php - How to resolve error in my sql manual? -
i encounter error in sql in running program, how can resol error?
error: have error in sql syntax; check manual corresponds mysql server version right syntax use near 's', 's', 's','s','s','s','s', 's')' @ line 3
this syntax used.
<?php include('config.php'); error_reporting("e_all"); ?> <html xmlns="http://www.w3.org/1999/xhtml"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <title>avaya</title> <link rel="stylesheet" href="css/style.css" type="text/css" media="screen" /> </head> <body> <div id="page" class="shell"> <div id="mainwrapper"> <div id="top"> <div class="cl"> </div> <h1><img src="css/images/dtsi-logo.jpg"></h1> <div class="cl"> </div> <div> <?php include_once("template_header.php");?> </div> </div> <?php $host="localhost"; // host name $username="<myusername>"; // mysql username $password="<mypassword>"; // mysql password $db_name="inventory"; // database name $tbl_name="avaya_pabx"; // table name mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select db"); $con = mysql_connect("localhost","root",""); if (!$con) { die('could not connect: ' . mysql_error()); } mysql_select_db("inventory", $con); $addavaya="insert avaya_pabx (item_no, critical_spare_id, serial_no, comcode, version, circuit_pack, classification, location, availability) values ('". $_post['item_no'] . ", '". $_post['critical_spare_id'] . "', '" . $_post['serial_no']. "', '". $_post['comcode'] . "','". $_post['version'] . "','". $_post['circuit_pack'] . "','". $_post['classification'] . "','". $_post['location'] . "', '". $_post['availability'] . "')"; $result = mysql_query($addavaya,$con); if (!$result) { die('error: ' . mysql_error()); } echo "1 record added"; mysql_close($con); ?> <br /><a href='avayatable.php'><input type=button class='classname' value='back'></a> <?php include_once("template_footer.php");?> </div> <br /> </div> </body> </html>
hello sql injection ...
try use pdo instead of approach
http://php.net/manual/en/book.pdo.php
however, solution problem first variable in values must this
values ('". $_post['item_no'] . "',
Comments
Post a Comment