Blog Documentation Book a Demo

What's wrong with this SQL query?

MinisweeperMinisweeper New
edited June 2006 in Vanilla 1.0 Help
INSERT INTO `users` (`username`,`fullname`,`address`,`email`,`phone`,`contact`,`domain`,`notes`) VALUES (mysql_real_escape_string(username),mysql_real_escape_string(fullname),mysql_real_escape_string(address),email@email.com,mysql_real_escape_string(contact),Phone,mysql_real_escape_string(domain),mysql_real_escape_string(notes))

gives the error:
#1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '(username),mysql_real_escape_string(fullname),mysql_real_escape_string(address),' at line 1

Any clues? I cant see anything obvious but I suck at sql and a fresh pair of eyes sometimes helps.

Comments

  • BergamotBergamot
    edited June 2006
    What are username, fullname, etc? Variables? Is this part of a Stored Procedure?
  • ithcyithcy New
    edited June 2006
    are you wanting to use the mysql_real_escape_string function that's built into mysql5, or the php function?
    if you are using the mysql5 function, i don't think you're passing it enough parameters... check the docs

    if you want the php function, you need to put it outside the quotes.
  • lechlech
    you're also missing the ending ';'
  • MinisweeperMinisweeper New
    It was encased in "" and that had a ; on the end but cheers. I took the mysql_real_escape_string's out and put them in as a php function instead. Working now.

    Thanks guys :)
This discussion has been closed.