Click here to Skip to main content
15,895,011 members
Search within:


Reason behind this error?
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
PHP
 
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'll find a job description example for most common jobs. Starting with a sampl' at line 1


What I have tried:

$photo=$_REQUEST["imagename"];
$email_id=$_REQUEST["email"];
$jtitle=$_REQUEST["jtitle"];
$loc=$_REQUEST["loc"];
$region=$_REQUEST["region"];
$jtype=$_REQUEST["jtype"];
$des=$_REQUEST["des"];
//$cdate = $_REQUEST["date"];
//echo''.$cdate;
$date = date('Y-m-d');
$c =new mySqli("localhost","root","","rjobs");
$sql="insert into post_job_db value('$date','$photo','$email_id','$jtitle','$loc','$region','$jtype','$des')";
if($c->query($sql)==TRUE)
{
echo "Record inserted<script>window.location.assign('home.php');</script>";
}
else
{
echo mysqli_error($c);
//echo "sorry<script>window.location.assign('post_job.php');</script>";
}
$c->close();
Posted
Updated 14-Oct-20 22:24pm
Add a Solution

3 solutions

The reason for the error is simple: you have an error in your SQL syntax. Most likely because you've used value instead of values in your insert statement.

But you have a bigger problem: Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation / interpolation to build a SQL query. ALWAYS use a parameterized query.

PHP: SQL Injection - Manual[^]
 
Share this answer
 
Posted
Quote:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'll find a job description example for most common jobs. Starting with a sampl' at line 1

Because of the way you build the query, its syntax depend on the contain of variables used to built it, we have no way to know what is wrong.
For debugging purpose, add
PHP
echo $sql;

in your code to know what is the exact query.

Never build an SQL query by concatenating strings. Sooner or later, you will do it with user inputs, and this opens door to a vulnerability named "SQL injection", it is dangerous for your database and error prone.
A single quote in a name and your program crash. If a user input a name like "Brian O'Conner" can crash your app, it is an SQL injection vulnerability, and the crash is the least of the problems, a malicious user input and it is promoted to SQL commands with all credentials.
SQL injection - Wikipedia[^]
SQL Injection[^]
SQL Injection Attacks by Example[^]
PHP: SQL Injection - Manual[^]
SQL Injection Prevention Cheat Sheet - OWASP[^]
How can I explain SQL injection without technical jargon? - Information Security Stack Exchange[^]
 
Share this answer
 
Posted
Patrice and Richard are correct. If you use parameterized queries, it won't choke on a text field containing an apostrophe, which is what is happening here:

syntax to use near 'll find


I'm assuming that 'll is from I'll or It'll or similar.
 
Share this answer
 
Posted
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
Reason behind error?
I am getting none with font name don't know the valid reason behind it.
Can you explain the reason for the error?
What is the reason behind the below problem?
What the reason of the error ?
I am getting such an error. What would be the reason ?
what is this error reason?
Errors for no reason C++
MFC compilation errors due to windows platform #defines. Struggling to diagnose reason.
Not able to use asp controls on code behind.

Advertise
Privacy
Cookies
Terms of Use
Last Updated 15 Oct 2020
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web02 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900