You have an error in your SQL syntax "line 1"

Question

This has been asked a lot here, but I can't seem to find the problem....

I wanted to submit my FormMail.php to a MySQL database using php.

Getting the error:

Error=Insert failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''FullName', 'EmailAddr', 'contact', 'colors', 'vehicles', 'mesg', 'email', 'rnam' at line 1

<?php
$con = mysql_connect("localhost","root","db79ax4");
if (!$con)
{
Error('database','Could not connect: ' . mysql_error()); /* this also exits the script */
}
$FullName = mysql_real_escape_string($aCleanedValues['FullName'],$con);
$EmailAddr = mysql_real_escape_string($aCleanedValues['EmailAddr'],$con);
$contact = mysql_real_escape_string($SPECIAL_VALUES['contact'],$con);
$colors = mysql_real_escape_string($SPECIAL_VALUES['colors'],$con);
$vehicles = mysql_real_escape_string($SPECIAL_VALUES['vehicles'],$con);
$mesg = mysql_real_escape_string($SPECIAL_VALUES['mesg'],$con);
$email = mysql_real_escape_string($SPECIAL_VALUES['email'],$con);
$rname = mysql_real_escape_string($SPECIAL_VALUES['rname'],$con);
mysql_select_db("resourcentr", $con);
$sql="INSERT INTO johnwork ('FullName', 'EmailAddr', 'contact', 'colors', 'vehicles', 'mesg', 'email', 'rname')
VALUES
('$FullName','$EmailAddr','$contact','$colors','$vehicles','$mesg','$email','$rname')";
if (!mysql_query($sql,$con))
{
Error('database','Insert failed: ' . mysql_error()); /* this also exits the script */
}
mysql_close($con);

Any ideas? Is there something wrong with the above code? Thanks!

Use backticks (`) for column names, quotes (') for string literals — Mark Baker, May 05 '14 at 23:09
Backticks sure, but those are mostly used for reserved words. — Funk Forty Niner, May 05 '14 at 23:12
[Why shouldn't I use mysql_* functions in PHP?](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) — Phil, May 05 '14 at 23:14
Can't believe that I didn't manage to find any duplicate at all... — jeroen, May 05 '14 at 23:14
@jeroen They've got to be out there. I feel like I've read this same question many times over. [This one](http://stackoverflow.com/questions/23464437/mysql-table-error-1064) is similar — Phil, May 05 '14 at 23:15
This mistake has been done time and time again. Even if a dupe wasn't found, one can't fool the "human" memory ;-) @jeroen — Funk Forty Niner, May 05 '14 at 23:17
Add error reporting to the top of your file(s) `error_reporting(E_ALL); ini_set('display_errors', 1);` — Funk Forty Niner, May 05 '14 at 23:20
@Fred-ii- I was lazy, just checking the right-hand bar instead of doing a simple search :-) — jeroen, May 05 '14 at 23:22
@jeroen After a long time of coding (*am sure*), it's a good reason ;-) I'd be lazy too. Edit: I actually had that link as a favorite. — Funk Forty Niner, May 05 '14 at 23:24
*Hm....* That `Error(...)`, is a function, right? So much of the *unknown.* — Funk Forty Niner, May 05 '14 at 23:27

M.Ali · Answer 1 · 2014-05-05T23:23:30.150

2

You dont need single quotes ' around your column names in INSERT INTO statement.

$sql="INSERT INTO `johnwork` (`FullName`, `EmailAddr`, `contact`, `colors`, `vehicles`, `mesg`, `email`, `rname`)
VALUES
('$FullName','$EmailAddr','$contact','$colors','$vehicles','$mesg','$email','$rname')";

edited May 05 '14 at 23:23

answered May 05 '14 at 23:10

M.Ali

67,945
13
101
127

It's good practice to always backtick your field (column) names, so that you don't use an SQL reserved word by accident. Ditto for table names. Single quotes as the OP used, are, in fact, an error. – Phil Perry May 05 '14 at 23:13
better practice to know what the reserved words are; erroneous backticks cause more problems than they solve – May 05 '14 at 23:20
Agreed :) ................ – M.Ali May 05 '14 at 23:22

Pedro Lobito · Answer 2 · 2014-05-05T23:22:37.607

Change this:

$sql="INSERT INTO johnwork ('FullName', 'EmailAddr', 'contact', 'colors', 'vehicles', 'mesg', 'email', 'rname')
VALUES
('$FullName','$EmailAddr','$contact','$colors','$vehicles','$mesg','$email','$rname')";

To this:

$sql="INSERT INTO johnwork (FullName, EmailAddr, contact, colors, vehicles, mesg, email, rname)
VALUES
('$FullName','$EmailAddr','$contact','$colors','$vehicles','$mesg','$email','$rname')";

So your code look like this:

<?php
$con = mysql_connect("localhost","root","db79ax4");
if (!$con)
{
Error('database','Could not connect: ' . mysql_error()); /* this also exits the script */
}
$FullName = mysql_real_escape_string($aCleanedValues['FullName'],$con);
$EmailAddr = mysql_real_escape_string($aCleanedValues['EmailAddr'],$con);
$contact = mysql_real_escape_string($SPECIAL_VALUES['contact'],$con);
$colors = mysql_real_escape_string($SPECIAL_VALUES['colors'],$con);
$vehicles = mysql_real_escape_string($SPECIAL_VALUES['vehicles'],$con);
$mesg = mysql_real_escape_string($SPECIAL_VALUES['mesg'],$con);
$email = mysql_real_escape_string($SPECIAL_VALUES['email'],$con);
$rname = mysql_real_escape_string($SPECIAL_VALUES['rname'],$con);
mysql_select_db("resourcentr", $con);
$sql="INSERT INTO johnwork (FullName, EmailAddr, contact, colors, vehicles, mesg, email, rname)
VALUES
('$FullName','$EmailAddr','$contact','$colors','$vehicles','$mesg','$email','$rname')";
if (!mysql_query($sql,$con))
{
Error('database','Insert failed: ' . mysql_error()); /* this also exits the script */
}
mysql_close($con);

You have it backwards. Ticks around column names, quotes around values. — Funk Forty Niner, May 05 '14 at 23:16
Hate to tell you I told you so, but I did. Btw, I wasn't the one who downvoted. I always give the benefit of the doubt. — Funk Forty Niner, May 05 '14 at 23:21

You have an error in your SQL syntax "line 1"

2 Answers2