Using PHP to send SQL Query, keeps failing?

Question

This is my PHP code:

    $sql = "INSERT INTO `reviews`(`Departed`, `Returned`, `Name`, `Review`) VALUES ($departed,$returned,$name,$message)";
    $sql_result = mysql_query ($sql, $connection ) or die ('request "Could not execute SQL query" '.$sql);

    $review[] = mysql_fetch_assoc($sql_result);

The query fails to execute, but the string looks okay:

request "Could not execute SQL query" INSERT INTO `reviews`(`Departed`, `Returned`, `Name`, `Review`) VALUES (2015-08-01,2015-08-06,test,test)

score 2 · Accepted Answer · answered Aug 06 '15 at 21:40

2

You need to put quotes around the input strings

... VALUES ('2015-08-01', '2015-08-06', 'test', 'test')

or way better use Prepared Statements that do that and more for you.

answered Aug 06 '15 at 21:40

juergen d

201,996
37
293
362

beat me to it. UPVOTED – tony gil Aug 06 '15 at 21:51
Normally you'd use that term if someone is a few seconds faster, not 15 minutes ;) – juergen d Aug 06 '15 at 22:20
what a linear concept. fyi: i opened the window (new tab) while approving / rejecting questions. you had NOT yet answered. i went back to verifying questions and returned. tahnks for telling me it took me at least 15 minutes. i really dont lose time keeping time that way. try relative time, its pretty natural, actually. ;) – tony gil Aug 07 '15 at 00:30

score 0 · Answer 2 · answered Aug 06 '15 at 21:57

0

VARCHAR and DATE must be enclosed in quotes. Only numbers may be stripped of quotes.

$sql = "INSERT INTO `reviews`(`Departed`, `Returned`, `Name`, `Review`) VALUES ('$departed','$returned','$name','$message')";

answered Aug 06 '15 at 21:57

tony gil

9,424
6
76
100

Using PHP to send SQL Query, keeps failing?

2 Answers2