Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Options

What's wrong with this SQL query?

edited June 2006 in Vanilla 1.0 Help
INSERT INTO `users` (`username`,`fullname`,`address`,`email`,`phone`,`contact`,`domain`,`notes`) VALUES (mysql_real_escape_string(username),mysql_real_escape_string(fullname),mysql_real_escape_string(address),email@email.com,mysql_real_escape_string(contact),Phone,mysql_real_escape_string(domain),mysql_real_escape_string(notes))

gives the error:
#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '(username),mysql_real_escape_string(fullname),mysql_real_escape_string(address),' at line 1

Any clues? I cant see anything obvious but I suck at sql and a fresh pair of eyes sometimes helps.

Comments

  • Options
    edited June 2006
    What are username, fullname, etc? Variables? Is this part of a Stored Procedure?
  • Options
    ithcyithcy New
    edited June 2006
    are you wanting to use the mysql_real_escape_string function that's built into mysql5, or the php function?
    if you are using the mysql5 function, i don't think you're passing it enough parameters... check the docs

    if you want the php function, you need to put it outside the quotes.
  • Options
    lechlech Chicagoland
    you're also missing the ending ';'
  • Options
    It was encased in "" and that had a ; on the end but cheers. I took the mysql_real_escape_string's out and put them in as a php function instead. Working now.

    Thanks guys :)
This discussion has been closed.