query is not executing

Question

Can someone help me to fix this query? I dont know what error i have made. Please help me out..

insert into docs values('"$_POST['inputString']"','"$_POST['inputStringa']"','"$_POST['inputStringa1']"','"$_POST['inputStringa2']"','"$_POST['inputStringa3']"','"$_POST['inputStringa4']"')" ;

Answer 1

Your quotes are not right. Single quotes and double quotes are getting mixed up. Do it like this:

mysql_query("insert into docs
values('{$_POST['inputString']}','{$_POST['inputStringa']}',
'{$_POST['inputStringa1']}','{$_POST['inputStringa2']}',
'{$_POST['inputStringa3']}','{$_POST['inputStringa4']}')") ;

Also, remember to pass through all the POST variables through mysql_real_escape_string like this:

$_POST['inputString'] = mysql_real_escape_string($_POST['inputString']);

Do this BEFORE running the query.

Answer 2

Read the PHP manual entry on strings and learn the basic syntax, you'll discover why this code doesn't work:

http://php.net/manual/en/language.types.string.php

Answer 3

you are missing "." in the query

$sql = "INSERT INTO docs VALUES('".$_POST['inputString']."','".$_POST['inputStringa']."','".$_POST['inputStringa1']."','".$_POST['inputStringa2']."','".$_POST['inputStringa3']."','".$_POST['inputStringa4']."')";

or use

for remove vulnerablities

mysql_query("insert into docs values ( ' { $_POST['inputString'] }' ,'{$_POST['inputStringa']}',' {$_POST['inputStringa1']}','{$_POST['inputStringa2']}',
'{$_POST['inputStringa3']}','{$_POST['inputStringa4']}')") ;

Answer 4

you use both single quote and double quotes, you cant do that. You need to concatenate the post values like so:

$sql = "INSERT INTO docs VALUES('".$_POST['inputString']."','".$_POST['inputStringa']."','".$_POST['inputStringa1']."','".$_POST['inputStringa2']."','".$_POST['inputStringa3']."','".$_POST['inputStringa4']."')";

mysql_query($sql);