Loke Cool Loke Cool - 7 months ago 19
SQL Question

Why am i getting syntax error or access violation?

When i am trying to insert something to database i am getting syntax error.I have this following code but i don't really know what i am doing wrong.

if(isset($_POST['imadbID']) || isset($_POST['comment'])|| isset($_POST['Title']) || isset($_POST['Year'])
|| isset($_POST['released']) || isset($_POST['Runtime'])|| isset($_POST['Actors'])||isset($_POST['Country']) || isset($_POST['Language'])
|| isset($_POST['Plot']) || isset($_POST['Poster']) || isset($_POST['Director']) || isset($_POST['Writer']) || isset($_POST['imdbRating']) || isset($_POST['tst'])){
$imdbid=json_decode($_POST['imdbID']); $comment=json_decode($_POST['comment']);
$title=json_decode($_POST['Title']); $year=json_decode($_POST['Year']); $released=json_decode($_POST['Released']);
$runtime=json_decode($_POST['Runtime']); $actor=json_decode($_POST['Actors']); $country=json_decode($_POST['Country']);
$lang=json_decode($_POST['Language']); $plot=json_decode($_POST['Plot']); $poster=json_decode($_POST['Poster']);
$director=json_decode($_POST['Director']); $writer=json_decode($_POST['Writer']); $rating=json_decode($_POST['imdbRating']);
$test=json_decode($_POST['tst']);
}
try {
$sql="INSERT INTO films (title,length,description,releasedate,bannerpath,language,imdbid,country,rating)
VALUES ($title,$runtime,$plot,$released,$poster,$lang,$imdbid,$country,$rating)";
$conn->exec($sql);
$film_id=$conn->lastInsertId($sql);
}
catch(PDOException $e) {
echo 'ERROR: ' . $e->getMessage();
}


i have browsed other question and answer related to this but can't seem to find a solution.

the error i am getting


ERROR: SQLSTATE[42000]: Syntax error or access violation: 1064 You
have an error in your SQL syntax; check the manual that corresponds to
your MySQL server version for the right syntax to use near
',,,,,,,6.5)' at line 2

Answer

The lack of quotes is probably the reason for the syntax error, however you're using PDO in a way that is unsafe, you might as well go back to using mysql_*

Try this..

$sql=$conn->prepare("INSERT INTO films (title,length,description,releasedate,bannerpath,language,imdbid,country,rating)
VALUES (:t,:r,:p,:re,:po,:s,:i,:c,:ra)");
$sql->execute(array(":t"=>$title, ":r"=>$runtime, ":p"=>$plot, ":re"=>$released, ":po"=>$poster,":s"=>$lang,":i"=>$imdbid, ":c"=>$country, ":ra"=>$rating));
Comments