PHP INSERT Query Statement Issue...

I am getting an error message when trying to insert data into my database using the INSERT query that reads:
"There was an error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' 320, 'Testing', 0, 'Lorem ipsum dolor sit amet, consectetur adipiscing elit. Na' at line 1"

The following is the statement I am using...
<?php
	if(isset($_POST['subticket'])) {
		$postsub = str_replace("'", "&#8217;", $_POST["sub"]);
		$postname = str_replace("'", "&#8217;", $_POST["fname"]);
		$postemail = str_replace("'", "&#8217;", $_POST["email"]);
		$postexten = $_POST['extension'];
		$postissue = str_replace("'", "&#8217;", $_POST["desc"]);
		$postinfo = str_replace("'", "&#8217;", $_POST["exinfo"]);
		
		if ($postsub != "" && $postname != "" && $postemail != "" && $postexten != "" && $postissue != "" && $postinfo != "") {
			$insert_query = "INSERT INTO kbticket (uid, extension, sub, level, issue, exinfo, stat) VALUES (" . $_POST['uid'] . ", $postexten, '$postsub', " . $_POST['level'] . ", '$postissue', '$postinfo', " . $_POST['stat'] . ")";
			$insert_result = mysql_query($insert_query, $connection);
			if ($insert_result) {
			$hdaddsuccess = 1;	
			
			$to = "helpdesk@norrishomefurnishings.com, " . $postemail;
			$from = "helpdesk@norrishomefurnishings.com";
			$hdemail_query = "SELECT * FROM hdticket ORDER BY id DESC LIMIT 1";
			$hdemail_result = mysql_query($hdemail_query, $connection);
			while ($hdemail = mysql_fetch_array($hdemail_result)) {
			$subject = "Helpdesk Ticket #" . $hdemail['id'] . " Updated: " . $hdemail['sub'] . "";
			$message = "<strong>PLEASE SAVE THIS INFORMATION UNTIL YOUR TICKET HAS BEEN SUCCESSFULLY CLOSED!</strong><br /><strong>ID: </strong>" . $hdemail['id'] . "<br /><strong>FULL NAME: </strong>" . $postname . "<br /><strong>EMAIL: </strong>" . $postemail . "<br /><strong>EXTENSION: </strong>" . $postext . "<br /><br /><strong>MESSAGE: </strong>" . $postissue . "<br /><br /><strong>EXTRA INFO: </strong>" . $postinfo;
			}
			$headers = "From: Norris Portal Help Desk <helpdesk@norrishomefurnishings.com>\r\n";
			$headers .= "Reply-To: ". strip_tags($from) . "\r\n";
			$headers .= "CC: anegron@norrishomefurnishings.com\r\n";
			$headers .= "MIME-Version: 1.0\r\n";
			$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
			
				if ($from != "" && $to != "" && $subject != "" && $message != "") {
					if (mail($to, $subject, $message, $headers)) {
						$mailsuccess = 1;
					} else {
						$mailfail = 1; die("There was an error: " . mysql_error());
					}
				} else {
					$mailfail = 1; die("There was an error: " . mysql_error());
				}
			
			} else {
			$hdaddfail = 1;	die("There was an error: " . mysql_error());
			}
		}
		
	}
?>

Open in new window


Your help in this matter is extremely appreciated. Thank you in advance!
RumbananasAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
HainKurtConnect With a Mentor Sr. System AnalystCommented:
or try to put ' everywhere :)

$insert_query = "INSERT INTO kbticket (uid, extension, sub, level, issue, exinfo, stat) VALUES ('" . $_POST['uid'] . "', '$postexten', '$postsub', '" . $_POST['level'] . "', '$postissue', '$postinfo', '" . $_POST['stat'] . "')";
0
 
RumbananasAuthor Commented:
This issue starts at around line 11...
0
 
bigeven2002Commented:
Hello,

What is your datatype for the extension and stat fields?  I noticed they do not have quotes around them on the INSERT statement so I assume it is a numeric datatype?
0
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

 
RumbananasAuthor Commented:
The Query is getting hung up on the 'extension' field is set up as an integer in the database, as well as the 'stat' field. The extension '320' is supposed to be a phone extension, and the 'stat' field is drawing data from the form using the select field with numerical values.
0
 
HainKurtSr. System AnalystCommented:
put an echo after line 11

echo $insert_query

and post the value
0
 
bigeven2002Commented:
Like Hain said, you can try quoting all of them, or just use proper concatenation.
$insert_query = "INSERT INTO kbticket (uid, extension, sub, level, issue, exinfo, stat) VALUES (".$_POST['uid'].",".$postexten.",'".$postsub."','". $_POST['level']."','".$postissue."', '".$postinfo."', ".$_POST['stat'].")";

Open in new window

0
 
RumbananasAuthor Commented:
Thank you so much, I have no idea why I didn't think of it, but it did and I can't be more grateful!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.