Apulo Ohale Cosmas Lite Apulo Ohale Cosmas Lite - 1 month ago 8
MySQL Question

PHP inserting data into database results in an error

I am trying to send data to my database, but I get an error:


Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'long,avbal,annual2,namebank,bankrupt,unpaid,summy) VALUES ('','','','','','','' at line 1


When I delete the affected fields and the values stated above, the information will be posted accordingly. I don't know what causes this.

CODE:

$sql="INSERT INTO client (first,middle,last,dob,ssn,streetad,city,state,zip,malayct,nomalay,phone,ownership,annual,worth,bizname,taxid,staddress,city2,state2,zip2,mail,bizphone,bizfax,email,contact,bizst,otherbizst,bizdisp,formation,establish,loantype,paytype,loanpurpose,availcolat,othercolat,pribank,long,avbal,annual2,namebank,bankrupt,unpaid,summy)
VALUES
('$_POST[name1]','$_POST[name2]','$_POST[name3]','$_POST[name4]','$_POST[name5]','$_POST[name6]','$_POST[name7]','$_POST[name8]','$_POST[name9]','$_POST[name10]','$_POST[name11]','$_POST[name12]','$_POST[name13]','$_POST[name14]','$_POST[name15]','$_POST[name16]','$_POST[name17]','$_POST[name18]','$_POST[name19]','$_POST[name20]','$_POST[name21]','$_POST[name22]','$_POST[name23]','$_POST[name24]','$_POST[name25]','$_POST[name26]','$_POST[name27]','$_POST[name28]','$_POST[name29]','$_POST[name30]','$_POST[name31]','$_POST[name32]','$_POST[name33]','$_POST[name34]','$_POST[name35]','$_POST[name36]','$_POST[name37]','$_POST[name38]','$_POST[name39]','$_POST[name40]','$_POST[name41]','$_POST[name42]','$_POST[name43]','$_POST[name44]')";

Answer

Your immediate problem is that long is a reserved word.

You need to wrap it in backticks, eg

INSERT INTO ... pribank, `long`, avbal, ...

See http://dev.mysql.com/doc/refman/5.0/en/identifiers.html

This says nothing for the security of your application. I strongly suggest you read up on PDO, PDO::prepare() and PDOStatement::bindParam()

Comments