INSERT Query Syntax Error in PHP and MySQL

Question

I am not able to insert id and name in myTable MySQL table by using following PHP syntax. id is integer field and name is varchar field.

$query="INSERT INTO myTable (id, name) VALUES (".$_SESSION["id"].", ".$_SESSION["name"].");";

Is there something wrong with above syntax? As per me its right because if insert hardcoded values, those are inserted fine.

UltraInstinct · Accepted Answer · 2013-11-16 07:20:29Z

3

Yes, you need to use single quotes for name

$query="INSERT INTO myTable (id, name) VALUES (" . $_SESSION["id"] . ", '" . $_SESSION["name"]."');";

Also, please try not to contstruct the queries by hand using string concatenation/substitution. It can be dangerous if your $_SESSION (somehow) contains content that can manipulate queries completely.

Read about SQL Injection, and what PHP offers.

edited Nov 16, 2013 at 7:20

answered Nov 16, 2013 at 7:15

UltraInstinct

44.6k12 gold badges85 silver badges108 bronze badges

Sign up to request clarification or add additional context in comments.

Comments

Hanky Panky · Accepted Answer · 2013-11-16 07:30:16Z

2

Put the string value inside quotes:

$query="INSERT INTO myTable (id, name) VALUES (".$_SESSION["id"].", '".$_SESSION["name"]."');";

edited Nov 16, 2013 at 7:30

answered Nov 16, 2013 at 7:15

Hanky Panky

46.9k9 gold badges76 silver badges95 bronze badges

Comments

Hanky Panky · Accepted Answer · 2013-11-16 12:34:31Z

2

String should be enclosed in quotes

 $query="INSERT INTO myTable (id, name) VALUES (".$_SESSION["id"].", '".$_SESSION["name"]."');";

edited Nov 16, 2013 at 12:34

Hanky Panky

46.9k9 gold badges76 silver badges95 bronze badges

answered Nov 16, 2013 at 7:15

Damodaran

11.1k10 gold badges62 silver badges83 bronze badges

1 Comment

user2998401 Over a year ago

okay, I forgot put single quotes around name field. Thanks, its working now.

elixenide · Accepted Answer · 2013-11-16 07:14:56Z

1

name is a reserved word. Put backticks around it. Also, you need quotes around your name variable (and the id, if it is not an integer).

Your query should look like this:

$query="INSERT INTO myTable (id, `name`) VALUES (".$_SESSION["id"].", '".$_SESSION["name"]."')";

answered Nov 16, 2013 at 7:14

elixenide

44.9k16 gold badges79 silver badges103 bronze badges

3 Comments

Hanky Panky Over a year ago

I don't really think so: dev.mysql.com/doc/refman/5.5/en/reserved-words.html

elixenide Over a year ago

Hmm... You're right. It is formatted like one in MySQL Workbench, so I guess I just assumed it was. I always surround my column names with backticks, anyway, to be safe; I spent many hours debugging a column named desc when I was first starting out...

user2998401 Over a year ago

@EdCottrell - sorry, I was using ename field and in questions I put name field.

Osama Jetawe · Accepted Answer · 2013-11-16 07:14:47Z

0

use this

$query="INSERT INTO myTable (id, name) VALUES ({$_SESSION["id"]},'{$_SESSION["name"]}');";

answered Nov 16, 2013 at 7:14

Osama Jetawe

2,7057 gold badges27 silver badges45 bronze badges

Collectives™ on Stack Overflow

INSERT Query Syntax Error in PHP and MySQL

5 Answers 5

Comments

Comments

1 Comment

3 Comments

Comments

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

5 Answers 5

Comments

Comments

1 Comment

3 Comments

Comments

Your Answer

Sign up or log in

Post as a guest

Related