PHP INSERT Query Statement Issue...

I am getting an error message when trying to insert data into my database using the INSERT query that reads:
"There was an error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' 320, 'Testing', 0, 'Lorem ipsum dolor sit amet, consectetur adipiscing elit. Na' at line 1"

The following is the statement I am using...
<?php
	if(isset($_POST['subticket'])) {
		$postsub = str_replace("'", "&#8217;", $_POST["sub"]);
		$postname = str_replace("'", "&#8217;", $_POST["fname"]);
		$postemail = str_replace("'", "&#8217;", $_POST["email"]);
		$postexten = $_POST['extension'];
		$postissue = str_replace("'", "&#8217;", $_POST["desc"]);
		$postinfo = str_replace("'", "&#8217;", $_POST["exinfo"]);
		
		if ($postsub != "" && $postname != "" && $postemail != "" && $postexten != "" && $postissue != "" && $postinfo != "") {
			$insert_query = "INSERT INTO kbticket (uid, extension, sub, level, issue, exinfo, stat) VALUES (" . $_POST['uid'] . ", $postexten, '$postsub', " . $_POST['level'] . ", '$postissue', '$postinfo', " . $_POST['stat'] . ")";
			$insert_result = mysql_query($insert_query, $connection);
			if ($insert_result) {
			$hdaddsuccess = 1;	
			
			$to = "helpdesk@norrishomefurnishings.com, " . $postemail;
			$from = "helpdesk@norrishomefurnishings.com";
			$hdemail_query = "SELECT * FROM hdticket ORDER BY id DESC LIMIT 1";
			$hdemail_result = mysql_query($hdemail_query, $connection);
			while ($hdemail = mysql_fetch_array($hdemail_result)) {
			$subject = "Helpdesk Ticket #" . $hdemail['id'] . " Updated: " . $hdemail['sub'] . "";
			$message = "<strong>PLEASE SAVE THIS INFORMATION UNTIL YOUR TICKET HAS BEEN SUCCESSFULLY CLOSED!</strong><br /><strong>ID: </strong>" . $hdemail['id'] . "<br /><strong>FULL NAME: </strong>" . $postname . "<br /><strong>EMAIL: </strong>" . $postemail . "<br /><strong>EXTENSION: </strong>" . $postext . "<br /><br /><strong>MESSAGE: </strong>" . $postissue . "<br /><br /><strong>EXTRA INFO: </strong>" . $postinfo;
			}
			$headers = "From: Norris Portal Help Desk <helpdesk@norrishomefurnishings.com>\r\n";
			$headers .= "Reply-To: ". strip_tags($from) . "\r\n";
			$headers .= "CC: anegron@norrishomefurnishings.com\r\n";
			$headers .= "MIME-Version: 1.0\r\n";
			$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
			
				if ($from != "" && $to != "" && $subject != "" && $message != "") {
					if (mail($to, $subject, $message, $headers)) {
						$mailsuccess = 1;
					} else {
						$mailfail = 1; die("There was an error: " . mysql_error());
					}
				} else {
					$mailfail = 1; die("There was an error: " . mysql_error());
				}
			
			} else {
			$hdaddfail = 1;	die("There was an error: " . mysql_error());
			}
		}
		
	}
?>

Open in new window


Your help in this matter is extremely appreciated. Thank you in advance!
RumbananasAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

RumbananasAuthor Commented:
This issue starts at around line 11...
bigeven2002Commented:
Hello,

What is your datatype for the extension and stat fields?  I noticed they do not have quotes around them on the INSERT statement so I assume it is a numeric datatype?
RumbananasAuthor Commented:
The Query is getting hung up on the 'extension' field is set up as an integer in the database, as well as the 'stat' field. The extension '320' is supposed to be a phone extension, and the 'stat' field is drawing data from the form using the select field with numerical values.
Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

HainKurtSr. System AnalystCommented:
put an echo after line 11

echo $insert_query

and post the value
HainKurtSr. System AnalystCommented:
or try to put ' everywhere :)

$insert_query = "INSERT INTO kbticket (uid, extension, sub, level, issue, exinfo, stat) VALUES ('" . $_POST['uid'] . "', '$postexten', '$postsub', '" . $_POST['level'] . "', '$postissue', '$postinfo', '" . $_POST['stat'] . "')";

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
bigeven2002Commented:
Like Hain said, you can try quoting all of them, or just use proper concatenation.
$insert_query = "INSERT INTO kbticket (uid, extension, sub, level, issue, exinfo, stat) VALUES (".$_POST['uid'].",".$postexten.",'".$postsub."','". $_POST['level']."','".$postissue."', '".$postinfo."', ".$_POST['stat'].")";

Open in new window

RumbananasAuthor Commented:
Thank you so much, I have no idea why I didn't think of it, but it did and I can't be more grateful!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
MySQL Server

From novice to tech pro — start learning today.