1

I am trying to figure out what is wrong with my insert statement. I know SQL pretty well but not much about PHP. My insert statement is below. I always get Database error or invalid. My database is setup correctly since it works on other pages. I think it is something simple such quote marks etc. 

$sSQL = INSERT INTO "budget_bdg" ("bgd_grp_ID", "bdg_year", "bdg_alloc" )Select "grp_ID", " . $iFYID ." , "0" from "group_grp";
Qirel
  • 25,449
  • 7
  • 45
  • 62
Withnoe
  • 115
  • 1
  • 9
  • 3
    Pretty much everything. – Phiter Nov 01 '16 at 14:53
  • 2
    Look up **prepared statements**, which guard your code against SQL injection. A good place to get started is the [PHP.net manual](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). That will also show you how to write MySQL together with PHP. – Timothy R Nov 01 '16 at 14:59

2 Answers2

1

If you're referencing a table name or column name, use the backtick instead ` (or do not use it at all, if your column/table name contains no spaces).

$sSQL = "INSERT INTO `budget_bdg`
        (`bgd_grp_ID`, `bdg_year`, `bdg_alloc` )
        values (select `grp_ID`,
                       '$iFYID'
                        0 from `group_grp`";

Keep in mind that this code is unsafe depending on the value of $iFYID.

Phiter
  • 14,570
  • 14
  • 50
  • 84
0

I figure it out. 

$sSQL = "INSERT INTO budget_bdg (bdg_grp_ID, bdg_year, bdg_alloc) Select grp_ID,   $iFYID , '0' from group_grp";
Andy
  • 49,085
  • 60
  • 166
  • 233
Withnoe
  • 115
  • 1
  • 9