I seems to have a sytax error within my code but cannot see why

I seems to have a sytax error within my code but cannot see why.

the line in question is here:

mysqli_query($db,"INSERT INTO `horses` (`ParentID`,`Date`,`Track`,`Runners`, `Going`, `Distance`,`Class`,`Place`,`Losing_Dist`,`Stall`,`Horse`,`Weight`,`Trainer`,`Odds`,`Oddsmovement`,`Jockeys_Claim`,`Comments`,`Race_Name` )VALUES  ('$id ',' $Thedate','$thecourse','$noinrace','$going','$distance','$class','$place','$distance_bt','$stall','$horse','$weight','$thetrainer','$odds','$oddsmovement','$thejockey','$comments','$event')")or die(mysqli_error($db));
And the full error i get is here

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Meara ',' 22/1 ','25/1 < 22/1','D Nolan','',' Royal Marines ' at line 1

The line in which it says is near is this: '$thetrainer','$odds','$oddsmovement','$thejockey'

the database is set so all fields are varchat(250) aparent from parent id and id which are int

any further information please let me know
runnerjp2005Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

GaryCommented:
Looks fine except for the space here
'$id ',

And Meara which appears to be the first value doesn't look like a ParentID to me - are your sure its not meant to be a number?
runnerjp2005Author Commented:
Meara is actually the value of Trainer or $thetrainer
GaryCommented:
Seperate the sql and put in a variable then print it out before you you try and execute it.
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

Brian TaoSenior Business Solutions ConsultantCommented:
Can you post the resulted SQL string? The error may have come from the variables prior to $thetrainer.  To get the string, change your code to:
$sqlstr = "INSERT INTO `horses` (`ParentID`,`Date`,`Track`,`Runners`, `Going`, `Distance`,`Class`,`Place`,`Losing_Dist`,`Stall`,`Horse`,`Weight`,`Trainer`,`Odds`,`Oddsmovement`,`Jockeys_Claim`,`Comments`,`Race_Name` )VALUES  ('$id ',' $Thedate','$thecourse','$noinrace','$going','$distance','$class','$place','$distance_bt','$stall','$horse','$weight','$thetrainer','$odds','$oddsmovement','$thejockey','$comments','$event')";
echo $sqlstr . "<br>\n";
mysqli_query($db, $sqlstr)or die(mysqli_error($db));

Open in new window


A small tip: I usually do so (make the SQL string a variable and use it in mysqli_query) to make it easier for debugging.  After everything works, then you can comment out the line for echo.
Ray PaseurCommented:
Maybe the error is not in your code, but instead is in the data?  Did you escape all of the variables before using them in the query string?  If not, learn about this function:
http://php.net/manual/en/mysqli.real-escape-string.php

And don't use die() - you can't trap it in an error handler.  Use trigger_error() instead.

This is a good way to write the query, run it and test for success.
$sql 
=
"
INSERT INTO `horses` 
( `ParentID`
, `Date`
, `Track`
, `Runners`
, `Going`
, `Distance`
, `Class`
, `Place`
, `Losing_Dist`
, `Stall`
, `Horse`
, `Weight`
, `Trainer`
, `Odds`
, `Oddsmovement`
, `Jockeys_Claim`
, `Comments`
, `Race_Name` 
)
VALUES
( '$id'
, '$Thedate'
, '$thecourse'
, '$noinrace'
, '$going'
, '$distance'
, '$class'
, '$place'
, '$distance_bt'
, '$stall'
, '$horse'
, '$weight'
, '$thetrainer'
, '$odds'
, '$oddsmovement'
, '$thejockey'
, '$comments'
, '$event'
)
"
;
$res = mysqli_query($db, $sql);
if (!$res)
{
    echo PHP_EOL . "FAIL: $sql";
    trigger_error(mysqli_error($db), E_USER_ERROR);
}

Open in new window

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
runnerjp2005Author Commented:
ahhhhhh is it due to the ' as its an irish name D O'Meara

what is the best way to deal with this??? i know i need to tighten up my sql but its just for my purpose and wont be public,,,, and a can escape string it but i would rather keep it
Ray PaseurCommented:
"This function is used to create a legal SQL string that you can use in an SQL statement. The given string is encoded to an escaped SQL string, taking into account the current character set of the connection.

"Characters encoded are NUL (ASCII 0), \n, \r, \, ', ", and Control-Z."

The function should be used on ALL data strings that are put into the query string.  It should also be used on all data strings that are retrieved from the data base and put back into the database.  It will not hurt your data; it will simply allow the database to store those special-meaning characters.

You may also want to take note of "magic quotes," which is mostly gone from PHP installations now, but which caused a lot of programmers to think that it was unnecessary to escape the data.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_6630-Magic-Quotes-a-bad-idea-from-day-one.html
runnerjp2005Author Commented:
am i doing something wrong here as i get the error: Fatal error: Call to a member function real_escape_string() on a non-object

 
$thejockey =  $grabthejockey->item(0)->textContent;
$thejockey = 	$mysqli->real_escape_string($thejockey); 	

Open in new window

GaryCommented:
When you create the db connection what name are you using? That is what you use

$my_db_connection_name->real_escape_string($thejockey);
Ray PaseurCommented:
It's probably a good idea to avoid mixing the procedural and object-oriented methods; choose one or the other and stick with it.  Just a thought.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.