Menu
// write student record
$query = "INSERT INTO Student (SLastName, SFirstName, SeMail, SGrade, SPhone, SCell, SLunch)".
" VALUES ($LastName, $FirstName, $email, $grade, $phone, $cell, $lunch)";
echo $query . '<br />';
$result = mysql_query($query);
if (!$result)
die("Error inserting Student record: ". mysql_error());
INSERT INTO Student (SLastName, SFirstName, SeMail, SGrade, SPhone, SCell, SLunch)
VALUES (Weiner, Wendy, [email protected], 12, 2123334444, 8458765555, 5)
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@gmail.com, 12, 2123334444, 8458765555, 5)' at line 1
Server version: 5.0.91-community
550
Shouldn't that be
INSERT INTO Student (SLastName, SFirstName, SeMail, SGrade, SPhone, SCell, SLunch)
VALUES (Weiner, Wendy, '[email protected]', 12, 2123334444, 8458765555, 5)
i. e. with the email address in quotes?
167
You are inviting a visit from little Bobby Tables by using user-supplied data unescaped in a SQL query.
Either use mysql_real_escape_string to defang the input, or use PDO to do it better.
21
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
