I am going crazy [syntax error] [closed]

Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.

---

This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.

Closed 8 years ago.

Improve this question

I can't believe I am having this problem. I've been looking and looking but I can't see what is wrong. I hate this error message.

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' poster_ip, message, posted, thread_id INTO posts ' at line 1



mysql_query("INSERT poster, poster_ip, message, posted, thread_id
  开发者_运维问答              INTO posts
                VALUES (
    {$post_info['poster']}, 
    '".mysql_real_escape_string($_SERVER['REMOTE_ADDR'])."', 
    '".mysql_real_escape_string($post_info['message'])."', 
    {$post_info['posted']}, 
    {$post_info['thread_id']}") or die (mysql_error());

---

Your SQL syntax is wrong.

You should be using something similar to:

INSERT INTO posts (poster, poster_ip, message, posted, thread_id) VALUES (...)

---

Maybe you should look at the doc ;) Insert Syntax

If you're going to put the column names you should put it after the table name.

Example: INSERT INTO table (col1, col2) VALUES (val1, val2)

---

Looks like a good opportunity to practice some debugging techniques. Try building the string you are passing to the function and assigning it to a variable, then echoing that variable to see what it is you are actually passing to the function. You can learn a lot that way about why you are getting errors. Also, it would help to know the data types of the columns you are inserting values into.

---

I have written this code to show you why arrays are useful for query generation and less likely to make a syntax error if you need to add more fields in future.

$fields = array('poster, poster_ip, message, posted, thread_id'); // Our fields
$table = 'posts'; // Our table name
$values = array(
    $post_info['poster'], 
    $_SERVER['REMOTE_ADDR'], 
    $post_info['message'], 
    $post_info['posted'], 
    $post_info['thread_id']
);
$values = array_map('mysql_real_escape_string', $values); // Secure all inputs
// Generate query
$query = "INSERT INTO $table (" . implode(',', $fields) . ") VALUES ('" . implode("','", $values . "')";
// Run query
$result = mysql_query($query) or die('query error: ' . mysql_error());