divinedesigns1 Posted June 12, 2012 Share Posted June 12, 2012 hey sup, ok i was just testing this code, piece by piece by uploading a certain amount of lines to my host and everything was working until i fill in the forms and it give me this output Error inserting record: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'a demo for the demo of demos, 0, '', '')' at line 1 the problem isnt on line 1, because line 1 have the opening php tag <?php, the error is on line 10, which is $sql = "INSERT INTO albums VALUES(0," . addslashes($_POST['p_name']) . ", " . addslashes($_POST['p_desc']) . ", 0, '', '')"; and what this does is insert the name and description into the database under the name and description table, this is pretty much the only error i have ran into for the day. i look it up and from what i read, they said to make sure your host is running php5 or later, which it is. so if anyone can say how to fix this kindly let me know or point me in the right direction thanks Link to comment Share on other sites More sharing options...
birbal Posted June 12, 2012 Share Posted June 12, 2012 the line it is pointing is not the number of php.line it is number of line which passed in mysql server. did you try printing out the query how does it look? Link to comment Share on other sites More sharing options...
divinedesigns1 Posted June 12, 2012 Author Share Posted June 12, 2012 the line it is pointing is not the number of php.line it is number of line which passed in mysql server. did you try printing out the query how does it look? this is what its looking likeWhole query : INSERT INTO albums VALUES(0,Demo, this is a demo for the demo of demos, 0, '', '')mhmm i think ill try changing the single quotes to double quotes, even tho it shouldnt matter about the quotes Link to comment Share on other sites More sharing options...
birbal Posted June 12, 2012 Share Posted June 12, 2012 (edited) string fields should be quoted. here 'demo' and 'this is a demo for the demo of demos' should be quoted. and addslashes() is not good enough to prevent sql injection. depending upon your database API you are using, you can consider to use mysql_real_escape_string(),mysqli_real_escape_string() or prepared statements Edited June 12, 2012 by birbal Link to comment Share on other sites More sharing options...
divinedesigns1 Posted June 12, 2012 Author Share Posted June 12, 2012 ok what ya mean birbal, it is in a quote Link to comment Share on other sites More sharing options...
divinedesigns1 Posted June 12, 2012 Author Share Posted June 12, 2012 lol i got it fixed birbal, what was missing was indeed a quote, what i forgot to do was to add the single quotes outside the double quotesthis is what i had before $sql = "INSERT INTO albums VALUES(0," . addslashes($_POST['p_name']) . ", " . addslashes($_POST['p_desc']) . ", 0, '', '')"; and this is the new quote which works$sql = "INSERT INTO albums VALUES(0,'" . addslashes($_POST['album_name']) . "', '" . addslashes($_POST['album_desc']) . "', 0, '', '')"; Link to comment Share on other sites More sharing options...
divinedesigns1 Posted June 12, 2012 Author Share Posted June 12, 2012 so i got that one fix but then i ended up with this one Invalid query: Column count doesn't match value count at row 1 Whole query : INSERT INTO album VALUES(0,'Demo', 'this is a demo for the demo of demos', 0, '', '') i checked with the database table which isCREATE TABLE album (album_id int(11) NOT NULL auto_increment,album_name varchar(255) NOT NULL default '',album_desc text NOT NULL,album_cover varchar(255) NOT NULL default '',PRIMARY KEY (album_id),KEY album_name (album_name)) TYPE=MyISAM; i can have a key and a primary key right? Link to comment Share on other sites More sharing options...
Ingolme Posted June 12, 2012 Share Posted June 12, 2012 You seem to have too many values in your query. There only needs to be four values, you have six. Link to comment Share on other sites More sharing options...
divinedesigns1 Posted June 12, 2012 Author Share Posted June 12, 2012 You seem to have too many values in your query. There only needs to be four values, you have six.oooo i didnt notice that at all, thanks ingo Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now