How do I insert a value to a foreign key field with my PHP code?

Question

My code is to insert values posted from a form into a table. CODE:

    1 $email1 = $_POST['txtemail'];
    2       $user1 = $_POST['txtuser'];
    3       $date1 = $_POST['txtdate'];
    4       $subject1 = $_POST['txtsubject'];
    5       $percent = $_POST['txtpercent'];
    6       $percent1 = (string) $percent;
    7       $query = "insert into personal_record values '','$email1','$user1','$date1','$subject1','$percent1'";
    8       $result = mysql_query($query,$link);

This is my code and it gives error:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''','jugal_patel2007@yahoo.co.in','Jugal','29 Mar 2011 13:28:42','jquery','40'' at line 1

Please help me asap...! Please do help.

Also, your code is vulnerable to [SQL injection](http://stackoverflow.com/questions/601300/what-is-sql-injection). — Pekka, Mar 29 '11 at 18:09

score 2 · Accepted Answer · answered Mar 29 '11 at 18:10

You need parenthesis arround the list of values :

insert into personal_record 
values ('','jugal_patel2007@yahoo.co.in','Jugal','29 Mar 2011 13:28:42','jquery','40')

And, as a sidenote, you really must escape your data using mysql_real_escape_string(), to prevent SQL Injections !

So, here, you'd probably end up with something that would look a bit like this :

$email1_safe = mysql_real_escape_string($_POST['txtemail']);
$user1_safe = mysql_real_escape_string($_POST['txtuser']);
$date1_safe = mysql_real_escape_string($_POST['txtdate']);
$subject1_safe = mysql_real_escape_string($_POST['txtsubject']);
$percent_safe = mysql_real_escape_string($_POST['txtpercent']);
$percent1_safe = mysql_real_escape_string((string) $percent);
$query = "insert into personal_record values ('','$email1_safe','$user1_safe','$date1_safe','$subject1_safe','$percent1_safe')";
$result = mysql_query($query,$link);

Additional notes :

Are you sure the percentage is a string in your database ? If not, no need to pass it as a string, just use an integer or a decimal/float
You should also specify the list of columns-names in the insert query, just to be sure

Thnks mate...! It is a varchar datatype...! Anyway thanks to remember me. — Jugal Patel, Mar 29 '11 at 18:27
Also I am not able to run two queries a time on a single page in php. You have any idea what it can be...? — Jugal Patel, Mar 29 '11 at 18:30
Hu... Odd *(it might be better to ask this as a distinct separate question, with the relevant portion of code, error messages, and all)* — Pascal MARTIN, Mar 29 '11 at 18:32

score 1 · Answer 2 · edited May 23 '17 at 11:55

1

change the query var:

$query = "insert into personal_record values 
           ('','$email1','$user1','$date1','$subject1','$percent1');";

as per @Pekka's suggestion:
You are missing brackets: It needs to be VALUES ( ..... )

edited May 23 '17 at 11:55

Community

1
1

answered Mar 29 '11 at 18:10

Naftali

144,921
39
244
303

score 0 · Answer 3 · answered Mar 29 '11 at 18:11

0

You can start with placing brackets around the values:

"insert into personal_record values ('','$email1','$user1','$date1','$subject1','$percent1')"

answered Mar 29 '11 at 18:11

dirkbonhomme

201
2
10

How do I insert a value to a foreign key field with my PHP code?

3 Answers3