1

Ok, so I am trying to insert a dynamical data inside a row. This is most likely not the best way to do it, but after banging my head on the wall for hours I still can't understand why the $insert string won't get queried by mysql_query. Even when I echo it and copy what is echoed to the query it works, but querying the variable doesn't.

$insert = '"INSERT INTO '.$_SESSION['tabsel'].' (';
echo "<form method='post' action=''>";
while($row = mysql_fetch_array($result))
{
    echo "Enter ".$row[0]." <input type='text' name='data[]'>";
    echo "<br>";
    $insert .= $row[0].",";
    $_SESSION['insert'] = $insert;
}

echo "<input type='submit' value='Add'>";
echo "</form>";
if(isset($_POST['data']))
{
    $insert = $_SESSION['insert'];
    $strlength = strlen($insert);
    $insert = substr($insert,0,($strlength-1));
    $insert .= " VALUES (";
    foreach($_POST['data'] as $value)
    {
        $insert .= "'$value',";
        $_SESSION['insert'] = $insert;
    }
}

$insert = $_SESSION['insert'];
$strlength = strlen($insert);
$insert = substr($insert,0,($strlength-1));
$insert .= ')"';
$_SESSION['insert'] = $insert;
$insert = $_SESSION['insert'];
echo $insert."<br>";
$seldb = mysql_select_db($_SESSION['sel']);
if($seldb && (!empty($_POST['data'])) && (isset($_SESSION['sel'])) && (isset($_SESSION['tabsel'])))
{
    $insert = $_SESSION['insert'];
    echo $insert;
    $query = mysql_query($insert, $con);
    if($query)
    {
        echo "Record succesfully added!";
    }
    else
    {
        echo mysql_error();
    }
}

Error given:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near "INSERT INTO mtable (id,nr,d,ra) VALUES ('d','d','d','d')" at line 1

Improve this question
8
  • What about also posting the echo'd string? And there is not mysql_query in your code. Commented Apr 29, 2012 at 10:31
  • "INSERT INTO druga (id,podaci,d,ra) VALUES ('d','d','d','d')" The query is next line :) P.S. Error is You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"INSERT INTO druga (id,podaci,d,ra) VALUES ('d','d','d','d')"' at line 1 Commented Apr 29, 2012 at 10:33
  • 1
    Do not pass unfiltered user input to SQL. The mysql_ functions are being deprecated, you should be using mysqli_ or PDO instead, and use bind variables to pass user input to the query. (Also, I don't actually see any calls to mysql_query in the code you posted.) Commented Apr 29, 2012 at 10:34
  • $query=mysql_query($insert, $con); if($query) { echo "Record succesfully added!"; } else { echo mysql_error(); } } Commented Apr 29, 2012 at 10:36
  • @user1364022, edit your answer and put things in comments. Commented Apr 29, 2012 at 10:38

1 Answer 1

Reset to default
0

Taking a look at the echo'd string

"INSERT INTO druga (id,podaci,d,ra) VALUES ('d','d','d','d')"

You need to remove the leading and trailing quote characters you are placing in the SQL query. Modify these two lines of code:

  • Remove the leading quote character.

    $insert='INSERT INTO '.$_SESSION['tabsel'].' (';

    instead of 

    $insert='"INSERT INTO '.$_SESSION['tabsel'].' (';

  • Remove the trailing quote character.

    $insert.=')';

    instead of 

    $insert.=')"';
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Aha, first time here :) Done!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.