#1064 - You have an error in your SQL syntax;near '@gmail.com, ewefasd asdsd)'

Question

i am trying to insert data to mysql table using php i tried so many times but i can't figure out what's problem here. i tried to display query using echo. it's displaying this.

INSERT INTO `inquiry` (id,name,contact,email,query) values ('',vijay,15461485,asasf@gmail.com, ewefasd asdsd)

and my php query is this.

<?php
include('config.php');
if (isset($_POST['submit'])) {
$name=$_POST['userName'];
$mail=$_POST['userMail'];
$phone=$_POST['userPhone'];
$msg=$_POST['userMsg'];
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
test_input($name);
test_input($mail);
$query="INSERT INTO `inquiry` (id,name,contact,email,query) values ('',$name,$phone,$mail,$msg)";
$qur=mysql_query($query);
    if ($qur) {
        header('location:'. $_SERVER['HTTP_REFERER']);
    }
    else {
        echo $query;
    }
}
?>

when i try that display query to mysql it's displaying like this.

#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@gmail.com, ewefasd asdsd)' at line 1

what's problem here,i don't know,please help me.

Simply wrap these variables `$name,$phone,$mail,$msg` within quotes — Narendrasingh Sisodia, Sep 21 '15 at 11:53

score 2 · Accepted Answer · answered Sep 21 '15 at 11:53

2

You have to put quotes to string values :

$query="INSERT INTO `inquiry` (id,name,contact,email,query) values ('','$name',$phone,'$mail','$msg')";

answered Sep 21 '15 at 11:53

Fky

2,133
1
15
23

in his example phone is a number , not a string , and we've not information about structure of his database – Fky Sep 21 '15 at 11:59

score 2 · Answer 2 · answered Sep 21 '15 at 11:54

Change this:

$query="INSERT INTO `inquiry` (id,name,contact,email,query) values ('',$name,$phone,$mail,$msg)";
$qur=mysql_query($query);

to this:

$query="INSERT INTO `inquiry` (id,name,contact,email,query) values ('','$name','$phone','$mail','$msg')";
$qur=mysql_query($query);

Notice: Don't forget that your code is prone to SQL Injection/XSS, Use mysql_real_escape_string();. Stop using the deprecated mysql functions and shift to mysqli or even better PDO.

score 1 · Answer 3 · answered Sep 21 '15 at 11:54

You need to quotes abound your varcare field

$query="INSERT INTO `inquiry` (`id,`name`,`contact`,`email`,`query`) values ('','".$name."','".$phone."','".$mail."','".$msg."')";

Stop using myslq it is deprecated instead use mysqli OR pDO

Before inserting data into data base use

mysql_real_escape_string(); to prevent sql ijection

#1064 - You have an error in your SQL syntax;near '@gmail.com, ewefasd asdsd)'

3 Answers3