Welcome Guest, Not a member yet? Register   Sign In
Error with MySQL query (insert)
#1

[eluser]EdgeTube[/eluser]
Hi there,

Here's my code:
Code:
$this->db->query("INSERT INTO orders (number, description, status, note, location, email, firstname, lastname, address) VALUES
    ('{$password}', '{$_POST['description']}', '{$_POST['status']}', '{$_POST['note']}', '{$_POST['location']}, '{$_POST['email']}', '{$_POST['firstname']}',
    '{$_POST['lastname']}', '{$_POST['address']}')");

Now I don't see what is the error with this code, but I am receiving this error:

Quote:Error Number: 1064

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ...

Any ideas on how to fix this issue?

Thanks!
#2

[eluser]ram4nd[/eluser]
use active record or get rid of double quotes(I don't think you can put post in your variable, why the hell people keep putting variables in string anyway, takes longer to parse)
#3

[eluser]WanWizard[/eluser]
Not only that, it's also very insecure to use your POST variables directly in a query.
#4

[eluser]EdgeTube[/eluser]
Haha thanks. I'm still a bit new to working with MySQL, and even Codeigniter for that matter. Active record looks good, and thanks for letting me know about that.




Theme © iAndrew 2016 - Forum software by © MyBB