SQL INSERT INTO random commas appearing

Asked Dec 20 '16 at 14:30

Active Dec 20 '16 at 14:30

Viewed 21 times

One a game I am making I have a saving bug. I have an alert with the PHP message. It gives me an SQL error. The problem is obvious. That last comma before the parentheses shouldn't be there. The question is why is it there? In my code, it isn't.

This is the alert message.

The statement is like this.

> $query2 = "INSERT INTO users VALUES ('$village', $power, $influence, $gold, NULL, $ore, $wood, $food, $honor, $keep, $mine, $sawmill, $farm, $barracks, $tavern, $stables, $temple, $militia, $warriors, $spearmen, $clubmen, $swordsmen, $archers, $vanguards, $legion, $crossbowmen, $knights, $mercs, $mercelites, $bandit1, $bandit2, $bandit3, '$faction', $dwellings, $dwellingscost);";

One of my theories was that the dwellingscost variable had a comma at the end. It is posted from an AJAX request. If you need some of that code to decipher just ask.

asked Dec 20 '16 at 14:30

I. Smith

3

Simple ... because of this `$dwellingscost` variable? – Rahul Dec 20 '16 at 14:32
Why do you have `'$village'` in single quotes, but most other things without quotes? @Rahul Agree completely. – Tim Biegeleisen Dec 20 '16 at 14:32
remove singe quotes arround first $village and make all other variable in the values with quotes – Rafael Shkembi Dec 20 '16 at 14:32
2

this is why you should not use string concatenation in queries but use prepared statements instead. Commas in variables doesn't have an effect then. – e4c5 Dec 20 '16 at 14:33
1

@e4c5: `$dwellingscost` doesn't contain a comma, it's evaluating as the empty string `''`. – eggyal Dec 20 '16 at 14:34
the variables with quotes are strings and the ones without are integers, that is how you are supposed to annotate the two datatypes, right? – I. Smith Dec 20 '16 at 14:41
No. you have to annotate them through a prepared statement – Your Common Sense Dec 20 '16 at 15:03

SQL INSERT INTO random commas appearing

0 Answers0