1

I installed a system with Xampp 5.6. Apache 5.6 and PhpMyAdmin 4.7.7. and I have this problem when insert on system.

You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ')' at line 1

My code for insert is: 

<pre> 

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "agrega_inventario")) {
    $insertSQL = sprintf("INSERT INTO inventario_computo 
                        (fecha_alta, observaciones, valor, iva, total, 
                        comodato, num_factura, id_personal, 
                        id_computo_categoria, id_inventario_lugar, 
                        id_inventario_proveedor, id_municipio, nombre, 
                        descripcion, num_serie, num_modelo, marca, 
                        status, num_baja, num_inventario,
                        resguardo, rubro) 
                VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, 
                        %s, %s, %s, %s, %s, %s, 0,%s,0,%s)",
        GetSQLValueString($_POST['fecha_alta'], "date"),
        GetSQLValueString($_POST['observaciones'], "text"),
        GetSQLValueString($_POST['valor'], "double"),
        GetSQLValueString($_POST['iva'], "double"),
        GetSQLValueString($_POST['total'], "double"),
        GetSQLValueString($_POST['comodato'], "int"),
        GetSQLValueString($_POST['num_factura'], "text" /* "int" BOMS (05/Oct/2015) Se cambio el Tipo de dato */),
        GetSQLValueString($_POST['id_personal'], "int"),
        GetSQLValueString($_POST['id_inventario_categoria'], "int"),
        GetSQLValueString($lugar_post, "int"),
        GetSQLValueString($proveedor_post, "int"),
        GetSQLValueString($_POST['id_municipio'], "int"),
        GetSQLValueString($_POST['nombre_bien'], "text"),
        GetSQLValueString($_POST['descripcion'], "text"),
        GetSQLValueString($_POST['num_serie'], "text"),
        GetSQLValueString($_POST['num_modelo'], "text"),
        GetSQLValueString($_POST['marca'], "text"),
        GetSQLValueString($_POST['id_inventario_status'], "int"),
        GetSQLValueString($_POST['num_inventario'], "text"),
        GetSQLValueString($_POST['rubro'], "int"));

I can't fix it.

RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
Julián Daniel Díaz González
  • 11
  • 1
  • 2
    Your script is wide open to [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) in either the `MYSQLI_` or `PDO` API's – RiggsFolly Apr 27 '18 at 22:08
  • Are you using the `GetSQLValueString()` function from DreamWeaver? – Barmar Apr 27 '18 at 22:51
  • I'm not using DreamWaver. – Julián Daniel Díaz González Apr 28 '18 at 17:25

0 Answers0