Blog Documentation Book a Demo
Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

What's wrong with this SQL query?

MinisweeperMinisweeper New
edited June 2006 in Vanilla 1.0 Help
INSERT INTO `users` (`username`,`fullname`,`address`,`email`,`phone`,`contact`,`domain`,`notes`) VALUES (mysql_real_escape_string(username),mysql_real_escape_string(fullname),mysql_real_escape_string(address),email@email.com,mysql_real_escape_string(contact),Phone,mysql_real_escape_string(domain),mysql_real_escape_string(notes))

gives the error:
#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '(username),mysql_real_escape_string(fullname),mysql_real_escape_string(address),' at line 1

Any clues? I cant see anything obvious but I suck at sql and a fresh pair of eyes sometimes helps.

Comments

  • BergamotBergamot
    edited June 2006
    What are username, fullname, etc? Variables? Is this part of a Stored Procedure?
  • ithcyithcy New
    edited June 2006
    are you wanting to use the mysql_real_escape_string function that's built into mysql5, or the php function?
    if you are using the mysql5 function, i don't think you're passing it enough parameters... check the docs

    if you want the php function, you need to put it outside the quotes.
  • lechlech
    you're also missing the ending ';'
  • MinisweeperMinisweeper New
    It was encased in "" and that had a ; on the end but cheers. I took the mysql_real_escape_string's out and put them in as a php function instead. Working now.

    Thanks guys :)
This discussion has been closed.