Kindly help with an error

[divinedesigns1]

hey sup, ok i was just testing this code, piece by piece by uploading a certain amount of lines to my host and everything was working until i fill in the forms and it give me this output

Error inserting record: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'a demo for the demo of demos, 0, '', '')' at line 1

the problem isnt on line 1, because line 1 have the opening php tag <?php, the error is on line 10, which is

$sql = "INSERT INTO albums VALUES(0," . addslashes($_POST['p_name']) . ", " . addslashes($_POST['p_desc']) . ", 0, '', '')";

and what this does is insert the name and description into the database under the name and description table, this is pretty much the only error i have ran into for the day. i look it up and from what i read, they said to make sure your host is running php5 or later, which it is. so if anyone can say how to fix this kindly let me know or point me in the right direction thanks

[birbal]

the line it is pointing is not the number of php.line it is number of line which passed in mysql server. did you try printing out the query how does it look?

[divinedesigns1]

the line it is pointing is not the number of php.line it is number of line which passed in mysql server. did you try printing out the query how does it look?

this is what its looking like

Whole query : INSERT INTO albums VALUES(0,Demo, this is a demo for the demo of demos, 0, '', '')

mhmm i think ill try changing the single quotes to double quotes, even tho it shouldnt matter about the quotes

[birbal]

string fields should be quoted. here 'demo' and 'this is a demo for the demo of demos' should be quoted. and addslashes() is not good enough to prevent sql injection. depending upon your database API you are using, you can consider to use mysql_real_escape_string(),mysqli_real_escape_string() or prepared statements

Edited June 12, 2012 by birbal

[divinedesigns1]

ok what ya mean birbal, it is in a quote

[divinedesigns1]

lol i got it fixed birbal, what was missing was indeed a quote, what i forgot to do was to add the single quotes outside the double quotesthis is what i had before

$sql = "INSERT INTO albums VALUES(0," . addslashes($_POST['p_name']) . ", " . addslashes($_POST['p_desc']) . ", 0, '', '')";

and this is the new quote which works

$sql = "INSERT INTO albums VALUES(0,'" . addslashes($_POST['album_name']) . "', '" . addslashes($_POST['album_desc']) . "', 0, '', '')";

[divinedesigns1]

so i got that one fix but then i ended up with this one

Invalid query: Column count doesn't match value count at row 1 Whole query : INSERT INTO album VALUES(0,'Demo', 'this is a demo for the demo of demos', 0, '', '')

i checked with the database table which is

CREATE TABLE album (album_id int(11) NOT NULL auto_increment,album_name varchar(255) NOT NULL default '',album_desc text NOT NULL,album_cover varchar(255) NOT NULL default '',PRIMARY KEY (album_id),KEY album_name (album_name)) TYPE=MyISAM;

i can have a key and a primary key right?

[Ingolme]

You seem to have too many values in your query. There only needs to be four values, you have six.

[divinedesigns1]

You seem to have too many values in your query. There only needs to be four values, you have six.

oooo i didnt notice that at all, thanks ingo