Home/ Questions/Q 8076489
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-05T15:16:15+00:00

I encounter error like this in my sql in running my program, How can

  • 0

I encounter error like this in my sql in running my program, How can I resol this error?

Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘s’, ‘s’, ‘s’,’s’,’s’,’s’,’s’, ‘s’)’ at line 3

This is the syntax I used.

<?php 
    include('config.php');
    ERROR_REPORTING("E_ALL");
?>
<html xmlns="http://www.w3.org/1999/xhtml">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <meta http-equiv="Content-type" content="text/html; charset=utf-8" />
    <title>AVAYA</title>
    <link rel="stylesheet" href="css/style.css" type="text/css" media="screen" />

</head>
<body>
<div id="page" class="shell">
<div id="mainWrapper"> 
<div id="top">
        <div class="cl">&nbsp;</div>
        <h1><img src="css/images/dtsi-logo.jpg"></h1>
        <div class="cl">&nbsp;</div>
<div>
<?php include_once("template_header.php");?>
</div>

    </div>

<?php
$host="localhost"; // Host name 
$username="<myusername>"; // Mysql username 
$password="<mypassword>"; // Mysql password 
$db_name="inventory"; // Database name 
$tbl_name="avaya_pabx"; // Table name

mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");


$con = mysql_connect("localhost","root","");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }
mysql_select_db("inventory", $con);


$addavaya="INSERT INTO avaya_pabx
(item_no, critical_spare_id, serial_no, comcode, version, circuit_pack, classification, location, availability)
VALUES ('". $_POST['item_no'] . ", '". $_POST['critical_spare_id'] . "', '" . $_POST['serial_no']. "', '". $_POST['comcode'] . "','". $_POST['version'] . "','". $_POST['circuit_pack'] . "','". $_POST['classification'] . "','". $_POST['location'] . "', '". $_POST['availability'] . "')";


$result = mysql_query($addavaya,$con);

if (!$result) 
  {
  die('Error: ' . mysql_error());
  }
echo "1 record added";

mysql_close($con);

?>

<br /><a href='avayatable.php'><input type=button class='classname' value='Back'></a>

<?php include_once("template_footer.php");?>
</div>
<br />

</div>
</body>
</html>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Hello SQL injection …

    Try to use the PDO instead of this approach

    http://php.net/manual/en/book.pdo.php

    However, the solution for your problem is that the first variable in your values must be like this

     VALUES ('". $_POST['item_no'] . "',
    • 0