-1

I try mysql_query() but I get an error saying "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near.... the problem is Query String 

 $val=$_POST["valori"];
 $t=explode(",",$val);
 $id="";
 $nomi="";
 $i=0;

   $turno=$_POST["turno"];
  $div=$_POST["prova"];


   $username = "root";
    $password = "";
   $hostname = "localhost"; 
    $dbname = "culp";

  $dbhandle=mysql_connect($hostname, $username, $password);
   mysql_select_db($dbname) or die("Unable to select database");

  while(count($t)!=$i)
{

             $id=$id.$t[$i+1].",";
             $nomi=$nomi.$t[$i].",";
             $i=$i+2;

}


 $query1="INSERT INTO foglio (turno,paper,".$id."data)VALUES('$turno','$div','".$nomi."'CURDATE());";
    echo $query1;

    mysql_query($query1)or trigger_error(mysql_error()." in ".$query1);
Artmar
  • 1
  • 2
  • 1
    $dbname = "culp";` change it to $dbname = "culp"; – jewelhuq Nov 28 '15 at 19:25
  • 1
    This `VALUES \`('$tur` is invalid. Is this your actual code? Color highlighting alone indicates there are PHP syntax issues here. Also your column name is an integer? – chris85 Nov 28 '15 at 19:25
  • Pay attention to this part: `'".$nomi.'"`. Seems like you inverted single and double quotes. You should clean a bit your code, by the way, too messy. – ulentini Nov 28 '15 at 19:28
  • 2
    Your code is open to SQL-injection http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1 – luk2302 Nov 29 '15 at 10:23
  • Probably the most important part is the bit that comes right after 'near' – Strawberry Nov 29 '15 at 10:29
  • All [`mysql_`](http://php.net/manual/en/function.mysql-query.php) functions are deprecated and are removed in the soon to be released PHP 7. Switch to [`mysqli`](http://php.net/manual/en/class.mysqli.php) or, better yet [`PDO`](http://php.net/manual/en/class.pdo.php). And start using prepared statements. – Arjan Nov 29 '15 at 10:54

1 Answers1

1

I assume you are inserting four values in your query. So you should write:

$query1="INSERT INTO foglio (turno,paper,$id,data)VALUES('$turno','$div','$nomi',CURDATE());";

You are wrapping the query in double quotes so you don't need the single ones. You were missing a comma between the third and the fourth item in the query

Also I assume you are just doing this for a personal project because you are using a deprecated api (mysql_*) that will be removed in the next php release (so your code will not work anymore). Also your code is open to sql injections and you should move to prepared statements

Lelio Faieta
  • 6,457
  • 7
  • 40
  • 74