MySQL Syntax error? Strange error

Question

I need some help finding an error in my code. I'm trying to create a database with Xammp. It's giving me this error:

You have an error in you SQL syntax; check the manual that corresponds to you MySQL server version for the right syntax to use near ",'787') at line 1 (787 is what I entered in the ResearchCost section)

Here is my code:

    <?php/*mysql_connect(servername,username,password); */
    mysql_connect("localhost","root","admin") or die(mysql_error());  
    mysql_select_db("EndlessSpace") or die(mysql_error());  
    $NodeName = $_POST["NodeName"];   
    $Quadrant = $_POST["Quadrant"];  
    $ResearchOpts = $_POST["ResearchOpts"];   
    $Effects = $_POST["Effects"];   
    $CostOnUpgrade = $_POST["CostOnUpgrade"];  
    $Influence = $_POST["Influence"];   
    $ResearchCost = $_POST["ResearchCost"];   
    $query=mysql_query("INSERT INTO General (NodeName,Quadrant,ResearchOpts,Effects,CostOnUpgrade,Influence,ResearchCost) VALUES ('$NodeName','$Quadrant','$ResearchOpts','$Effects','$CostOnUpgrade',$Influence','$ResearchCost')") or die(mysql_error());  ?>

Possible duplicate of: http://stackoverflow.com/questions/16607439/mysql-server-version-for-the-right-syntax-to-use-near-id — Balaji Kandasamy, Aug 31 '13 at 04:30
remove single quote from research cost. I think its datatype is numeric one. not string. and $Influence has one single quote only. add single quote before $Influence' — Balaji Kandasamy, Aug 31 '13 at 04:31
**Warning:** `mysql_` function is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the [MySQLi](http://www.php.net/manual/en/book.mysqli.php) or [PDO_MySQL](http://www.php.net/manual/en/ref.pdo-mysql.php) extension should be used. — bansi, Aug 31 '13 at 04:33
you should not have run into this problem with prepared statements. — bansi, Aug 31 '13 at 04:34

score 1 · Answer 1 · edited Sep 11 '13 at 17:48

1

You have missed the single quote in $Influence. So change your query like this

$query=mysql_query("INSERT INTO General (NodeName,Quadrant,ResearchOpts,
Effects,CostOnUpgrade,Influence,ResearchCost) 
VALUES ('$NodeName','$Quadrant','$ResearchOpts','$Effects','$CostOnUpgrade',
'$Influence','$ResearchCost')") or die(mysql_error());  ?>

edited Sep 11 '13 at 17:48

Amal Murali

75,622
18
128
150

answered Aug 31 '13 at 04:27

웃웃웃웃웃

11,829
15
59
91

The comma is there...but he missed the single quote :) – Fabien TheSolution Aug 31 '13 at 04:35
Haha thanks for your help! I feel like such an idiot for over-looking that! Kept me stumped for ages! – Angus Trusler Aug 31 '13 at 04:57
Deepu, I've edited your answer to make it more readable. Feel free to change it if you want. – Amal Murali Sep 11 '13 at 17:48

score 1 · Answer 2 · edited May 23 '17 at 12:29

You're missing a single quote in your query.

VALUES ('$NodeName',
        '$Quadrant',
        '$ResearchOpts',
        '$Effects',
        '$CostOnUpgrade',
--->     $Influence',
        '$ResearchCost')

Also, please don't blindly insert variables into your query. Your code is vulnerable to SQL injection, and you should look into escaping user input. Better yet, stop using the deprecated mysql_* functions and move to MySQLi or PDO.

MySQL Syntax error? Strange error

2 Answers2