Parham Doustdar wrote: > Hi there, > Does it differ? I thought when in quotations, variables like that would be > automatically interpreted? > Also, the MySQL is meant to connect to localhost. I had emptied it for > testing purposes. With or without it, I get the same error. > "Jochen Schultz" <jschultz@xxxxxxxxxxxxxx> wrote in message > news:4B25FB8E.3040907@xxxxxxxxxxxxxxxxx > >> Hello Parham, >> >> i think you should change this: >> >> $sql = "INSERT INTO BOOK(bookname, authorsname, ISBN) VALUES >> ('$_POST[bookname]', '$_POST[authorsname]', $_POST[ISBN]')"; >> >> to this: >> >> $sql = "INSERT INTO BOOK(bookname, authorsname, ISBN) VALUES >> ('".$_POST[bookname]."', '".$_POST[authorsname]."', '".$_POST[ISBN]."')"; >> >> >> best regards >> Jochen >> >> >> Parham Doustdar schrieb: >> >>> Hello there, >>> Here's a short PHP script a friend has written, and given to me to test. >>> However, I am getting a MySQL error saying that the syntax error, on the >>> line that contains mysql_connect(); is wrong, near '')' >>> (note that it is not a PHP error, but a MySQL error.) >>> Here's the code: >>> >>> [code] >>> <?php >>> $username = "root"; >>> $password = "abc"; >>> $con = mysql_connect("", $username, $password); >>> mysql_select_db ("test", $con); >>> $sql = "INSERT INTO BOOK(bookname, authorsname, ISBN) VALUES >>> ('$_POST[bookname]', '$_POST[authorsname]', $_POST[ISBN]')"; >>> if (!mysql_query($sql, $con)) >>> { >>> die( 'error: ' . mysql_error()); >>> } >>> echo "1 record added"; >>> mysql_close($con) >>> ?> >>> [/code] >>> >>> >>> >>> > > > Exactly the opposite. Use double quotes for interpolation. Moreover, you would still get an error, as mysql requires text columns to be escaped. Use Jochens code. Also: SQL injection ! --> http://en.wikipedia.org/wiki/SQL_injection HTH, Stijn -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
