Hi,
Can anyone please tell me whats wrong with this piece of code? I am trying to insert email (user name)in the database. This thing is now getting on my nerves.

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form")) {
  $insertSQL = sprintf("INSERT INTO blog (title, specialization, message) VALUES (%s, %s, %s, ".$_SESSION['MM_Username'].")",
                       GetSQLValueString($_POST['title'], "text"),
                       GetSQLValueString($_POST['specialization'], "text"),
                       GetSQLValueString($_POST['words'], "text"));

  mysql_select_db($database_con_reg, $con_reg);
  $Result1 = mysql_query($insertSQL, $con_reg) or die(mysql_error());

This is producing the following error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@hotmail.com)' at line 1

Can anyone please help me with this piece of code? Any help will be highly appreciated.

Regards,

Bilal A. Khan

the problem lies with your query. You only have 3 fields specified but 4 values.

it should be something like this

INSERT INTO blog (title, specialization, message, user) VALUES (%s, %s, %s, ".$_SESSION['MM_Username'].")

I'm not sure what the field is for but replace user with what ever field you use.

the problem lies with your query. You only have 3 fields specified but 4 values.

it should be something like this

INSERT INTO blog (title, specialization, message, user) VALUES (%s, %s, %s, ".$_SESSION['MM_Username'].")

I'm not sure what the field is for but replace user with what ever field you use.

Hi,

Thank you very much for the reply. I tried the following but nothing happed. Getting the same error.

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form")) {
  $insertSQL = sprintf("INSERT INTO blog (title, specialization, message,email) VALUES (%s, %s, %s, ".$_SESSION['MM_Username'].")",
                       GetSQLValueString($_POST['title'], "text"),
                       GetSQLValueString($_POST['specialization'], "text"),
                       GetSQLValueString($_POST['words'], "text"));

  mysql_select_db($database_con_reg, $con_reg);
  $Result1 = mysql_query($insertSQL, $con_reg) or die(mysql_error());

Any other clues for this error? Still getting the error given below:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@hotmail.com)' at line 1

Regards,

Bilal A. Khan

Why is you query so complex, simplify it to:

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form")) {
  $insertSQL = "INSERT INTO blog (title, specialization, message, email) VALUES ' " . mysql_real_escape_string($_POST['title')  . " ', ' " . mysql_real_escape_string($_POST['specialization']) . " ', ' " . mysql_real_escape_string($_POST['words']) . " ', ' " . mysql_real_escape_string($_SESSION['MM_Username']) . " ' ";

  mysql_select_db($database_con_reg, $con_reg);
  $Result1 = mysql_query($insertSQL, $con_reg) or die(mysql_error());
}

Why is you query so complex, simplify it to:

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form")) {
  $insertSQL = "INSERT INTO blog (title, specialization, message, email) VALUES ' " . mysql_real_escape_string($_POST['title')  . " ', ' " . mysql_real_escape_string($_POST['specialization']) . " ', ' " . mysql_real_escape_string($_POST['words']) . " ', ' " . mysql_real_escape_string($_SESSION['MM_Username']) . " ' ";

  mysql_select_db($database_con_reg, $con_reg);
  $Result1 = mysql_query($insertSQL, $con_reg) or die(mysql_error());
}

Thank you very much for the reply. I am really grateful for your help. Tried your piece of code. The code is given below:

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form")) {
  $insertSQL = "INSERT INTO blog (title, specialization, message, email) VALUES ' " . mysql_real_escape_string($_POST['title'])  . " ', ' " . mysql_real_escape_string($_POST['specialization']) . " ', ' " . mysql_real_escape_string($_POST['words']) . " ', ' " . mysql_real_escape_string($_SESSION['MM_Username']) . " ' ";

  mysql_select_db($database_con_reg, $con_reg);
  $Result1 = mysql_query($insertSQL, $con_reg) or die(mysql_error());

It gives me an error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' Let us try ', ' Addiction ', '
Let us hope it works...

', ' fizza@hotma' at line 1

Why am I getting this error? What does this error mean?

Regards,

Bilal A. Khan

Sorry, I forgot the ( ) around the values, so it should be

$insertSQL = "INSERT INTO blog (title, specialization, message, email) VALUES (' " . mysql_real_escape_string($_POST['title'])  . " ', ' " . mysql_real_escape_string($_POST['specialization']) . " ', ' " . mysql_real_escape_string($_POST['words']) . " ', ' " . mysql_real_escape_string($_SESSION['MM_Username']) . " ')";

  mysql_select_db($database_con_reg, $con_reg);
  $Result1 = mysql_query($insertSQL, $con_reg) or die(mysql_error());
commented: Solved my problem... thanx a million. +1

Sorry, I forgot the ( ) around the values, so it should be

$insertSQL = "INSERT INTO blog (title, specialization, message, email) VALUES (' " . mysql_real_escape_string($_POST['title'])  . " ', ' " . mysql_real_escape_string($_POST['specialization']) . " ', ' " . mysql_real_escape_string($_POST['words']) . " ', ' " . mysql_real_escape_string($_SESSION['MM_Username']) . " ')";

  mysql_select_db($database_con_reg, $con_reg);
  $Result1 = mysql_query($insertSQL, $con_reg) or die(mysql_error());

Thanks a million mate.... it worked. You have been a great help for me.

Best Regards,

Bilal A, Khan

No problem - please mark as solved.

Mark it solved BilalAKhan!! Its down near the bottom by the quick reply.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.