MySQL PHP Code Error

Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING

I know I am missing something minor here and wondered if anyone could help.

Thanks.
if(!empty($_POST['name'])){
$sql = "INSERT INTO business Service_Area, Category, Name, Description, Addresss1, Addresss2, City, State, Zipcode, Contact, Phone, Cellular, Fax, Email, Website, Logo, Info, Salespreson, Listing VALUES '$_POST['selarea']', '$_POST['selcat']', '$_POST['name']', '$_POST['description']', '$_POST['address1']','$_POST['address2']', '$_POST['city']', '$_POST['state']', '$_POST['zipcode']', '$_POST['contact']', '$_POST['Phone']', '$_POST['cellular']', '$_POST['fax']', '$_POST['email']', '$_POST['website']', '$_POST['logo']', '$_POST['info']', '$_POST['seller']', '$_POST['date']'";}
else{
 // in any other case
}

Open in new window

tech-Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Greg AlexanderLead DeveloperCommented:
Try this
if(!empty($_POST['name'])){
$sql = "INSERT INTO business (Service_Area, Category, Name, Description, Addresss1, Addresss2, City, State, Zipcode, Contact, Phone, Cellular, Fax, Email, Website, Logo, Info, Salespreson, Listing) VALUES ('$_POST['selarea']', '$_POST['selcat']', '$_POST['name']', '$_POST['description']', '$_POST['address1']','$_POST['address2']', '$_POST['city']', '$_POST['state']', '$_POST['zipcode']', '$_POST['contact']', '$_POST['Phone']', '$_POST['cellular']', '$_POST['fax']', '$_POST['email']', '$_POST['website']', '$_POST['logo']', '$_POST['info']', '$_POST['seller']', '$_POST['date']')";}
else{
 // in any other case
}

Open in new window

tech-Author Commented:
same error....
elliottwebsitesCommented:
Using: '$_POST['zipcode']'
Can't use the ' in both cases.
I would use sprintf instead.
Example:
$sql = sprintf("INSERT INTO table (col1, col2, col3) VALUES ('%s', '%s', '%s')", mysql_real_escape_string($_POST['col1']), mysql_real_escape_string($_POST['col2']), mysql_real_escape_string($_POST['col2']));
mysql_query($sql) or die(mysql_error());

Open in new window


Always clean input with mysql_real_escape_string before inserting into database.
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

Greg AlexanderLead DeveloperCommented:
Actually your post are called wrong too
<?
if(!empty($_POST['name'])){
$sql = "INSERT INTO business ('Service_Area', 'Category', 'Name', 'Description', 'Addresss1', 'Addresss2', 'City', 'State', 'Zipcode', 'Contact', 'Phone', 'Cellular', 'Fax', 'Email', 'Website', 'Logo', 'Info', 'Salespreson', 'Listing') VALUES ('".$_POST['selarea']."', '".$_POST['selcat']."', '".$_POST['name']."', '".$_POST['description']."', '".$_POST['address1']."','".$_POST['address2']."', '".$_POST['city']."', '".$_POST['state']."', '".$_POST['zipcode']."', '".$_POST['contact']."', '".$_POST['Phone']."', '".$_POST['cellular']."', '".$_POST['fax']."', '".$_POST['email']."', '".$_POST['website']."', '".$_POST['logo']."', '".$_POST['info']."', '".$_POST['seller']."', '".$_POST['date']."'')";}
else{
 // in any other case
}
?>

Open in new window

Greg AlexanderLead DeveloperCommented:
LOL, sorry try the attached
<?
if(!empty($_POST['name'])){
$sql = "INSERT INTO business ('Service_Area', 'Category', 'Name', 'Description', 'Addresss1', 'Addresss2', 'City', 'State', 'Zipcode', 'Contact', 'Phone', 'Cellular', 'Fax', 'Email', 'Website', 'Logo', 'Info', 'Salespreson', 'Listing') VALUES ('".$_POST['selarea']."', '".$_POST['selcat']."', '".$_POST['name']."', '".$_POST['description']."', '".$_POST['address1']."','".$_POST['address2']."', '".$_POST['city']."', '".$_POST['state']."', '".$_POST['zipcode']."', '".$_POST['contact']."', '".$_POST['Phone']."', '".$_POST['cellular']."', '".$_POST['fax']."', '".$_POST['email']."', '".$_POST['website']."', '".$_POST['logo']."', '".$_POST['info']."', '".$_POST['seller']."', '".$_POST['date']."')";}
else{
 // in any other case
}
?>

