

Error inserting record: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'a demo for the demo of demos, 0, '', '')' at line 1
the problem isnt on line 1, because line 1 have the opening php tag <?php, the error is on line 10, which is
$sql = "INSERT INTO albums VALUES(0," . addslashes($_POST['p_name']) . ", " . addslashes($_POST['p_desc']) . ", 0, '', '')";

and what this does is insert the name and description into the database under the name and description table, this is pretty much the only error i have ran into for the day. i look it up and from what i read, they said to make sure your host is running php5 or later, which it is. so if anyone can say how to fix this kindly let me know or point me in the right direction thanks

Link to comment
Share on other sites

the line it is pointing is not the number of php.line it is number of line which passed in mysql server. did you try printing out the query how does it look?

Link to comment
Share on other sites

the line it is pointing is not the number of php.line it is number of line which passed in mysql server. did you try printing out the query how does it look?
this is what its looking like
Whole query : INSERT INTO albums VALUES(0,Demo, this is a demo for the demo of demos, 0, '', '')
mhmm i think ill try changing the single quotes to double quotes, even tho it shouldnt matter about the quotes
Link to comment
Share on other sites

string fields should be quoted. here 'demo' and 'this is a demo for the demo of demos' should be quoted. and addslashes() is not good enough to prevent sql injection. depending upon your database API you are using, you can consider to use mysql_real_escape_string(),mysqli_real_escape_string() or prepared statements

Edited by birbal
Link to comment
Share on other sites

lol i got it fixed birbal, what was missing was indeed a quote, what i forgot to do was to add the single quotes outside the double quotesthis is what i had before

$sql = "INSERT INTO albums VALUES(0," . addslashes($_POST['p_name']) . ", " . addslashes($_POST['p_desc']) . ", 0, '', '')";
and this is the new quote which works
$sql = "INSERT INTO albums VALUES(0,'" . addslashes($_POST['album_name']) . "', '" . addslashes($_POST['album_desc']) . "', 0, '', '')";
Link to comment
Share on other sites

so i got that one fix but then i ended up with this one

Invalid query: Column count doesn't match value count at row 1 Whole query : INSERT INTO album VALUES(0,'Demo', 'this is a demo for the demo of demos', 0, '', '')
i checked with the database table which is
CREATE TABLE album (album_id int(11) NOT NULL auto_increment,album_name varchar(255) NOT NULL default '',album_desc text NOT NULL,album_cover varchar(255) NOT NULL default '',PRIMARY KEY (album_id),KEY album_name (album_name)) TYPE=MyISAM;
i can have a key and a primary key right?
Link to comment
Share on other sites

You seem to have too many values in your query. There only needs to be four values, you have six.
oooo i didnt notice that at all, thanks ingo
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...