SQL syntax error and undefine index error

Question

After a long search not able to find the solution

Undefined index: coursename in C:\wamp\www\StudentInformationProject\Student_new\courseinsert.php on line 17

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1'>

Here is the code

if(isset($_POST["button"]))
{
    $sql="INSERT INTO course(courseid, coursename, comment, coursekey)
    VALUES('".$_POST['courseid']."','".$_POST['coursename']."',
    '".$_POST['comment']."','".$_POST['coursekey']."')";

    if (!mysql_query($sql,$con))
    {
        die('Error: ' . mysql_error());
    }
    else
    {
        echo "1 record Inserted Successfully...";
    }
 }

"Undefined index: coursename" - you don't seem to be POSTing the course name. Also, I hope you learn about SQL injection soon! — Blorgbeard, Jun 25 '13 at 20:26
Try `echo`ing `$sql` and see if you can see what's wrong with it — Blorgbeard, Jun 25 '13 at 20:29
As @Blorgbeard says, check [this](http://stackoverflow.com/questions/60174/how-to-prevent-sql-injection-in-php?rq=1) — Alejandro Colorado, Jun 25 '13 at 20:29

score 1 · Answer 1 · answered Jun 25 '13 at 20:28

1

One of your substituting variables has a double quote in it. Given the error message, it probably looks like:

foo "1" bar

You should escape such characters by doubling them, so it looks like:

foo ""1"" bar

answered Jun 25 '13 at 20:28

Bohemian

412,405
93
575
722

score 0 · Answer 2 · answered Jun 25 '13 at 20:31

0

It is possible that your value in comment contains a single quote, which would invalidate the SQL syntax...

answered Jun 25 '13 at 20:31

Sparky

14,967
2
31
45

SQL syntax error and undefine index error

2 Answers2