Open in new window

tech-Author Commented:
galexander07:

ok, that error is gone... now im getting

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''Service_Area', 'Category', 'Name', 'Description', 'Addresss1', 'Addresss2', 'Ci' at line 1
elliottwebsitesCommented:
Are all the fields the same as your database?
Did you mean "address1" and "address2" instead of "addresss1" and "addresss2"?
tech-Author Commented:
I do have a first field called KEY that im not inserting....   adressss is correct...
elliottwebsitesCommented:
KEY is an auto-increment field OR is allowed as null?
Could you dump the SQL file for the business table?
Greg AlexanderLead DeveloperCommented:
Drop the tics around the table names and that should work :) sorry the cut and paste converted ` the ' for some reason
INSERT INTO business (Service_Area, Category, Name, Description, Addresss1, Addresss2, City, State, Zipcode, Contact, Phone, Cellular, Fax, Email, Website, Logo, Info, Salespreson, Listing) VALUES ('', '', '', '', '','', '', '', '', '', '', '', '', '', '', '', '', '', '')

Open in new window

Greg AlexanderLead DeveloperCommented:
Top put it in your example:
if(!empty($_POST['name'])){
$sql = "INSERT INTO business (Service_Area, Category, Name, Description, Addresss1, Addresss2, City, State, Zipcode, Contact, Phone, Cellular, Fax, Email, Website, Logo, Info, Salespreson, Listing) VALUES ('".$_POST['selarea']."', '".$_POST['selcat']."', '".$_POST['name']."', '".$_POST['description']."', '".$_POST['address1']."','".$_POST['address2']."', '".$_POST['city']."', '".$_POST['state']."', '".$_POST['zipcode']."', '".$_POST['contact']."', '".$_POST['Phone']."', '".$_POST['cellular']."', '".$_POST['fax']."', '".$_POST['email']."', '".$_POST['website']."', '".$_POST['logo']."', '".$_POST['info']."', '".$_POST['seller']."', '".$_POST['date']."')";
}else{
 // in any other case
}

Open in new window

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
arnoldCommented:
The column names would use the ` rather than the ' as far a quotes.
I am going on the presumption that you are listing all the columns in the insert at which point
insert into business values () is sufficient.

Using the combination of prior commenters in the attached fixed.
<?
if(!empty($_POST['name'])){
$sql = "INSERT INTO business (Service_Area, Category, Name, Description, Address1, Address2, City, State, Zipcode, Contact, Phone, Cellular, Fax, Email, Website, Logo, Info, Salespreson, 'Listing') 
VALUES 
('".
mysql_real_escape_string($_POST['selarea'])
."', '".
mysql_real_escape_string($_POST['selcat'])
."', '".
mysql_real_escape_string($_POST['name'])
."', '".
mysql_real_escape_string($_POST['description'])
."', '".
mysql_real_escape_string($_POST['address1'])
."','".
mysql_real_escape_string($_POST['address2'])
."', '".
mysql_real_escape_string($_POST['city'])
."', '".
mysql_real_escape_string($_POST['state'])
."', '".
mysql_real_escape_string($_POST['zipcode'])
."', '".
mysql_real_escape_string($_POST['contact'])
."', '".
mysql_real_escape_string($_POST['Phone'])
."', '".
mysql_real_escape_string($_POST['cellular'])
."', '".
mysql_real_escape_string($_POST['fax'])
."', '".
mysql_real_escape_string($_POST['email'])
."', '".
mysql_real_escape_string($_POST['website'])
."', '".
mysql_real_escape_string($_POST['logo'])
."', '".
mysql_real_escape_string($_POST['info'])
."', '".
mysql_real_escape_string($_POST['seller'])
."', '".
mysql_real_escape_string($_POST['date'])
."')";
}
else{
 // in any other case
}
?>

Open in new window

tech-Author Commented:
galexander07:

I think youkr last entry did it... let me check a few things....  be back shortly.  THANK YOU!!!!
tech-Author Commented:
Perfection!   Thanks
arnoldCommented:
As the comment http:#35363131 by elliottwebsites points out you should use:
mysql_real_escape_string to enclose $_POST to avoid SQL injection issues that allow those accessing your site from messing with your data as well as potentially gaining access to your system.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.