Where IS the error? (MYSQL)

Question

I'm a little at a loss here. I'm trying to get this form to submit to a MYSQL server (hosted on my machine), but it keeps throwing this error:

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

Would anyone be willing to take a look and see if you can spot the error?

here is my SQL code:

<?php

//Establish value variables
$firstName=$_POST['firstName']; 
$lastName=$_POST['lastName']; 
$email=$_POST['email']; 
$phone=$_POST['phone']; 
$address=$_POST['address']; 
$zipcode=$_POST['zipcode']; 
$state=$_POST['state']; 
$city=$_POST['city']; 
$petname=$_POST['petname']; 
$petType=""; 
$neut="";
 if(isset($_POST['neut'])){ $neut = $_POST['neut']; }
 if (isset($_POST['petType'])){$petType = $_POST['petType']; }

//establish connection
$con = mysql_connect("localhost","root","pwdpwd");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("pet_shop", $con);

//initializing the $error variable + array holding errors
$error = array ();
if (empty($firstName)) { $error[]='You forgot to enter your first name!'; }
if (empty($lastName)) { $error[]='You forgot to enter your last name!'; }
if (empty($email)) { $error[]='You forgot to enter your email!'; }
if (empty($phone)) { $error[]='You forgot to enter your phone number!'; }
if (empty($address)) { $error[]='You forgot to enter your address!'; }
if (empty($city)) { $error[]='You forgot to enter your city!'; }
if (empty($state)) { $error[]='You forgot to enter your state!'; }
if (empty($petname)) { $error[]='You forgot to enter your pet name!'; }


if(!empty($error))
{
die(implode('<br />', $error)); //stops script and prints errors    
}

if(!$error) {

//Insert information into columns
$sql="INSERT INTO grooming (firstName, lastName, email, phonenumber, address, zip, state, city, petname, PetType, NeuteredOrSpayed)";
}

//enter into if everything is okay
if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error($con));
  }
  else 
    {
echo "<span>Appointment added!</span>"; 
}


//close connection
mysql_close($con);

?>
</body>
<br />
<a href="grooming.php"><button class="backButtn" id="backButtn">Back</button></a>
</html>

Notes: 'petType' refers to a set of radio buttons and 'neut' is a checkbox.

Your statement lacks the values clause as the 2 replies below already figured out. — alvits, Apr 26 '14 at 00:08

score 4 · Accepted Answer · edited May 23 '17 at 12:20

4

The basic INSERT syntax is:

INSERT INTO table_name (col_name, ...)
VALUES (...)

Your query must look something like this:

$sql = "INSERT INTO grooming (firstName, lastName, email, phonenumber, address, zip, state, city, petname, PetType, NeuteredOrSpayed) VALUES ('$firstname', '$lastname', '$email', '$phone', '$address', '$zipcode', '$state', '$city', '$petname', '$pettype', '$neut')";

If you're providing values for every column in the table, you can ignore the column list:

$sql = "INSERT INTO grooming VALUES ('$firstname', '$lastname', '$email', '$phone', '$address', '$zipcode', '$state', '$city', '$petname', '$pettype', '$neut')";

P.S.: Not related to the question, but mysql_* functions are deprecated, and your queries are vulnerable to SQL Injection.

edited May 23 '17 at 12:20

Community

1
1

answered Apr 26 '14 at 00:06

John Bupit

10,406
8
39
75

I am not fairly sure if the column names can be omitted. But if column names can be omitted I think the default is for all columns. Maybe that's what the OP was trying to do? So the syntax would've been `insert into tablename values (... ....)`? – alvits Apr 26 '14 at 00:10
Yes, you are correct. The column names can be ignored, if values for every column name is provided by the values list. – John Bupit Apr 26 '14 at 00:14
+1 Then you might as well add it in your answer. It will help others as well and hopefully help the OP. – alvits Apr 26 '14 at 00:15
I've added in the VALUES and I got a new (but familiar!) error: " Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '123 hello st', '12345', 'NY', 'NYC', 'eddie', 'dog', 'on')' at line 3 " I do not have any regex implemented yet and nothing about the above code has changed aside from the VALUES syntax being added, which look like this: `VALUES ('$firstName', '$lastName', '$email', '$phone, '$address', '$zipcode', '$state', '$city', '$petname', '$petType', '$neut')";` – user2014 Apr 26 '14 at 00:24
You're missing a `'` after `$phone`. – John Bupit Apr 26 '14 at 00:53
@JohnBupit that was the error! Thank you for the help! – user2014 Apr 26 '14 at 14:49

score 2 · Answer 2 · answered Apr 26 '14 at 00:06

2

you forgot to set the values

$sql="INSERT INTO <tableName> (columnNames) VALUES (valuesHere)

answered Apr 26 '14 at 00:06

ptheofan

2,150
3
23
36

Where IS the error? (MYSQL)

2 Answers2