Search questions and share your knowledge with the world here on Questionpoint.
Home > SQL Server Security Interview Questions > What is wrong with my mysql syntax (in php)

:: Categories ::

Interview Question in SQL Server Security


 

Interview Question :: What is wrong with my mysql syntax (in php)


Table: datadump

Columns: table, column, data

Data I want to insert: They are variables; $table, $column, $data

I know that the mysql_select_db and mysql_connect is ok and I will not give that for security reasons, but what about this syntax:

$sql = "INSERT INTO datadump (table, column, data) VALUES ($table,$column,$data)";

$mysqlquery = mysql_query($sql,$con);
if(!$mysqlquery)
{
die('Error: ' . mysql_error());
}

When I run the script with this syntax, I get the following error:

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'table, column, data) VALUES (index,name,fruits)' at line 1

Can you please tell me what to do?
Answers to "What is wrong with my mysql syntax (in php)"
RE: What is wrong with my mysql syntax (in php)?

Strings of text in an SQL statement need to be in quotes. Your $table, $column & $data variables are strings of text so your SQL statement should be as follows:



$sql = "INSERT INTO datadump (table, column, data) VALUES ('$table','$column','$data')";



In response to your additional info:

With the information you have given us, a faulty SQL string is the only logical conclusion. Testing such a string as sugested in my initial answer proves successful so my question to you is: how do you know your connect and select_db statements are ok? that and can you specify any more details about the database itself (IE what are all the fields and their attributes associated in that specific table?) - last of all are you using the addslashes() function to make sure there are no quotes in your variables that could be manipulating your SQL statement?
 
Vote for this answer ::  
RE: What is wrong with my mysql syntax (in php)?

To work with ALL versions of mySQL AND PhP, use the absolute syntax:



$sql = " INSERT INTO `datadump ` ( ` table `, ` column `, ` data`) VALUES ( ' " . $table . " ' , ' " . $column . " ' , ' " . $data . " ' ) " ;

Beware the difference between ' (single quote) and ` (back single quote)

I know, it is a lot of ` and a lot of ' "'. , but it is the recommended syntax.

(Space added for clarity and this stupid editor).
 
Vote for this answer ::  
RE: What is wrong with my mysql syntax (in php)?

Haven't used MySQL extensively (and don't have manual handy) but the syntax looks a bit off irt standard SQL. Try:



$sql = "INSERT table, column, data INTO datadump VALUES ($table,$column,$data)";
 
Vote for this answer ::  
RE: What is wrong with my mysql syntax (in php)?

$sql = "INSERT INTO datadump (table, column, data) VALUES (\"$table\",\"$column\",\"$data\");
 
Vote for this answer ::  
Update Alert Setting

Top Tags



- Sharepoint Developer Interview Questions - Java Interview Questions - J2EE Interview Questions - ASP.NET Interview Questions - MOSS 2007 Interview Questions - WPF Interview Questions - Microsoft CRM Interview Questions - Technical Interview Questions for Programmers
Home | Terms Of Service | Contact Us | Site Blog | Investors | Advertise With Us | Disclaimer | Privacy Policy | Questionpoint Widget
© Questionpoint 2008 User-posted content, unless source quoted, is licensed under a Creative Commons Public Domain License