Mysql Query is not working in edited jTable code, why?

Question

I'm using this example: www.jtable.org

I've downloaded the jTable PHP version. I then edited the script. The jTable simple version is working, but my edited version isn't.

I can create a list, but I can't add a row; this code is causing problems. However, PHP doesn't display any error messages.

else if($_GET["action"] == "create")
{
    //Insert record into database
    $result = mysql_query("INSERT INTO veriler(bolge, sehir, firma, adres, tel, web) VALUES('" . $_POST["bolge"] . "', '" . $_POST["sehir"] . "', '" . $_POST["firma"] . "', '" . $_POST["adres"] . "', '" . $_POST["tel"] . "', '" . $_POST["web"] . "'");

    //Get last inserted record (to return to jTable)
    $result = mysql_query("SELECT * FROM veriler WHERE id = LAST_INSERT_ID();");
    $row = mysql_fetch_array($result);


    //Return result to jTable
    $jTableResult = array();
    $jTableResult['Result'] = "OK";
    $jTableResult['Record'] = $row;

    print json_encode($jTableResult);
}

What is the problem?

Answer 1

In this line, there is a problem:

$result = mysql_query("INSERT INTO veriler(bolge, sehir, firma, adres, tel, web) VALUES('" . $_POST["bolge"] . "', '" . $_POST["sehir"] . "', '" . $_POST["firma"] . "', '" . $_POST["adres"] . "', '" . $_POST["tel"] . "', '" . $_POST["web"] . "'");

The format for the INSERT query is:

INSERT INTO table (column1, column2, etc) VALUES (value1, value2, etc);

You missed a closing parenthesis for the VALUES part.

To improve your code, you can do something like this:

$result = mysql_query("YOUR QUERY") or die('ERROR: '.mysql_error());

And please read on SQL Injection.