0

I am trying to create a platform where tables can be created from a php from and named as the variable that the submitter types. The code I have here has causes a mysql syntax error. I believe it is a matter of parenthesis placement but every combination I have tryed ha been unsuccessful can anyone figure it out? I have taken out the incorrect parenthesis to make it less confusing 

    <?php

if (isset($_POST['submit']))
{ 
$name=$_POST['name'];

mysql_connect("localhost", "root", "") or die(mysql_error());
mysql_select_db("test") or die(mysql_error());


mysql_query("CREATE TABLE '$name'(
id INT NOT NULL AUTO_INCREMENT,
PRIMARY KEY(id),
name VARCHAR(30),
age INT)")
or die(mysql_error());  

echo "Table Created!";

?>   <html><form method='POST'>..........</html>
Improve this question
3
  • 1
    Can you post the syntax error that you get. Commented Jul 27, 2012 at 15:38
  • You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''test'( id INT NOT NULL AUTO_INCREMENT, PRIMARY KEY(id), name VARCHA' at line 1 Commented Jul 27, 2012 at 15:41
  • Use backticks around $name in your query text, not single quotes. The backtick is the default delimiter for object names in MySQL. Commented Jul 27, 2012 at 15:55

5 Answers 5

Reset to default
2

Use backticks around the table name in your SQL text:

mysql_query("CREATE TABLE `$name`(

The backticks are the default delimiter for identifiers in MySQL. (Note: it is possible to enable other delimiters, but you don't really want to go there.)

The backticks are required if the identifier is a reserved word, contains white space, etc. (The backticks can be omitted in a lot of cases, but it's not wrong to use them when they aren't required. Basically, think of the rule as "always use backticks around identifiers", and omit them when its convenient and you are sure they aren't required.)

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

This might work:

if (isset($_POST['submit']))
{ 
$name=$_POST['name'];

mysql_connect("localhost", "root", "") or die(mysql_error());
mysql_select_db("test") or die(mysql_error());


mysql_query("CREATE TABLE ".$name."(
id INT NOT NULL AUTO_INCREMENT,
PRIMARY KEY(id),
name VARCHAR(30),
age INT)")
or die(mysql_error());  

echo "Table Created!";
}
?>

I have tested it and no problems there... it creates the table with this structure.

Improve this answer

Comments

0

CHANGE TO : mysql_query("CREATE TABLE ".$name."(

Improve this answer

Comments

0

You don't single quote the table name. Place it in back-ticks so that it can handle even names that match reserved words or characters. Like this

mysql_query("CREATE TABLE `$name`(
id INT NOT NULL AUTO_INCREMENT,
PRIMARY KEY(id),
name VARCHAR(30),
age INT)")

You could also do without back-ticks like sin other suggested answers, but this is more reliable if you don;t want to have to check the table name against a bunch of MySQL reserved words first.

Improve this answer

Comments

0

Unless you trust the input data completely, it's very important that you validate $name to protect against SQL injection.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.