MySQL syntax error with simple INSERT?

Question

With this php/mysql query:

mysql_query("INSERT INTO Follows (User, Following, Type) VALUES ('$_COOKIE[user]', '$genre', 'Genre'")

I am getting the syntax error

"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1"

I see nothing wrong with this syntax. Does anyone else?

It depends what the values of those variables are... you should really be escaping them — Ken Keenan, Oct 21 '11 at 21:31
Among other concerns, you're missing the ending `)` for `VALUES` — Wesley Murch, Oct 21 '11 at 21:31
Seriously?! It's 2011 and we're still using string interpolation for SQL queries? — Phil, Oct 21 '11 at 21:31
Yep, chances are the variables are causing your headache, one of them contains an apostrophe or slash or is empty altogether. — Mike Purcell, Oct 21 '11 at 21:33

score 6 · Answer 1 · edited May 23 '17 at 11:47

6

You have a missing parenthesis:

mysql_query("INSERT INTO ... VALUES (... , 'Genre'")

Should be:

mysql_query("INSERT INTO ... VALUES (... , 'Genre')")
                                                  ^

You also have an SQL injection vulnerability in your code. Use mysql_real_escape_string or parameterized queries. Related:

edited May 23 '17 at 11:47

Community

answered Oct 21 '11 at 21:31

Mark Byers

score 0 · Answer 2 · answered Oct 21 '11 at 21:33

0

You did not close your last bracket in the query.

mysql_query("INSERT INTO Follows (User, Following, Type) VALUES ('$_COOKIE[user]', '$genre', 'Genre')")

answered Oct 21 '11 at 21:33

Mob

score -1 · Answer 3 · answered Oct 21 '11 at 21:33

The error is that you're not closing your MySQL statement with the corresponding bracket.

Yours:

mysql_query("INSERT INTO Follows (User, Following, Type) VALUES ('$_COOKIE[user]', '$genre', 'Genre'");

Correct:

mysql_query("INSERT INTO Follows (User, Following, Type) VALUES ('$_COOKIE[user]', '$genre', 'Genre')");

3 Answers3