is there a syntax error in my php sql statement

Posted on 2008-10-22
Last Modified: 2013-12-13

i'm using the follwoing code insert data to a table. i'm using odbc connection in ms sql 2005

but the insert statement is failed to exected.

the error is : SQL state 00000 in SQLExecDirect  in line : odbc_exec($dbconnect, $SQL);

i tried both
 odbc_execute ($query, $parameters);
odbc_exec($dbconnect, $SQL);

it's just not working...

could some expert here help me? thank you so much !

$SQL = "INSERT INTO myProject (Project_Title, Time_Location_Group, Subject_Area, Professor_Name,
Professor_Email,Project_Description, Student_Qualifications, Hours, Credits,
Credit_Hours, Status, Affiliation_Centers, Project_Links, Entry_Date) VALUES 
		'{$email}',	'{$projdesc}','{$quals}','{$hours}','{$credits}','{$credithours}',
	'{$status}','{$DPs}','{$websites}', '{$date}')";
/*$parameters = array($projtitle,$projlocation,$subjectarea,$profname,
					$email,	$projdesc,$quals,$hours,$credits,$credithours,
					$status,$DPs,$websites, $date); 
$query=odbc_prepare($dbconnect, $SQL);
odbc_execute ($query, $parameters); */
odbc_exec($dbconnect, $SQL);

Open in new window

Question by:lilyyan
  • 3
  • 2
LVL 82

Assisted Solution

hielo earned 500 total points
ID: 22781057
are you escaping the values in those variables. For example, if one of those values contains an apostrophe then the sql statement will not be valid.
So instead of something like:

you need:
$projtitle= str_replace("'", "''",$_POST['title']);

the same applies for the other variables.
LVL 82

Accepted Solution

hielo earned 500 total points
ID: 22781135
$SQL = sprintf("INSERT INTO myProject (Project_Title, Time_Location_Group, Subject_Area, Professor_Name,Professor_Email,Project_Description, Student_Qualifications, Hours, Credits,Credit_Hours, Status, Affiliation_Centers, Project_Links, Entry_Date) VALUES('%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s')"
odbc_exec($dbconnect, $SQL);

Open in new window


Author Comment

ID: 22781319
well, i tried. it still shows same error: odbc_exec($dbconnect, $SQL);

myhost server has turned the magic_quotes_gpc, so by default, apostrophe will be escaped as \'
so i don't think i should use : str_replace("'","''",$projtitle).

am i right? thank you so much !!
LVL 82

Expert Comment

ID: 22781747
OK, then the other question is, are actually connecting to the db? I don't see where you are setting the $dbconnect variable.

Author Comment

ID: 22785249
thank you for your reply!

about apostrophe sign, should i strip of magic_quotes_gpc and then use str_replace("'","''",$projtitle). ?

the connection is like the following.
//Set up Variables
//connect to MS SQL 2005 Dev
$dbHost = "hostServer"; 
$dbUser = 'clientUser';
$dbPass = 'myPass';
$dsn= 'myDataSource';   //datasources
// Open DB connection
$dbconnect =odbc_connect($dsn, $dbUser, $dbPass, SQL_CUR_USE_ODBC)

Open in new window


Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
PHP error function not working on AWS 10 72
reverse engineer .sql from php files 11 35
Accessing specific element - DOM PHP HTML 8 35
Inserting data into database 10 36
Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question