0

I have the following php query...

INSERT INTO `demographic2` (id, name, first_name, last_name, link, username, birthday, gender, relationship_status, email, timezone, locale, verified, updated_time) VALUES (845450180, Liam Gallagher, Liam, Gallagher, http://www.facebook.com/lia.co.uk, lia.co.uk, 11/25/1989, male, Single, [email protected], 1, en_US, 1, 2012-03-30T21:54:17+0000)

I cant see any errors but for some reason the above wont insert data into my table, the schema looks like so...

enter image description here

Regarding string literals, I have this as my insert query, How would i add the quotes?

$columns = implode(", ",array_keys($userInfo));
            $escaped_values = array_map('mysql_real_escape_string', array_values($userInfo));
            $values  = implode(", ", $escaped_values);
            $sql = "INSERT INTO `demographic2` ($columns) VALUES ($values)";
Improve this question
1
  • 1
    You need to write strings inside quote, like VALUES ('845450180', 'Liam Gallagher'... Commented Apr 7, 2012 at 14:01

6 Answers 6

Reset to default
2

Read about string literals in MySQL. You have to write strings in quotes, eg: "my text".

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2

You should wrap your string value with "" or '', e.g. "value" or 'value'.

You can also read more about anti-SQL-injection techniques to create an SQL query string better at http://www.unixwiz.net/techtips/sql-injection.html

Improve this answer

Comments

1

you can try enclosing ', ' as glue into the implode() in the second use, so it becomes:

$columns = implode(", ",array_keys($userInfo));
            $escaped_values = array_map('mysql_real_escape_string', array_values($userInfo));
            $values  = implode("', '", $escaped_values);
            $sql = "INSERT INTO `demographic2` ({$columns}) VALUES ('{$values}')";
Improve this answer

Comments

1

I think you need to add 'SomevarcharOrDatetime'

INSERT INTO `demographic2` 
(
  id, name, 
  first_name, 
  last_name, 
  link, 
  username, 
  birthday, 
  gender, 
  relationship_status, 
  email, 
  timezone, 
  locale, 
  verified, 
  updated_time
) 
VALUES 
(
  845450180, 
  'Liam Gallagher', 
  'Liam', 
  'Gallagher', 
  'http://www.facebook.com/lia.co.uk', 
  'lia.co.uk', 
  '11/25/1989', 
  'male', 
  'Single', 
  '[email protected]', 
  1, 
  'en_US', 
  1, 
  '2012-03-30T21:54:17+0000'
)
Improve this answer

Comments

1

Nothing is quoted.

INSERT INTO `demographic2` (id, name, first_name, last_name, link, username, birthday, gender, relationship_status, email, timezone, locale, verified, updated_time)
VALUES (845450180, "Liam Gallagher", "Liam", "Gallagher", "http://www.facebook.com/lia.co.uk", "lia.co.uk", "11/25/1989", "male", "Single", "[email protected]", "1", "en_US", "1", "2012-03-30T21:54:17+0000")

Also, why aren't you using DATE columns for dates (birthday)?

Improve this answer

Comments

0

Use custom function to map each value & apply single quote to escaped string.

$columns = implode(", ",array_keys($userInfo));
$escaped_values = array_map('escape_inpt_string', array_values($userInfo));
$values  = implode(", ", $escaped_values);
$sql = "INSERT INTO `demographic2` ($columns) VALUES ($values)";

function escape_inpt_string($val) {
  return "'".mysql_real_escape_string($val)."'";
}

Cheers!!

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.