-1

Could someone please tell me what is wrong with this bunch of very simple SQL code below? I'm trying to use PHP and mysql.

     // Create table
     $tname=$_POST["appname"];

     $creatt="CREATE TABLE $tname
      (
       AppVersion VARCHAR(30),
       AppType VARCHAR(30),
       FileName VARCHAR(255),
       AppSize FLOAT,
       sizetype VARCHAR(30),
       apppart FLOAT,
       appLRadress VARCHAR(255),
       appSRadress VARCHAR(255),
       appRadress VARCHAR(255),
       apptahye DATE(),
       appupload DATE(),
       appfenally DATE(),
       status CHAR(30),
       applearn CHAR(30),
       applearnadd VARCHAR(255),
       applearnudate DATE(),
       learntype VARCHAR(30),
       appcrack CHAR(30),
       appcrackadd VARCHAR(255),
       appcrackdate DATE(),
       cracktype CHAR(30)
      )";


   // Execute query
     if (mysqli_query($con,$creatt))
       {
      echo "Table $tname created successfully";
        }
      else
        {
         echo "Error creating table: " . mysqli_error($con);
        }

This error occurs:

Error creating table: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'photoshop ( AppVersion VARCHAR(30), AppType VARCHAR(30), FileName VARCHAR' at line 1

But when I use less columns like this:

  $tname=$_POST["appname"]; 
  $creatt="CREATE TABLE `$tname`(FirstName CHAR(30),LastName CHAR(30),Age INT)";

it works!!!!

What is wrong with my columns?

Brian Tompsett - 汤莱恩
  • 5,753
  • 72
  • 57
  • 129
user2489667
  • 1
  • 1
  • 4

3 Answers3

0

check the sql Fiddle Link

http://sqlfiddle.com/#!2/0060c

 $tname=addslashes($_POST["appname"]);

 $creatt="CREATE TABLE `$tname`
      (
       AppVersion VARCHAR(30),
       AppType VARCHAR(30),
       FileName VARCHAR(255),
       AppSize FLOAT,
       sizetype VARCHAR(30),
       apppart FLOAT,
       appLRadress VARCHAR(255),
       appSRadress VARCHAR(255),
       appRadress VARCHAR(255),
       apptahye DATE,
       appupload DATE,
       appfenally DATE,
       status CHAR(30),
       applearn CHAR(30),
       applearnadd VARCHAR(255),
       applearnudate DATE,
       learntype VARCHAR(30),
       appcrack CHAR(30),
       appcrackadd VARCHAR(255),
       appcrackdate DATE,
       cracktype CHAR(30)
      );
Goutam Pal
  • 1,763
  • 1
  • 10
  • 14
  • hey, I just did what u said but I got this one : ( ! ) Parse error: syntax error, unexpected 'TABLE' (T_STRING) in C:\wamp\www\testdbx6\insert.php on line 14 – user2489667 Jul 23 '13 at 08:57
  • actually it supposed to get the name of table from the html form ,so I have to put this ($tname=$_POST["appname"]; $creatt=CREATE TABLE $tname ) – user2489667 Jul 23 '13 at 08:59
  • $tname=$_POST["appname"]; should be $tname=addslashes($_POST["appname"]); – Goutam Pal Jul 23 '13 at 09:02
  • I appreciate your valuable consideration but still it's not working , shouldn't I put primary key or whatever else??? – user2489667 Jul 23 '13 at 09:10
  • see it works like this : $tname=$_POST["appname"]; $creatt="CREATE TABLE `$tname`(FirstName CHAR(30),LastName CHAR(30),Age INT)"; but once I add more column it doesn't work!!!!is there any missing rule about creating table here?????????? – user2489667 Jul 23 '13 at 13:24
0

Obviously instead of $tname you get "'photoshop" in your SQL string. So you should check and sanitize user input.

CREATE TABLE 'photoshop
      (
       AppVersion VARCHAR(30),
        ....
       cracktype CHAR(30)
      );
Community
  • 1
  • 1
valex
  • 23,966
  • 7
  • 43
  • 60
  • that photoshop thing is the name of table from my html form... actually I want it to be this way I mean I want to get the table's name from my html form. did I do something wrong? – user2489667 Jul 23 '13 at 09:13
  • @user2489667 You get this error because of `'` symbol before photoshop in the final SQL string. – valex Jul 23 '13 at 10:06
  • see it works like this : $tname=$_POST["appname"]; $creatt="CREATE TABLE `$tname`(FirstName CHAR(30),LastName CHAR(30),Age INT)"; but once I add more column it doesn't work!!!!is there any missing rule about creating table here?????????? – user2489667 Jul 23 '13 at 13:25
0

sorry to waste your time!!! the problem was some Parenthesis, to create a date column there shouldn't be () in front of DATE ! I just removed those and problem solved!! sorry to bother you that was my bad.

user2489667
  • 1
  • 1
  • 4