This sql query is not working:
$sql = "INSERT INTO top(topic_subject,topic_date, topic_cat, topic_by)
VALUES(" . mysql_real_escape_string($_POST['topic_subject']) . " , NOW()," . mysql_real_escape_string($_POST['topic_cat']) . " , " . isset ($_SESSION['user_id']) . ")";
how can I fix it?. I am getting this error message.
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')' at line 2`
It's likely that topic_subject is character data. To include literal strings in SQL text, it should be enclosed in single quotes.
... VALUES ('abc', ...
If you used prepared statements, this wouldn't be an issue, and for the love of all things that are beautiful and good in this world, don't use the deprecated PHP mysql_ interface for new development. It's been superseded by the mysqli_ and PDO interfaces.
You forgot the quotes.
$sql = "INSERT INTO top(topic_subject,topic_date, topic_cat, topic_by)
VALUES('" . mysql_real_escape_string($_POST['topic_subject']) . "' , NOW(),'" . mysql_real_escape_string($_POST['topic_cat']) . "' , '" . isset ($_SESSION['user_id']) . "')";
And be aware that mysql_* is deprecated. Use PDO or mysqli instead.
There are couple problems here.
$topic_subject = mysql_real_escape_string($_POST['topic_subject']);
$topic_date = NOW();
$topic_cat = mysql_real_escape_string($_POST['topic_cat']);
$topic_by = isset($_SESSION['user_id']) ? $_SESSION['user_id'] : ""; // always returns a string value.
$sql = "INSERT INTO top(topic_subject,topic_date, topic_cat, topic_by)
VALUES('{$topic_subject}' , {$right_now}, '{$topic_cat}' , '{$topic_by}')";
It may help you to use more variables in your code (shown) so that you can use a debugger to verify that the strings and variables you create have the values you intend them to have.
