Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

PHP INSERT Query Statement Issue...

Posted on 2012-03-22
7
Medium Priority
?
382 Views
Last Modified: 2012-03-22
I am getting an error message when trying to insert data into my database using the INSERT query that reads:
"There was an error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' 320, 'Testing', 0, 'Lorem ipsum dolor sit amet, consectetur adipiscing elit. Na' at line 1"

The following is the statement I am using...
<?php
	if(isset($_POST['subticket'])) {
		$postsub = str_replace("'", "&#8217;", $_POST["sub"]);
		$postname = str_replace("'", "&#8217;", $_POST["fname"]);
		$postemail = str_replace("'", "&#8217;", $_POST["email"]);
		$postexten = $_POST['extension'];
		$postissue = str_replace("'", "&#8217;", $_POST["desc"]);
		$postinfo = str_replace("'", "&#8217;", $_POST["exinfo"]);
		
		if ($postsub != "" && $postname != "" && $postemail != "" && $postexten != "" && $postissue != "" && $postinfo != "") {
			$insert_query = "INSERT INTO kbticket (uid, extension, sub, level, issue, exinfo, stat) VALUES (" . $_POST['uid'] . ", $postexten, '$postsub', " . $_POST['level'] . ", '$postissue', '$postinfo', " . $_POST['stat'] . ")";
			$insert_result = mysql_query($insert_query, $connection);
			if ($insert_result) {
			$hdaddsuccess = 1;	
			
			$to = "helpdesk@norrishomefurnishings.com, " . $postemail;
			$from = "helpdesk@norrishomefurnishings.com";
			$hdemail_query = "SELECT * FROM hdticket ORDER BY id DESC LIMIT 1";
			$hdemail_result = mysql_query($hdemail_query, $connection);
			while ($hdemail = mysql_fetch_array($hdemail_result)) {
			$subject = "Helpdesk Ticket #" . $hdemail['id'] . " Updated: " . $hdemail['sub'] . "";
			$message = "<strong>PLEASE SAVE THIS INFORMATION UNTIL YOUR TICKET HAS BEEN SUCCESSFULLY CLOSED!</strong><br /><strong>ID: </strong>" . $hdemail['id'] . "<br /><strong>FULL NAME: </strong>" . $postname . "<br /><strong>EMAIL: </strong>" . $postemail . "<br /><strong>EXTENSION: </strong>" . $postext . "<br /><br /><strong>MESSAGE: </strong>" . $postissue . "<br /><br /><strong>EXTRA INFO: </strong>" . $postinfo;
			}
			$headers = "From: Norris Portal Help Desk <helpdesk@norrishomefurnishings.com>\r\n";
			$headers .= "Reply-To: ". strip_tags($from) . "\r\n";
			$headers .= "CC: anegron@norrishomefurnishings.com\r\n";
			$headers .= "MIME-Version: 1.0\r\n";
			$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
			
				if ($from != "" && $to != "" && $subject != "" && $message != "") {
					if (mail($to, $subject, $message, $headers)) {
						$mailsuccess = 1;
					} else {
						$mailfail = 1; die("There was an error: " . mysql_error());
					}
				} else {
					$mailfail = 1; die("There was an error: " . mysql_error());
				}
			
			} else {
			$hdaddfail = 1;	die("There was an error: " . mysql_error());
			}
		}
		
	}
?>

Open in new window


Your help in this matter is extremely appreciated. Thank you in advance!
0
Comment
Question by:Rumbananas
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 

Author Comment

by:Rumbananas
ID: 37754541
This issue starts at around line 11...
0
 
LVL 17

Expert Comment

by:bigeven2002
ID: 37754673
Hello,

What is your datatype for the extension and stat fields?  I noticed they do not have quotes around them on the INSERT statement so I assume it is a numeric datatype?
0
 

Author Comment

by:Rumbananas
ID: 37754721
The Query is getting hung up on the 'extension' field is set up as an integer in the database, as well as the 'stat' field. The extension '320' is supposed to be a phone extension, and the 'stat' field is drawing data from the form using the select field with numerical values.
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 60

Expert Comment

by:HainKurt
ID: 37754724
put an echo after line 11

echo $insert_query

and post the value
0
 
LVL 60

Accepted Solution

by:
HainKurt earned 2000 total points
ID: 37754732
or try to put ' everywhere :)

$insert_query = "INSERT INTO kbticket (uid, extension, sub, level, issue, exinfo, stat) VALUES ('" . $_POST['uid'] . "', '$postexten', '$postsub', '" . $_POST['level'] . "', '$postissue', '$postinfo', '" . $_POST['stat'] . "')";
0
 
LVL 17

Expert Comment

by:bigeven2002
ID: 37754784
Like Hain said, you can try quoting all of them, or just use proper concatenation.
$insert_query = "INSERT INTO kbticket (uid, extension, sub, level, issue, exinfo, stat) VALUES (".$_POST['uid'].",".$postexten.",'".$postsub."','". $_POST['level']."','".$postissue."', '".$postinfo."', ".$_POST['stat'].")";

Open in new window

0
 

Author Closing Comment

by:Rumbananas
ID: 37754866
Thank you so much, I have no idea why I didn't think of it, but it did and I can't be more grateful!
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick Powershell script I wrote to find old program installations and check versions of a specific file across the network.
In this blog post, we’ll look at how ClickHouse performs in a general analytical workload using the star schema benchmark test.
Learn the basics of modules and packages in Python. Every Python file is a module, ending in the suffix: .py: Modules are a collection of functions and variables.: Packages are a collection of modules.: Module functions and variables are accessed us…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
Suggested Courses

597 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question