I am trying to send data to my database, but I get an error:
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘long,avbal,annual2,namebank,bankrupt,unpaid,summy) VALUES (”,”,”,”,”,”,” at line 1
When I delete the affected fields and the values stated above, the information will be posted accordingly. I don’t know what causes this.
CODE:
$sql="INSERT INTO client (first,middle,last,dob,ssn,streetad,city,state,zip,malayct,nomalay,phone,ownership,annual,worth,bizname,taxid,staddress,city2,state2,zip2,mail,bizphone,bizfax,email,contact,bizst,otherbizst,bizdisp,formation,establish,loantype,paytype,loanpurpose,availcolat,othercolat,pribank,long,avbal,annual2,namebank,bankrupt,unpaid,summy)
VALUES
('$_POST[name1]','$_POST[name2]','$_POST[name3]','$_POST[name4]','$_POST[name5]','$_POST[name6]','$_POST[name7]','$_POST[name8]','$_POST[name9]','$_POST[name10]','$_POST[name11]','$_POST[name12]','$_POST[name13]','$_POST[name14]','$_POST[name15]','$_POST[name16]','$_POST[name17]','$_POST[name18]','$_POST[name19]','$_POST[name20]','$_POST[name21]','$_POST[name22]','$_POST[name23]','$_POST[name24]','$_POST[name25]','$_POST[name26]','$_POST[name27]','$_POST[name28]','$_POST[name29]','$_POST[name30]','$_POST[name31]','$_POST[name32]','$_POST[name33]','$_POST[name34]','$_POST[name35]','$_POST[name36]','$_POST[name37]','$_POST[name38]','$_POST[name39]','$_POST[name40]','$_POST[name41]','$_POST[name42]','$_POST[name43]','$_POST[name44]')";
Your immediate problem is that
longis a reserved word.You need to wrap it in backticks, eg
See http://dev.mysql.com/doc/refman/5.0/en/identifiers.html
This says nothing for the security of your application. I strongly suggest you read up on PDO,
PDO::prepare()andPDOStatement::bindParam()